I'm a postdoc in the MIT CSAIL
Computer Systems Security Group
working with Prof. Nickolai
I work mainly on Web application security. I graduated with a PhD in
Electrical Engineering from Stanford University, where I
focused on network security, virtualization, and management. I was
co-advised by Prof. Nick McKeown
and "Prof." David
I was also part of the NetFPGA team.
I received my Bachelor of Computer Engineering degree at McGill University in Montreal, 2005.
I received a Master of Science degree in Electrical Engineering from Stanford in
2007 with a concentration in Computer Architecture and
I received a PhD in Electrical Engineering from Stanford in 2011
I have worked/am working on the following projects:
- WARP (at MIT):
I joined WARP after the first iteration of it was done and the paper
accepted to SOSP 2011. WARP is a time machine for Web
applications that allows you to go back in time, apply a
change and see what the results of that change where. For example,
WARP can be used to retroactively apply a patch that fixes a
vulnerability and to automatically undo any exploits resulting
from that vulnerability.
- I am working on building the undo framework for distributed
systems (such as a datacenter), tracking what data was leaked due
to an exploit, and using WARP as a QA tool.
- Expedient and Network Virtualization:
- GENI is a US
effort to build a large virtualized network (end-hosts and networking
fabric) that allows multiple researchers to be simultaneously
running their experiments. Expedient is a pluggable control framework for
GENI that simplifies the developers' and the experimenters' lives.
- Implemented a modular all-capable kickass Expedient Clearinghouse
- Worked on the OpenFlow Aggregate architecture
- ICING is a network architecture that allows an almost
unlimited number of security policy types. In any
communication, there are several participants whose resources
are consumed or who would like to choose resources to consume:
senders, receivers, and providers. We would like to enable
source routing for the senders without violating the policies
of the receivers and providers. At the same time, the
receivers and providers would like to choose the path that
packets take. ICING allows the conjunction of all these
concerns, and makes sure that the path that was agreed to by
all participants is followed. All this at line-rate! We even
have an implementation running on NetFPGA that can run at line-rate
for almost all packet sizes.
- A protocol that enables administrators to delegate
security policies to users, machines, or other third-parties
hierarchically. We implement ident++ by adding a daemon on the
end-hosts and modifying the firewalls. We have also developed
a language that makes it easy to write rules for ident++.
- Makes security policies more precise
- Allows the administrator to write policies in a more natural
and understandable language
- NetFPGA is a hardware platform for networking research and
education. The NetFPGA device itself is a PCI card with 4 GigE
ports, a Virtex2pro FPGA, SRAM and DRAM. Many research systesm
run on NetFPGA, and it is being used around the world.
- Designed the "reference pipeline" architecture
- Designed and implemented most of the current reference
- Buffer Sizing:
- It is difficult to know how buffer sizes change in
high-speed routers. So I implemented an Event Capturing
system on NetFPGA that can monitor router/switch buffer occupancy at
clock cycle precision
- The data can be relayed out to a remote machine for
- Virtualization-enabled NIC:
- Used NetFPGA to implement a virtualized NIC to accelerate
- Implemented an OpenFlow
switch on NetFPGA
- Live CD for OpenFlow and NetFPGA:
- Currently outdated. But if someone asks me, I'll update it
- Can be found here
jnaous () g mail ! com
"Path-policy compliant networking and a platform for heterogeneous IaaS managemenent"
PhD Thesis, submitted to the Department of Electrical Engineering of Stanford University
117 pages pdf
"Verifying and enforcing network paths with ICING"
Jad Naous, Michael Walfish, Antonio Nicolosi, David
Mazières, Michael Miller, and Arun Seehra
CoNEXT 2011, Tokyo, Japan, December 2011.
12 pages pdf
"Defining and enforcing transit policies in a future Internet"
Jad Naous, Arun Seehra, Michael Walfish, David Mazières,
Antonio Nicolosi, and Scott Shenker
Department of Computer Sciences, Technical Report TR-10-07, The
University of Texas at Austin, February 2010.
15 pages pdf
"Network Security via Explicit Consent"
Jad Naous, Michael Walfish, David Mazières, Antonio Nicolosi, and Arun Seehra
Department of Computer Sciences, Technical Report TR-09-12, The University of Texas at Austin, March 2009.
15 pages pdf
"A Policy Framework for the Future Internet"
Arun Seehra, Jad Naous, Michael Walfish, David Mazières, Antonio Nicolosi, and Scott Shenker
ACM Workshop on Hot Topics in Networks (HotNets), New York, NY, October 2009.
6 pages pdf
"Enabling Delegation with More Information"
Jad Naous, Ryan Stutsman, David Mazières, Nick McKeown, and Nickolai Zeldovich
SIGCOMM WREN Workshop, Barcelona, Spain, August 21, 2009.
8 pages pdf
"Spider Transparent Clock"
John Eidson, Andrew Fernandez, Bruce Hamilton, Jad Naous, and Dieter Vook
ISPCS 2008, Ann Arbor, Michingan, September 22-26 2008.
5 pages pdf
"Implementing an OpenFlow Switch on the NetFPGA platform"
Jad Naous, David Erickson, Adam Covington, Guido Appenzeller, and Nick McKeown
ANCS'08, San Jose, CA, USA, November 6-7, 2008.
9 pages pdf
"NetFPGA: Reusable Router Architecture for Experimental Research"
Jad Naous, Glen Gibb, Sara Bolouki, and Nick McKeown
SIGCOMM PRESTO Workshop, Seattle, WA, August 2008.
7 pages pdf
"NetFPGA -- Open Platform for Teaching How to Build Gigabit-rate
Network Switches and Routers"
Glen Gibb, John W. Lockwood, Jad Naous, Paul Hartke, and Nick McKeown
IEEE Transactions on Education, 2008
22 pages pdf
"NetFPGA - An Open Platform for Gigabit-rate Network Switching and
John W. Lockwood, Nick McKeown, Greg Watson, Glen Gibb, Paul Hartke,
Jad Naous, Ramanan Raghuraman, and Jianying Luo
MSE 2007, San Diego, June 2007.
2 pages pdf