Ross Smith IV, Meta Platforms
Meta's production infrastructure, which safeguards sensitive data on millions of hosts, relies heavily on the confidentiality of private key material tied to billions of active identity credentials with lifetimes of up to 3 months. These credentials, when improperly stored, are vulnerable to exfiltration by users with root or supervisory access, which can lead to unauthorized access to sensitive data. To address this, we are implementing a multi-faceted approach that includes certificate revocation, IP binding enforcement, the use of delegated credentials, and the integration of Trusted Platform Modules (TPMs) with platform attestation and integrity measurements. These measures aim to prevent credential mobility, reduce credential lifetime, and increase the cost of credential exfiltration. By securing the private keys within TPMs and enforcing IP binding, we ensure that credentials are tied to specific hosts, thereby mitigating the risk of unauthorized use in different environments.
Ross is a Technical Program Manager within Meta's X-Security organization focusing on cryptography. Prior to Meta, Ross worked at Microsoft where he focused on unified endpoint management, mobile apps, and messaging technologies.
