Skip navigation

Santiago Torres Arias

Dr. Torres-Arias's research include binary analysis, cryptography, distributed systems, and security-oriented software engineering. His current research focuses on securing the software development lifecycle, cloud security, and update systems. His approach is to develop industry-grade software designs that are applicable in the short term to solve emerging securtiy threats. To do this, he works extensively with industry to design solutions that protect users in the status quo (that is, without changing current practices). As such, he leverages a wide-array of techniques in a needs-based approach --- from distributed tamper-proof ledgers, through trusted hardware and data-science based approaches. To evidence impact, Dr. Torres-Arias has contributed patches to F/OSS projects on various degrees of scale, including Git, the Linux Kernel, Reproducible Builds, NeoMutt, and the Briar project. He is also a maintainer for Cloud Native Computing Foundation's project The Update Framework (TUF) as well as the lead of the in-toto and Sigstore projects, which have widespread deployment within both industry and open source.


Areas of expertise: Systems and Software Security; Applied Cryptography; Software Supply Chain Security