Jonathan M. Smith

Jonathan M. Smith
University of Pennsylvania | UP · Department of Computer and Information Science

About

241
Publications
53,972
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
9,491
Citations
Additional affiliations
July 1989 - present
University of Pennsylvania
Position
  • Olga and Alberico Pompa Professor of SEAS

Publications

Publications (241)
Article
As networks grow in speed, scale, and complexity, operating them reliably requires continuous monitoring and increasingly sophisticated analytics. Because of these requirements, the platforms that support analytics in cloud-scale networks face demands for both higher throughput (to keep up with high packet rates) and increased generality and progra...
Conference Paper
We revisit the gap between what distributed systems need from the transport layer and what protocols in wide deployment provide. Such a gap complicates the implementation of distributed systems and impacts their performance. We introduce Tunable Multicast Communication (TMC), an abstraction that allows developers to easily specialize communication...
Article
In an ideal world, it would be possible to build a provably correct and secure processor. However, the complexity of today's processors puts this ideal out of reach. The complete verification of a modern processor remains intractable. Statically verifying even a simple security property -for example, "hardware privilege escalation never occurs" -re...
Presentation
Full-text available
A Digital Noah’s Archive — DNA Ark This presentation is about: 1. An update on advances in our archival Write Once, Read Forever (WORF) interference data storage media; 2. An experiment for NASA testing radiation hardness of WORF media on the International Space Station 3. A proposal to create a space-based store of our knowledge base, including hu...
Conference Paper
Network monitoring is an increasingly important task in the operation of today's large and complex computer networks. In recent years, technologies leveraging software defined networking and programmable hardware have been proposed. These innovations enable operators to get fine-grained insight into every single packet traversing their network at h...
Conference Paper
Perceived as a vast, interconnected graph of content, the reality of the web is very different. Immense computational resources are used to deliver this content and associated services. An even larger pool of computing power is comprised by edge user devices. This latent potential has gone unused. Ar~frames the web as a distributed computing platfo...
Conference Paper
The rise of language-specific, third-party packages simplifies application development. However, relying on untrusted code poses a threat to security and reliability. In this work, we propose exploiting module boundaries --and the general trend towards more and smaller modules --to achieve fine-grained compartmentalization. Automated transformation...
Conference Paper
Software-defined Networking (SDN) enables advanced network applications by separating a network into a data plane that forwards packets and a control plane that computes and installs forwarding rules into the data plane. Many SDN applications rely on dynamic rule installation, where the control plane processes the first few packets of each traffic...
Article
Managing an intrusion detection system (IDS) requires careful consideration of the IDS rule set used to match malicious traffic. Network operators face a tradeoff when selecting rules: a rule set that is too conservative (too few rules) could lead to network intrusion and attacks from unforeseen risks, while a rule set that is too broad (too many r...
Conference Paper
Network Security applications that run on Software Defined Networks (SDNs) often need to analyze and process traffic in advanced ways. Existing approaches to adding such functionality to SDNs suffer from either poor performance, or poor deployability. In this paper, we propose and benchmark OFX: an OpenFlow extension framework that provides a bette...
Article
THE EARLIEST COMPUTERS, like the ENIAC, were rare and heroically difficult to program. That difficulty stemmed from the requirement that algorithms be expressed in a "vocabulary" suited to the particular hardware available, ranging from function tables for the ENIAC to more conventional arithmetic and movement operations on later machines. Introduc...
Article
Processor implementation errata remain a problem, and worse, a subset of these bugs are security-critical. We classified 7 years of errata from recent commercial processors to understand the magnitude and severity of this problem, and found that of 301 errata analyzed, 28 are security-critical. We propose the SECURITY-CRITICAL PROCESSOR ERRATA CATC...
Article
Optimized hardware for propagating and checking software-programmable metadata tags can achieve low runtime overhead. We generalize prior work on hardware tagging by considering a generic architecture that supports software-defined policies over metadata of arbitrary size and complexity; we introduce several novel microarchitectural optimizations t...
Conference Paper
As web browsers have become more sophisticated at blocking unauthorized attempts to track users’ online activities (incognito mode, Do Not Track), so too have trackers evolved to trump those protections. In many cases, these new forms of tracking have turned features designed to improve the web experience against user privacy. We focus on browser f...
Article
Processor implementation errata remain a problem, and worse, a subset of these bugs are security-critical. We classified 7 years of errata from recent commercial processors to understand the magnitude and severity of this problem, and found that of 301 errata analyzed, 28 are security-critical. We propose the SECURITY-CRITICAL PROCESSOR ER- RATA CA...
Article
Full-text available
NEBULA is a proposal for a Future Internet Architecture. It is based on the assumptions that: (1) cloud computing will comprise an increasing fraction of the application workload offered to an Internet, and (2) that access to cloud computing resources will demand new architectural features from a network. Features that we have identified include de...
Article
This paper describes a novel privacy-aware geographic routing protocol for Human Movement Networks (HumaNets). HumaNets are fully decentralized opportunistic store-and-forward, delay-tolerant networks composed of smartphone devices. Such networks allow participants to exchange messages phone-to-phone and have applications where traditional infrastr...
Article
Full-text available
We introduce the Programmable Unit for Metadata Processing (PUMP), a novel software-hardware element that allows flexible computation with uninterpreted metadata alongside the main computation with modest impact on runtime performance (typically 10--40% for single policies, compared to metadata-free computation on 28 SPEC CPU2006 C, C++, and Fortra...
Technical Report
Full-text available
We are proposing a novel, patented imaging system designed to be a better match for-and potentially to augment-human vision. This system is comprised of wave-based nano-antenna arrays, with antennas sized for the wavelengths of light. The arrays can detect phase, as well as frequency and intensity, so that algorithms can replicate the functionality...
Conference Paper
Full-text available
Referencing outside the bounds of an array or buffer is a common source of bugs and security vulnerabilities in today's software. We can enforce spatial safety and eliminate these violations by inseparably associating bounds with every pointer (fat pointer) and checking these bounds on every memory access. By further adding hardware-managed tags to...
Conference Paper
Full-text available
SAFE is a large-scale, clean-slate co-design project encompassing hardware architecture, programming languages, and operating systems. Funded by DARPA, the goal of SAFE is to create a secure computing system from the ground up. SAFE hardware provides memory safety, dynamic type checking, and native support for dynamic information flow control. The...
Conference Paper
Full-text available
The NEBULA Future Internet Architecture (FIA) project is focused on a future network that enables the vision of cloud computing [8,12] to be realized. With computation and storage moving to data centers, networking to these data centers must be several orders of magnitude more resilient for some applications to trust cloud computing and enable thei...
Article
We attended the 2012 Mobile World Congress in Barcelona, Spain. This note reports on some of our observations that we believe might be relevant to the SIGCOMM community.
Technical Report
Full-text available
Nano-antenna, phase detecting array sensors, optimized for the light band region with SDL processing would be a fundamental transformation for imaging, spectroscopy, and numerous related analytic disciplines. Essentially, imaging would shift from photonic detectors (film, CCD, CMOS, etc.), with glass lenses, to a wave-defined, powerful software pro...
Article
The primary focus of the NEBULA Future Internet Architecture is to provide resilient networking for the emerging cloud computing model. One of the attractions of cloud computing is its support for online services and data storage by thin clients such as mobile devices. This paper describes two components of NEBULA's edge network technology, Serval...
Conference Paper
Modern smartphones are equipped with a plethora of sensors that enable a wide range of interactions, but some of these sensors can be employed as a side channel to surreptitiously learn about user input. In this paper, we show that the accelerometer sensor can also be employed as a high-bandwidth side channel; particularly, we demonstrate how to us...
Article
Full-text available
The Internet enables global sharing of data across organizational boundaries. Distributed file systems facilitate data sharing in the form of remote file access. However, traditional access control mechanisms used in distributed file systems are intended for machines under common administrative control, and rely on maintaining a centralized databas...
Conference Paper
This paper introduces a privacy-aware geographic routing protocol for Human Movement Networks (HumaNets). HumaNets are fully decentralized opportunistic and delay-tolerate networks composed of smartphone devices. Such networks allow participants to exchange messages phone-to-phone and have applications where traditional infras-tructure is unavailab...
Conference Paper
Hardware interlocks that enforce semantic invariants and allow fine-grained privilege separation can be built with reasonable costs given modern semiconductor technology. In the common error-free case, these mechanisms operate largely in parallel with the intended computation, monitoring the semantic intent of the computation on an operation-by-ope...
Article
Full-text available
The recent widespread deployment of wireless LAN technology raises the question of how a mobile telephony system might instead be architected to use wireless LAN access points and the Internet to achieve similar services. In this paper, we examine an end-to-end architecture for mobile telephony, with a strong focus on endpoint issues. We have desig...
Conference Paper
Security protocols are almost always part of an iterated game, but existing abstractions don’t model this behavior. Models for such systems have been developed in other contexts, and we propose the use of one, John Boyd’s Observe-Orient-Decide-Act (OODA) Loop, as appropriate for the security context.
Article
Full-text available
Today, the most effective mechanism for remedying shortcomings of the Internet, or augmenting it with new networking capabilities, is to develop and deploy a new overlay network. This leads to the problem of multi-ple networking infrastructures, each with independent advantages, and each developed in isolation. A greatly preferable solution is to h...
Article
Overlay networks create new networking services using nodes that communicate using pre-existing networks. They are often optimized for specific applications and targeted at niche vertical domains, but lack interoperability with which their functionalities can be shared. Mosaic is a declarative platform for constructing new overlay networks from mul...
Article
Full-text available
Safe is a clean-slate design for a secure host architecture. It integrates advances in programming languages, operating systems, and hardware and incorporates formal methods at every step. Though the project is still at an early stage, we have assembled a set of basic architectural choices that we believe will yield a high-assurance system. We sket...
Article
Full-text available
This article outlines steps towards a disinformation theory, a simplified and generalized notion of communication that is intended to be, in some way, misleading or deceptive. The model is derived from Shannon's communications model, but with an intentional “noise source” and an unintended receiver. Alterations of an image containing a message are...
Article
The recent widespread deployment of wireless LAN technology raises the question of how a mobile telephony system might instead be architected to use wireless LAN access points and the Internet to achieve similar services. In this paper, we examine an end-to-end architecture for mobile telephony, with a strong focus on endpoint issues. We have desig...
Article
Full-text available
Touch screens are an increasingly common feature on personal computing devices, especially smartphones, where size and user interface advantages accrue from consolidating multiple hardware components (keyboard, number pad, etc.) into a single software definable user interface. Oily residues, or smudges, on the touch screen surface, are one side eff...
Conference Paper
Full-text available
The computer systems security arms race between at- tackers and defenders has largely taken place in the do- main of software systems, but as hardware complexity and design processes have evolved, novel and potent hardware-based security threats are now possible. This paper presents a hybrid hardware/software approach to defending against malicious...
Conference Paper
Full-text available
Work on security vulnerabilities in software has primarily focused on three points in the software life-cycle: (1) finding and removing software defects, (2) patching or hardening software after vulnerabilities have been discovered, and (3) measuring the rate of vulnerability exploitation. This paper examines an earlier period in the software vulne...
Article
Full-text available
Cellular networks are centrally administered, enabling service providers and their governments to conduct system-wide monitoring and censorship of mobile com-munication. This paper presents HUMANETS, a fully decentralized, smartphone-to-smartphone (and hence human-to-human) message passing scheme that permits unmonitored message communication even...
Article
Full-text available
This project examined the question of U.S. Department of Defense (DoD) adoption of the Internet Protocol, Version 6 (IPv6) and recommends actions by the Defense Advanced Projects Research Agency (DARPA) towards ensuring the integrity of DoD networks during and after the transition. We pay attention to infrastructure readiness, commercial carriers,...
Conference Paper
Full-text available
Fighting global security threats with only a local view is inherently difficult. Internet network operators need to fight global phenom- ena such as botnets, but they are hampered by the fact that operators can observe only the traffic in their local domains. We propose a collaborative approach to this problem, in which operators share aggregate in...
Article
The computer systems security arms race between attackers and defenders has largely taken place in the domain of software systems, but as hardware complexity and design processes have evolved, novel and potent hardware-based security threats are now possible. This paper presents a hybrid hardware/software approach to defending against malicious har...
Article
Fighting global security threats with only a local view is inherently difficult. Internet network operators need to fight global phenomena such as botnets, but they are hampered by the fact that operators can observe only the traffic in their local domains. We propose a collaborative approach to this problem, in which operators share aggregate info...
Article
Full-text available
We introduce a new communication paradigm, Human-to-human Mobile Ad hoc Networking (HuManet), that exploits smartphone capabilities and human behavior to create decentralized networks for smartphone-to-smartphone message delivery. HuManets support stealth command-and-control messaging for mobile BotNets, covert channels in the presence of an observ...
Article
Full-text available
Usability and portability have been key commercial drivers for increasingly capable handheld devices, which have been enabled by advances in Moore’s Law and well as in wireless systems. The nature of such devices makes them extremely personal, and yet they offer an untapped resource for new forms of peer-to-peer and cooperative communications relay...
Article
Members of the computer science community should become more involved in public service by becoming program managers at federal agencies, the opportunities and benefits of which are outlined here.
Article
Full-text available
Over the past several years, software-as-a-service (SaaS) has become an attractive option for companies looking to save money and simplify their computing infrastructures. SaaS is an interesting group of techniques for moving computing from the desktop to the cloud. However, as it grows in popularity, engineers should be aware of some of the fundam...
Article
Full-text available
The nine papers in this special issue focus on network infrastructure configuration and some of the problems encountered in the areas of specification, diagnosis, repair, synthesis, and anonymization.
Conference Paper
Full-text available
Quantitative Trust Management (QTM) provides a dynamic interpretation of authorization policies for access control decisions based on upon evolving reputations of the entities involved. QuanTM, a QTM system, selectively combines elements from trust management and reputation management to create a novel method for policy evaluation. Trust management...
Article
Full-text available
We continue to investigate the use of trust management techniques to specify dynamic policies in complex integrated service-oriented networks. For this work, we use the DoD GIG's service-oriented architecture as a focal point. In this research's initial phase, we are developing prototype dynamic trust management policy services for a service-orient...
Article
Full-text available
Trust management forms the basis for communicating policy among system elements and demands credential checking for access to all virtual private service resources—along with careful evaluation of credentials against specified policies—before a party can be trusted.
Conference Paper
CacheCard is a NIC-based cache for static and dynamic web content in a way that allows for implementation on simple devices like NICs. It requires neither understanding of the way dynamic data is generated, nor execution of scripts on the cache. ...
Article
Full-text available
Using the Asynchronous Transfer Mode (ATM) network infrastructure of the AURORA Gigabit Testbed§, we were able to carry out a trial of interactive distance learning. The trial used teleconferencing hardware which converts NTSC television and audio signals to and from ATM cells. This hardware connected the Bellcore VideoWindow(TM) with other apparat...
Article
Using the Asynchronous Transfer Mode (ATM) network infrastructure of the AURORA Gigabit Testbed, we were able to carry out a trial of interactive distance learning. The trial used teleconferencing hardware which converts NTSC television and audio signals to and from ATM cells. This hardware connected the Bellcore VideoWindow(TM) with other apparatu...
Article
The Internet enables global sharing of data across organizational boundaries. Distributed file systems facilitate data sharing in the form of remote file access. However, traditional access control mechanisms used in distributed file systems are intended for machines under common administrative control, and rely on maintaining a centralized databas...
Article
Full-text available
MOSAIC constructs new overlay networks with desired characteristics by composing existing overlays with subsets of those attributes. Thus, MOSAIC overcomes the problem of multiple network infrastructures that are partial solutions, while preserving deployability. Composition of control and/or data planes is possible in the system. MOSAIC overlays a...
Conference Paper
Full-text available
Overlaynetworkscreatenewnetworkingservicesacrossnodes that communicate using pre-existing networks. MOSAIC is a unified declarative platform for constructing new overlay networks from multiple existing overlays, each possessing a subset ofthe desirednew network's characteristics. MOSAIC overlays are specified using Mozlog, a new declarative lan- gu...
Chapter
This chapter reports on our experiences with POSSE, a project studying “Portable Open Source Security Elements” as part of the larger DARPA effort on Composable High Assurance Trusted Systems. We describe the organization created to manage POSSE and the significant acceleration in producing widely used secure software that has resulted. POSSE’s two...
Article
Today, the most effective mechanism for remedying shortcomings of the Internet, or augmenting it with new networking capabilities, is to develop and deploy a new overlay network. This leads to the problem of multiple networking infrastructures, each with independent advantages, and each developed in isolation. A greatly preferable solution is to ha...
Article
Full-text available
We present a unified, extensible data-centric mobility infras-tructure based on declarative networks and composable dis-tributed views over network, router, and host state. Declar-ative networks are a recent innovation for building extensi-ble network architectures using declarative languages. The data-centric approach both improves flexibility ove...
Article
Maximizing local autonomy by delegating functionality to end nodes when possible (the "end to end" design principle) has led to a scalable Internet. Scalability and the capacity for distributed control have unfortunately not extended well to resource access-control policies and mechanisms. Yet management of security is becoming an increasingly chal...
Conference Paper
Full-text available
Routing protocols for wireless sensor networks must address the challenges of reliable packet delivery at in- creasingly large scale and highly constrained node re- sources. Attempts to limit node state can result in unde- sirable worst-case routing performance, as measured by stretch, which is the ratio of the hop count of the selected path to tha...
Conference Paper
Health monitoring, automated failure localization and diag- nosis have all become critical to service providers of large distribution networks (e.g., digital cable and fiber-to-the- home), due to the increases in scale and complexity of their offered services. Existing automated failure diagnosis solu- tions typically assume complete knowledge of n...
Article
Full-text available
Diffuse computing is concerned with managing and maintaining a computational infrastucture that is distributed among many heterogeneous nodes that do not trust each other completely and may have differing incentives, needs, and priorities. As commercial, academic, civilian, government, and military systems become increasingly diffuse, the challenge...
Article
Increases in scale, complexity, dependency and security for networks have motivated increased automation of activities such as network monitoring. We have employed technology derived from active networking research to develop a series of network monitoring systems, but unlike most previous work, made application needs the priority over infrastructu...
Chapter
Application-Private Networks extend the range of dynamics for protocol architectures by dynamically selecting protocol elements to meet application requirements in the face of dynamic conditions. Such a network architecture is not only desirable, it is technically achievable within the next decade. A broad range of new network uses would thereby be...
Article
Full-text available
The responsiveness of networked applications is limited by communications delays, making network distance an important parameter in optimizing the choice of communications peers. Since accurate global snapshots are difficult and expensive to gather and maintain, it is desirable to use sampling techniques in the Internet to predict unknown network d...
Article
Full-text available
The Internet enables global sharing of data across organizational boundaries. Traditional access control mechanisms are intended for one or a small number of machines under common administrative control, and rely on maintaining a centralized database of user identities. They fail to scale to a large user base distributed across multiple organizatio...
Chapter
This chapter reports on our experiences with POSSE, a project studying “Portable Open Source Security Elements” as part of the larger DARPA effort on Composable High Assurance Trusted Systems. We describe the organization created to manage POSSE and the significant acceleration in producing widely used secure software that has resulted. POSSE’s two...
Conference Paper
Full-text available
Network devices have become significantly more complex in recent years, with the most sophisticated current devices incorporating one or more general-purpose CPUs as part of their hardware. The need for such processing capability is motivated by the desire to move greater amounts of functionality, of ever-increasing complexity, from the host CPU to...
Article
Mobile wireless devices have intermittent connectivity, sometimes intentional. This is a problem for conventional Mobile IP, beyond its well-known routing inefficiencies and deployment issues. DHARMA selects a location-optimized instance from a distributed set of home agents to minimize routing overheads; set management and optimization are done us...
Chapter
This chapter reports on our experiences with POSSE, a project studying “Portable Open Source Security Elements” as part of the larger DARPA effort on Composable High Assurance Trusted Systems. We describe the organization created to manage POSSE and the significant acceleration in producing widely used secure software that has resulted. POSSE’s two...
Article
Many P2P lookup services based on distributed hash tables (DHT) have appeared recently. These schemes are built upon overlay networks and ignore distance to the target resources. As a result, P2P lookups often suffer from unnecessarily long routes in the underlay network, which we call overlay dilation. This paper proposes a new scheme for resource...