Robert N. M. Watson

welcome

Welcome to my home page! I am Professor of Systems, Security, and Architecture at the University of Cambridge Computer Laboratory in the Security Group, as well as a FreeBSD developer and member of the board of directors of the FreeBSD Foundation.

Having working in industrial research and development for six years (NAI Labs, McAfee Research, and SPARTA), I returned to academia in 2005, and completed a PhD in computer science at the University of Cambridge in 2010. My dissertation was on New approaches to operating system security extensibility. I lead a set of projects relating to hardware-software co-design, operating-system design, and compiler program analysis and transformation. I am now leading a series of research projects in automated software analysis and decomposition for security, revisions to the hardware-software interface for security, and a new project in novel hardware and software designs for secure cloud computing.

You might also be interested in Dr Leigh Denault. Leigh is a College Lecturer at Churchill College Cambridge and an affilitated lecturer at the History Faculty. Mysteriously, we have collaborated on common research projects, including a project on the effects of digitisation on the study of history at the Centre for History and Economics.

in my spare time

FreeBSD

FreeBSD is a freely available operating system based on BSD 4.4Lite from the University of California at Berkeley's Computer Systems Research Group (CSRG). I'm a past member of the FreeBSD Core Team, security officer team, and release engineering team. My areas of work have included the network stack, file systems, and security.

I joined the board of the FreeBSD Foundation as president in 2003; the Foundation sponsors a number of BSD-related conferences, including AsiaBSDCon, EuroBSDCon, and BSDCan, as well as several FreeBSD Developer Summits each year. If you or your company rely on FreeBSD, please consider making a donation to the Foundation to help support the developers and development effort for FreeBSD. Helping to support the developer community by sponsoring developer travel, hardware, conferences, etc, is vital to continuing the highly successful development work of the FreeBSD Project.

I founded the TrustedBSD Project (1999) and OpenBSM Project (2005), which provide trusted operating system and audit extensions on the FreeBSD platform. Significant results of this work have now been integrated into the FreeBSD, NetBSD, OpenBSD, Linux, and Mac OS X operating systems, as well as many commercial products.

Boardwatch Magazine published an interview in which I described the TrustedBSD Project, and it makes for a decent introduction. In 2006, I was interviewed by SecurityFocus regarding security event auditing in FreeBSD 6.2. In my 2005 OSNews interview on FreeBSD 6.x, I describe some of my recent work on the FreeBSD network stack. I also did an interview for the technical news site Slashdot in 2001 on TrustedBSD and other topics relating to FreeBSD and open source.

If you're running FreeBSD and have a Meteor or Bktr video card, you definitely need a copy of my AATV software to watch TV as ASCII art (thanks to the aalib folks). The interested can find boatloads of patches, presentations, etc, relating to my work on FreeBSD here, including my work on the multi-threaded, multi-processor network stack for FreeBSD 5.x and 6.x.

Coda

While at Carnegie Mellon, I worked with the Coda Project. Coda is a weak consistency distributed file system aiming for improved support for mobility and fault tolerance. I assisted in adding Kerberos support, and implemented a cryptographically secure version of Coda.

employment

I am currently a University Senior Lecturer (Associate Professor) at the University of Cambridge Computer Laboratory, where I lead a number of research projects, and supervise a group PhD students and post-doctoral researchers spanning security, operating systems, computer architecture, and program analysis and transformation. My Cambridge web page contains more information on this work.

Through August 31, 2005, I worked as a Senior Principal Scientist in the Security Research division of SPARTA ISSO, which at various times has been the Advanced Research and Engineering (ARE) division of Trusted Information Systems (TIS), TIS Labs, NAI Labs, Network Associates Laboratories, and McAfee Research, since 1999. Earlier during that period I worked for the Network Security Research Group (NETSEC), but later worked in the Host Intrusion Protection (HIP) research group--for the less buzzword compliant, this means operating system security research and development.

Among various projects, I've worked on DNS Security, Active Network security, as well as a Principal Investigator on several projects, including PI on the DARPA CHATS CBOSS project, Apple's Mac OS X audit implementation for their CAPP evaluation, several DARPA-sponsored seedling research projects, and a number of sponsored research and development projects relating to NSA's SELinux/FLASK/TE technologies on FreeBSD (SEBSD) and Darwin (SEDarwin), and a project to productionize mandatory access control on the Mac OS X platform using a port of the TrustedBSD MAC Framework. Due to my work in the open source world, I have worked with a number of agencies and other organizations to help transfer new security technology via open source.

Since returning to academia, I have continued to provide consulting and contracting work in the areas of security and performance for operating and network systems. I am available for part-time work; please contact me by e-mail for information on availability and rates.

publications

Marshall Kirk McKusick, George V. Neville-Neil, and Robert N. M. Watson The Design and Implementation of the FreeBSD Operating System, 2nd Edition, Pearson Education, Boston, MA, USA, September 2014. Forthcoming publication.

Ilias Marinos, Robert N. M. Watson, and Mark Handley, Network Stack Specialization for Performance, Proceedings of ACM SIGCOMM 2014 Conference (SIGCOMM'14), Chicago, IL, USA, August 17-22, 2014.

Jonathan Woodruff, Robert N. M. Watson, David Chisnall, Simon W. Moore, Jonathan Anderson, Brooks Davis, Ben Laurie, Peter G. Neumann, Robert Norton, and Michael Roe. The CHERI capability model: Revisiting RISC in an age of risk, Proceedings of the 41st International Symposium on Computer Architecture (ISCA 2014), Minneapolis, MN, USA, June 14-16, 2014.

Robert N.M. Watson, Peter G. Neumann, Jonathan Woodruff, Jonathan Anderson, David Chisnall, Brooks Davis, Ben Laurie, Simon W. Moore, Steven J. Murdoch, and Michael Roe. Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture, Technical Report UCAM-CL-TR-850, University of Cambridge, Computer Laboratory, April 2014.

Robert N.M. Watson, David Chisnall, Brooks Davis, Wojciech Koszek, Simon W. Moore, Steven J. Murdoch, Peter G. Neumann, and Jonathan Woodruff. Capability Hardware Enhanced RISC Instructions: CHERI User’s Guide, Technical Report UCAM-CL-TR-851, University of Cambridge, Computer Laboratory, April 2014.

Robert N.M. Watson, Jonathan Woodruff, David Chisnall, Brooks Davis, Wojciech Koszek, A. Theodore Markettos, Simon W. Moore, Steven J. Murdoch, Peter G. Neumann, Robert Norton, and Michael Roe. Bluespec Extensible RISC Implementation: BERI Hardware Reference, Technical Report UCAM-CL-TR-852, University of Cambridge, Computer Laboratory, April 2014.

Robert N.M. Watson, David Chisnall, Brooks Davis, Wojciech Koszek, Simon W. Moore, Steven J. Murdoch, Peter G. Neumann, and Jonathan Woodruff. Bluespec Extensible RISC Implementation: BERI Software Reference, Technical Report UCAM-CL-TR-853, University of Cambridge, Computer Laboratory, April

Jonathan Anderson, Robert N. M. Watson, David Chisnall, Khilan Gudka, Brooks Davis, and Ilias Marinos. TESLA: Temporally Enhanced System Logic Assertions, Proceedings of The 2014 European Conference on Computer Systems (EuroSys 2014), Amsterdam, The Netherlands, April 14-16 2014.

Brooks Davis, Robert Norton, Jonathan Woodruff, and Robert N. M. Watson. How FreeBSD Boots: a soft-core MIPS perspective, Proceedings of AsiaBSDCon 2014, 13-16 March, 2014, Tokyo, Japan.

A Theodore Markettos, Jonathan Woodruff, Robert N. M. Watson, Bjoern A. Zeeb, Brooks Davis, Simon W Moore. The BERIpad tablet: open-source construction, CPU, OS and applications, Proceedings of 2013 FPGA Workshop and Design Contest, November 1st-3rd, Southeast University, Nanjing, China.

Ilias Marinos, Robert N. M. Watson, and Mark Handley. Network stack specialisation for performance. Twelfth ACM Workshop on Hot Topics in Networks (HotNets-XII), November, 2013.

William R. Harris (University of Wisconsin, Madison), Somesh Jha (University of Wisconsin, Madison), Thomas Reps (University of Wisconsin, Madison), Jonathan Anderson (University of Cambridge), and Robert N. M. Watson (University of Cambridge). Declarative, Temporal, and Practical Programming with Capabilities, IEEE Symposium on Security and Privacy ("Oakland"), May, 2013.

Robert N. M. Watson, Steven J. Murdoch, Khilan Gudka, Jonathan Anderson, Peter G. Neumann, and Ben Laurie. Towards a theory of application compartmentalisation. Security Protocols Workshop, March, 2013.

Robert N. M. Watson. A decade of OS access-control extensibility. Communications of the ACM 56(2), February 2013.

Robert N. M. Watson. A decade of OS access-control extensibility. ACM Queue 11(1), January 2013. (Open access, extended version of CACM article.)

Khilan Gudka, Robert N. M. Watson, Steven Hand, Ben Laurie, and Anil Madhavapeddy. Exploring compartmentalisation hypotheses with SOAAP. Workshop paper, Adaptive Host and Network Security (AHANS 2012), September, 2012.

Robert N. M. Watson: New approaches to security extensibility. Technical report UCAM-CL-TR-818, University of Cambridge, Computer Laboratory, April 2012.

Jonathan Anderson, Robert N. M. Watson: Stayin' Alive: Aliveness as an alternative to authentication. To be presented at the Twentieth International Workshop on Security Protocols (SPW), April 2012.

Robert N. M. Watson, Peter G. Neumann Jonathan Woodruff, Jonathan Anderson, Ross Anderson, Nirav Dave, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Philip Paeps, Michael Roe, and Hassen Saidi: CHERI: a research platform deconflating hardware virtualization and protection. Workshop paper, Runtime Environments, Systems, Layering and Virtualized Environments (RESoLVE 2012), March, 2012.

Steven Smith, Anil Madhavapeddy, Christopher Smowton, Malte Schwarzkopf, Richard Mortier, Robert N.M. Watson and Steven Hand: The Case for Reconfigurable I/O Channels. Workshop paper, Runtime Environments, Systems, Layering and Virtualized Environments (RESoLVE 2012), March, 2012.

Robert N. M. Watson, Jonathan Anderson, Ben Laurie, and Kris Kennaway: A taste of Capsicum: practical capabilities for UNIX. In Communications of the ACM 55(3), pp. 97-104, March 2012.

Jonathan Anderson, Frank Stajano, Robert Watson: How to keep bad papers out of conferences (with minimum reviewer effort). Proceedings of the Nineteenth International Workshop on Security Protocols, March 2011

Peter G. Neumann, Robert N. M. Watson. Capabilities Revisited: A Holistic Approach to Bottom-to-Top Assurance of Trustworthy Systems. Proceedings of the Fourth Annual Layered Assurance Workshop, Austin, Texas, December 2010.

Laurel D. Riek, Robert N.M. Watson. The Age of Avatar Realism: When seeing shouldn't be believing. IEEE Robotics and Automation (2010). Vol. 17, Issue 4, pp 37-42.

Robert N. M. Watson, Jonathan Anderson, Ben Laurie, Kris Kennaway. Capsicum: practical capabilities for UNIX. In Proceedings, 19th USENIX Security Symposium 2010, Washington, DC.

Steven J. Murdoch, Robert N. M. Watson. Metrics for security and performance in low-latency anonymity systems. In Proceedings, Privacy Enhancing Technologies Symposium 2008, Leuven, Belgium.

Richard Clayton, Steven J. Murdoch, Robert N. M. Watson. Ignoring the Great Firewall of China. A Journal of Law and Policy for the Information Society, Volume 3, Issue 2, Fall 2007.

Robert N. M. Watson. Exploiting Concurrency Vulnerabilities in System Call Wrappers. In Proceedings, WOOT'07 - First USENIX Workshoop on Offensive Technologies, Boston, Massachussetts, USA.

Robert N. M. Watson. How the FreeBSD Project Works. In Proceedings, 2006 EuroBSDCon, Milan, Italy.

Richard Clayton, Steven J. Murdoch, Robert N. M. Watson. Ignoring the Great Firewall of China. In Proceedings, Privacy Enhancing Technologies Workshop 2006, Cambridge, UK.

Robert N. M. Watson, Wayne Salamon. TrustedBSD OpenBSM: Open Source Security Audit Framework. In Proceedings, 2006 UKUUG Spring Conference, Durham, UK.

Robert N. M. Watson. Introduction to Multithreading and Multiprocessing in the FreeBSD SMPng Network Stack. In Proceedings, 2005 EuroBSDCon, Basel, Switzerland.

Poul-Henning Kamp, Robert N. M. Watson. Building Systems to be Shared, Securely. ACM Queue, July/August 2004.

Robert N. M. Watson, Wayne Morrison, Chris Vance, Brian Feldman. The TrustedBSD MAC Framework: Extensible Kernel Access Control for FreeBSD 5.0. In Proceedings, 2003 USENIX Annual Technical Conference, FREENIX Track.

Robert N. M. Watson, Brian Feldman, Adam Migus, Chris Vance. Design and Implementation of the TrustedBSD MAC Framework. 2003 DARPA Information Security Conference and Exposition (DISCEX III). IEEE.

Sandra L. Murphy, Edward T. Lewis, Robert N. M. Watson. Secure Active Network Prototypes. In Proceedings, 2002 DARPA Active Network Conference and Exposition (DANCE'02). IEEE.

Robert N. M. Watson. TrustedBSD: Adding Trusted Operating System Features to FreeBSD. In Proceedings, 2001 USENIX Annual Technical Conference, FREENIX Track.

Sandra Murphy, et al. Strong Security for Active Networks. In Proceedings, OpenArch 2001.

Robert N. M. Watson. Statement for SACMAT 2001 Panel. ACM Workshop on Role Based Access Control. In proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, 2001.

Poul-Henning Kamp and Robert N. M. Watson. Jails: Confining the Omnipotent Root. In Proceedings, SANE 2000 Conference. NLUUG, 2000.

Robert N. M. Watson. Introducing Supporting Infrastructure for Trusted Operating System Support in FreeBSD. In BSDCon 2000 Conference Proceedings. BSDi, 2000.

press

Press interviews and articles include:

2007/09/16 Slashdot: Attacking Multicore CPUs

2007/09/14 The Register: Attacking Multicore CPUs: Get exploited on time

2007/08/09 Slashdot: Cambridge Researcher Breaks OpenBSD Systrace

2006/11/13 The Register: FreeBSD 6.2 nears release - Robert Watson on the new security event auditing system

2006/11/11 OSNews: FreeBSD Security Event Auditing

2006/11/10 SecurityFocus: FreeBSD Security Event Auditing

2005/06/24 Slashdot: Looking at FreeBSD 6 and Beyond

2005/06/23 OSNews: Interview: Looking at FreeBSD 6 and Beyond

2005/06/03 OSNews: TrustedBSD Status Report

2005/02/09 OSNews: FreeBSD logo design competition

2005/01/11 OSNews: Robert Watson announces IPX/SPX now MPSAFE on FreeBSD 5.x

2004/08/15 OSNews: FreeBSD: Lock Order Reversal Documentation

2003/11/01 OSNews: FreeBSD: 5.2-Release Todo

2003/10/30 Slashdot: FreeBSD, Linux Kernel Source Cross Reference

2003/09/30 OSNews: FreeBSD 4.9-RC1 Available for Testing

2003/05/18 OSNews: FreeBSD: Todo Lists for 5.1 and 5.2

2003/04/21 OSNews: UFS2 Now the Default Creation Type on FreeBSD 5.0-CURRENT

2002/05/14 OSNews: What's New in FreeBSD 5.0

2002/01/29 Slashdot: OS News Interview with Robert Watson

2002/01/29 OSNews: FreeBSD Week: Interview with Robert Watson

2001/07/09 Slashdot: $1.2M DARPA Contract for FreeBSD Security

2001/06/14 Slashdot: FreeBSD Project Updates

2001/01/12 Slashdot: Learn from Robert Watson of FreeBSD and TrustedBSD

education

I went to high school at the Sidwell Friends School in Washington, DC. While there, my interests lay almost exclusively in the areas of computer science and technical theatre. From around 1992 to 1995, I ran a WWIV-based BBS, my first exposure to the C programming langauge. One of the first high schools in the world to be "on the Internet", Sidwell allowed me to get involved in UNIX and IP networking at a very exciting time. You can read about my somewhat more recent experiment with porting WWIV to the FreeBSD operating system.

I received my BS in Logic and Computation with a double major in Computer Science from Carnegie Mellon University. For the last year or two there, I largely took graduate level CS courses in the area of operating systems, networking, and architecture. However, my undergraduate thesis was in the area of theoretical computer security on the logic and computation side, making use of model checking to verify properties of security policies in operating systems.

I also spent time as a visiting academic at the Computing Laboratory at Cambridge University in 1999, where I worked on tamper-resistant hardware research. In particular, I investigated power analysis of commercial embedded cryptographic hardware.

I completed my PhD in the Computer Laboratory at the University of Cambridge, Cambridge, UK under the supervision of Professor Ross Anderson. I exploring issues in the vertical integration of security through the operating system, window system, desktop environment, and applications.

contacting me

E-mail works.

The most up-to-date version of my key is available from the PGP key server network.

contents copyright 2003-2010 Robert N. M. Watson