Santiago Torres-Arias

Open Source | Research | Security

About Me


I’m a second-year PhD Student at NYU’s Center for Cyber Security (CCS) under the guidance of Prof. Cappos. Throughout my career, my interests have ranged from binary analysis, cryptography, Operating┬áSystems, and Security-oriented software engineering. My goal is to elucidate software solutions that improve security and privacy for all computer users.

My current research focuses on securing the software development life-cycle. Before that, my research focused on secure password storage mechanisms and update systems. Because of this, I’m the team lead of in-toto, a framework to secure the software development life-cycle, as well as PolyPasswordHasher, a password storage mechanism that’s incredibly resilient to offline password cracking. Also, I’m a contributor for The Update Framework (TUF), which is the software update system being integrated on a variety of projects like Docker, CPAN, and others.

In my free time, I like developing open source software, including mobile applications for education and a custom desktop-background daemon that crawls Reddit/Imgur. I tend towards writing small, yet usable applications on my own and publishing them (usually as proofs of concept) on GitHub. I’m also a member of the Arch Linux CVE monitoring team, and have contributed small patches to other medium to big-sized F/OSS projects. You can read more about the projects I contributed to in my project-list page.

When I’m not coding, I enjoy playing Guitar (I like playing Progressive rock, Jazz and Math-rock) and reading pretty much about anything.