welcome
You've reached the homepage of Robert Watson; here you'll find some information about what I have been up to, not to mention the trouble I've gotten into. As of October, 2005, I've returned to Academia to work on a PhD at the University of Cambridge Computer Laboratory, after spending about six years in industry working in commercial and government-sponsored operating system and network security research and development.
My services are available as a private consultant and independent contractor working in operating system design and implementation, network protocol design and implementation, and systems security. You can find out more about the work I've done in open source and security research and development on this page.
You might also be interested in the web page of my wife, Leigh Denault. Currently, we live in Cambridge, UK, as Leigh and I work on our PhDs in South Asian History and Computer Science (respectively).
FreeBSD
FreeBSD is a freely available operating system based on BSD 4.4Lite from the University of California at Berkeley's Computer Systems Research Group (CSRG). I'm a member of the FreeBSD Core Team, security officer team, and release engineering team. I'm an active developer in the areas of security and file systems.
I joined the board of the FreeBSD Foundation as president in 2003; the Foundation sponsors a number of BSD-related conferences, including AsiaBSDCon, EuroBSDCon, and BSDCan, as well as several FreeBSD Developer Summits each year. If you or your company rely on FreeBSD, please consider making a donation to the Foundation to help support the developers and development effort for FreeBSD. Helping to support the developer community by sponsoring developer travel, hardware, conferences, etc, is vital to continuing the highly successful development work of the FreeBSD Project.
I founded the TrustedBSD Project (1999) and OpenBSM Project (2005), which provide trusted operating system and audit extensions on the FreeBSD platform. Significant results of this work have now been integrated into the FreeBSD, NetBSD, OpenBSD, Linux, and Mac OS X operating systems, as well as many commercial products.
Boardwatch Magazine published an interview in which I described the TrustedBSD Project, and it makes for a decent introduction. In 2006, I was interviewed by SecurityFocus regarding security event auditing in FreeBSD 6.2. In my 2005 OSNews interview on FreeBSD 6.x, I describe some of my recent work on the FreeBSD network stack. I also did an interview for the technical news site Slashdot in 2001 on TrustedBSD and other topics relating to FreeBSD and open source.
If you're running FreeBSD and have a Meteor or Bktr video card, you definitely need a copy of my AATV software to watch TV as ASCII art (thanks to the aalib folks). The interested can find boatloads of patches, presentations, etc, relating to my work on FreeBSD here, including my work on the multi-threaded, multi-processor network stack for FreeBSD 5.x and 6.x.
Coda
While at Carnegie Mellon, I worked with the Coda Project. Coda is a weak consistency distributed file system aiming for improved support for mobility and fault tolerance. I assisted in adding Kerberos support, and implemented a cryptographically secure version of Coda.
Through August 31, 2005, I worked as a Senior Principal Scientist in the Security Research division of SPARTA ISSO, which at various times has been the Advanced Research and Engineering (ARE) division of Trusted Information Systems (TIS), TIS Labs, NAI Labs, Network Associates Laboratories, and McAfee Research, since 1999. Earlier during that period I worked for the Network Security Research Group (NETSEC), but later worked in the Host Intrusion Protection (HIP) research group--for the less buzzword compliant, this means operating system security research and development.
Among various projects, I've worked on DNS Security, Active Network security, as well as a Principal Investigator on several projects, including PI on the DARPA CHATS CBOSS project, Apple's Mac OS X audit implementation for their CAPP evaluation, several DARPA-sponsored seedling research projects, and a number of sponsored research and development projects relating to NSA's SELinux/FLASK/TE technologies on FreeBSD (SEBSD) and Darwin (SEDarwin), and a project to productionize mandatory access control on the Mac OS X platform using a port of the TrustedBSD MAC Framework. Due to my work in the open source world, I have worked with a number of agencies and other organizations to help transfer new security technology via open source.
Since returning to academia, I have continued to provide consulting and contracting work in the areas of security and performance for operating and network systems. I am available for part-time work; please contact me by e-mail for information on availability and rates.
Recent publications include:
Richard Clayton, Steven J. Murdoch, Robert N. M. Watson. Ignoring the Great Firewall of China. A Journal of Law and Policy for the Information Society, Volume 3, Issue 2, Fall 2007.
Robert N. M. Watson. How the FreeBSD Project Works. In Proceedings, 2006 EuroBSDCon, Milan, Italy.
Poul-Henning Kamp, Robert N. M. Watson. Building Systems to be Shared, Securlty. ACM Queue, July/August 2004.
Sandra L. Murphy, Edward T. Lewis, Robert N. M. Watson. Secure Active Network Prototypes. In Proceedings, 2002 DARPA Active Network Conference and Exposition (DANCE'02). IEEE.
Sandra Murphy, et al. Strong Security for Active Networks. In Proceedings, OpenArch 2001.
Robert N. M. Watson. Statement for SACMAT 2001 Panel. ACM Workshop on Role Based Access Control. In proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, 2001.
Press interviews and articles include:
2007/09/16 Slashdot: Attacking Multicore CPUs
2007/09/14 The Register: Attacking Multicore CPUs: Get exploited on time
2007/08/09 Slashdot: Cambridge Researcher Breaks OpenBSD Systrace
2006/11/13 The Register: FreeBSD 6.2 nears release - Robert Watson on the new security event auditing system
2006/11/11 OSNews: FreeBSD Security Event Auditing
2006/11/10 SecurityFocus: FreeBSD Security Event Auditing
2005/06/24 Slashdot: Looking at FreeBSD 6 and Beyond
2005/06/23 OSNews: Interview: Looking at FreeBSD 6 and Beyond
2005/06/03 OSNews: TrustedBSD Status Report
2005/02/09 OSNews: FreeBSD logo design competition
2005/01/11 OSNews: Robert Watson announces IPX/SPX now MPSAFE on FreeBSD 5.x
2004/08/15 OSNews: FreeBSD: Lock Order Reversal Documentation
2003/11/01 OSNews: FreeBSD: 5.2-Release Todo
2003/10/30 Slashdot: FreeBSD, Linux Kernel Source Cross Reference
2003/09/30 OSNews: FreeBSD 4.9-RC1 Available for Testing
2003/05/18 OSNews: FreeBSD: Todo Lists for 5.1 and 5.2
2003/04/21 OSNews: UFS2 Now the Default Creation Type on FreeBSD 5.0-CURRENT
2002/05/14 OSNews: What's New in FreeBSD 5.0
2002/01/29 Slashdot: OS News Interview with Robert Watson
2002/01/29 OSNews: FreeBSD Week: Interview with Robert Watson
2001/07/09 Slashdot: $1.2M DARPA Contract for FreeBSD Security
2001/06/14 Slashdot: FreeBSD Project Updates
2001/01/12 Slashdot: Learn from Robert Watson of FreeBSD and TrustedBSD
I went to high school at the Sidwell Friends School in Washington, DC. While there, my interests lay almost exclusively in the areas of computer science and technical theatre. From around 1992 to 1995, I ran a WWIV-based BBS, my first exposure to the C programming langauge. One of the first high schools in the world to be "on the Internet", Sidwell allowed me to get involved in UNIX and IP networking at a very exciting time. You can read about my somewhat more recent experiment with porting WWIV to the FreeBSD operating system.
I received my BS in Logic and Computation with a double major in Computer Science from Carnegie Mellon University. For the last year or two there, I largely took graduate level CS courses in the area of operating systems, networking, and architecture. However, my undergraduate thesis was in the area of theoretical computer security on the logic and computation side, making use of model checking to verify properties of security policies in operating systems.
I also spent time as a visiting academic at the Computing Laboratory at Cambridge University in 1999, where I worked on tamper-resistant hardware research. In particular, I investigated power analysis of commercial embedded cryptographic hardware.
I am currently working on a PhD in the Computer Laboratory at the University of Cambridge, Cambridge, UK. My supervisors are Ross Anderson and Markus Kuhn. I'm exploring issues in the vertical integration of security through the operating system, window system, desktop environment, and applications.
E-mail works.
The most up-to-date version of my key is available from the PGP key server network.