Jad Naous
I'm a PhD student in Electrical Engineering at Stanford University. I
focus on network security, virtualization, and management. I am
co-advised by Prof. Nick McKeown
and "Prof." David
Mazières.
I'm also part of the NetFPGA team.
I received my Bachelor of Computer Engineering degree at McGill University in Montreal, 2005.
I received a Master of Science degree in Electrical Engineering from Stanford in
2007 with a concentration in Computer Architecture and Hardware.
Projects
I have worked/am working on the following projects:
- ICING
- ICING is a network architecture that allows an almost
unlimited number of security policy types. In any
communication, there are several participants whose resources
are consumed or who would like to choose resources to consume:
senders, receivers, and providers. We would like to enable
source routing for the senders without violating the policies
of the receivers and providers. At the same time, the
receivers and providers would like to choose the path that
packets take. ICING allows the conjunction of all these
concerns, and makes sure that the path that was agreed to by
all participants is followed. All this at line-rate! We even
have an implementation running on NetFPGA that can run at line-rate
for almost all packet sizes.
- UltraViolet
- UltraViolet is a cloud-computation framework that uses distributed
information flow control (DIFC) to provide fine-grained access
control to stored data. Further, the system enforces DIFC
labels and makes sure information is not leaked in the compute
cloud. It allows secure federation of compute and storage
resources and limits the amount of information an attacker can
leak.
- ident++:
- A protocol that enables administrators to delegate
security policies to users, machines, or other third-parties
hierarchically. We implement ident++ by adding a daemon on the
end-hosts and modifying the firewalls. We have also developed
a language that makes it easy to write rules for ident++.
- Makes security policies more precise
- Allows the administrator to write policies in a more natural
and understandable language
- E-GENI and Network Virtualization:
- Enterprise GENI is under the GENI umbrella. GENI is a US
effort to build a large virtualized network (end-hosts and
fabric) that allows multiple researchers to be simultaneously
running their experiments. E-GENI will be the incarnation of
GENI on university campuses and other (duh) enterprises.
- Working on the OpenFlow Aggregate architecture
- Working on implementing the Enterprise GENI Clearinghouse
- Developing models and ways to reason about slicing and resource
allocation in a virtualized network
- NetFPGA:
- NetFPGA is a hardware platform for networking research and
education. The NetFPGA device itself is a PCI card with 4 GigE
ports, a Virtex2pro FPGA, SRAM and DRAM. Many research systesm
run on NetFPGA, and it is being used around the world.
- Designed the "reference pipeline" architecture
- Designed and implemented most of the current reference
implementations.
- Buffer Sizing:
- It is difficult to know how buffer sizes change in
high-speed routers. So I implemented an Event Capturing
system on NetFPGA that can monitor router/switch buffer occupancy at
clock cycle precision
- The data can be relayed out to a remote machine for
analysis
- Virtualization-enabled NIC:
- Used NetFPGA to implement a virtualized NIC to accelerate
networking
- OpenFlow:
- Implemented an OpenFlow
switch on NetFPGA
- Live CD for OpenFlow and NetFPGA:
- Currently outdated. But if someone asks me, I'll update it
- Can be found here
Contact
My office is Gates 342
Directions
to the Gates building
Printable map of campus: pdf
format.
jnaous () stanford ! edu
Publications
-
"Network Security via Explicit Consent"
Jad Naous, Michael Walfish, David Mazières, Antonio Nicolosi, and Arun Seehra
Department of Computer Sciences, Technical Report TR-09-12, The University of Texas at Austin, March 2009.
15 pages pdf
-
"A Policy Framework for the Future Internet"
Arun Seehra, Jad Naous, Michael Walfish, David Mazières, Antonio Nicolosi, and Scott Shenker
ACM Workshop on Hot Topics in Networks (HotNets), New York, NY, October 2009.
6 pages pdf
-
"Enabling Delegation with More Information"
Jad Naous, Ryan Stutsman, David Mazières, Nick McKeown, and Nickolai Zeldovich
SIGCOMM WREN Workshop, Barcelona, Spain, August 21, 2009.
8 pages pdf
-
"Spider Transparent Clock"
John Eidson, Andrew Fernandez, Bruce Hamilton, Jad Naous, and Dieter Vook
ISPCS 2008, Ann Arbor, Michingan, September 22-26 2008.
5 pages pdf
-
"Implementing an OpenFlow Switch on the NetFPGA platform"
Jad Naous, David Erickson, Adam Covington, Guido Appenzeller, and Nick McKeown
ANCS'08, San Jose, CA, USA, November 6-7, 2008.
9 pages pdf
-
"NetFPGA: Reusable Router Architecture for Experimental Research"
Jad Naous, Glen Gibb, Sara Bolouki, and Nick McKeown
SIGCOMM PRESTO Workshop, Seattle, WA, August 2008.
7 pages pdf
-
"NetFPGA -- Open Platform for Teaching How to Build Gigabit-rate
Network Switches and Routers"
Glen Gibb, John W. Lockwood, Jad Naous, Paul Hartke, and Nick McKeown
IEEE Transactions on Education, 2008
22 pages pdf
-
"NetFPGA - An Open Platform for Gigabit-rate Network Switching and
Routing"
John W. Lockwood, Nick McKeown, Greg Watson, Glen Gibb, Paul Hartke,
Jad Naous, Ramanan Raghuraman, and Jianying Luo
MSE 2007, San Diego, June 2007.
2 pages pdf
Links