David Kotz's papers (by topic) and research summaries
Thu Sep 29 10:23:01 EDT 2016

My current research interests include wireless networks, wireless security, sensor-network security, and security and privacy issues in pervasive computing. Below is a list of my papers. For a more formal listing, see my vita. For a fun social-network view of my collaborative network, see Arnetminer. For free access to ACM-published content, you can also reach them through this page (generated by ACM Author-izer service, October 2011).

View this paper list by topic , by publication type , alphabetically , chronologically .

You can also search the papers by keyword.

Here, the papers are divided into several categories. Within each topic, the papers are in reverse-chronological order.

  • Mobile healthcare (mHealth) security and privacy [2009-date] [Active project]
  • Security and privacy in sensor systems (AnonySense system) [2006-2009]
  • Context-sensitive authorization [2002-08]
  • Middleware for pervasive computing (Solar project) [2000-08]
  • Security - intrusion analysis tools (Kerf project) [2003-05]
  • Security - delegation (Snowflake project) [1997-2001]
  • Mobility modeling [2005-07]
  • Mobility prediction [2002-07]
  • Wireless-network testbed (DIST project) [2007-2011]
  • Wireless-network security (MAP project) [2004-08]
  • Wireless-network usage characterization [2002-08]
  • Wireless-network trace anonymization (NetSANI project) [2009-date]
  • Wireless-network trace archive (CRAWDAD project) [2005-date] [Active project]
  • Wireless mesh networks [2007-08]
  • Wireless mobile ad hoc networks (MANET) [2003-07]
  • Mobile agents (D'Agents system) [1994-2002]
  • Market-based resource control [1997-2003]
  • Parallel I/O (Armada project) [2001-06]
  • Parallel I/O (Galley project) [1994-98]
  • Parallel I/O (CHARISMA project) [1994-96]
  • Parallel I/O (STARFISH project) [1994-97]
  • Parallel I/O (RAPID-Transit project) [1988-93]
  • Parallel I/O (other) [1991-2002]
  • Single-address-space operating systems (SASOS) [1993-96]
  • Education (DAPPLE project) [1990-96]
  • Other papers

  • Mobile healthcare (mHealth) security and privacy [2009-date] [Active project]

    In these projects we focus on the security and privacy issues that arise when wearable and portable devices are used for health monitoring and management. These devices support long-term medical monitoring for many purposes: for patients with chronic medical conditions (such as blood-glucose sensors for diabetics), for people seeking to change behavior (such as losing weight or quitting smoking), or for athletes wishing to monitor their condition and performance. The resulting data may be used directly by the person, or shared with others: with a physician for treatment, with an insurance company for coverage, or by a trainer or coach. Such systems have huge potential benefit to the quality of healthcare and quality of life for many people. Our projects focus on wearable and mobile technologies being used by patients or clinical staff, and address issues of data integrity and authenticity, person identification and authentication, and ultra-low-power wearable mHealth devices.

    In our part of the THaW and Amulet projects, and earlier in the SHARPS and TISH projects, we seek to develop novel systems that can support the collection of medically-relevant sensor data on personal devices, notably smart phones and wearable devices, with an emphasis on data security and patient privacy.

    In two completed projects, the Intel-funded SenseMed project and the NSF-funded PC3 project, we sought methods to assess confidence in sensor data, and methods to verify whether the sensor data is indeed coming from the correct patient.


    Faculty (Dartmouth, current): John Batsis, Ryan Halter, Sarah Lord, Lisa Marsch, Kofi Odame, Xing-Dong Yang.
    Faculty (Dartmouth, former): Denise Anthony, Joseph Belbruno, Ethan Berke, Lorie Loeb, Sue Tanski.
    Staff (Dartmouth): Joseph Skinner, Ron Peterson.
    Students & postdocs (Dartmouth): Shengjie Bi, George Boateng, Emily Greene, Taylor Hardin, Rui Liu, Varun Mishra, Travis Peters, Tim Pierson, Gunnar Pope, Reza Rawassizadeh, Peter Wang, Emily Wechsler.
    Students & postdocs (former): Eric Chen, Cory Cornelius, Alex Della Pia, Shloka Kini, John Kotz, Adam Labrie, Rebecca Lau, Janet Kim, Tina Ma, Zach Marois, Andrés Molina-Markham, Rima Murthy, Emma Oberstein, David Rozenfeld, Isaiah Sarju, Sophie Sheeline, Emma Smithayer, Rianna Starheim, Lucy Tantum, Sofiya Taskova, Bingyue Wang, Tianlong Yun.
    Collaborators (elsewhere): Kelly Caine (Clemson), Kevin Fu (UMich), Carl Gunter (UIUC), Steven Hearndon (Clemson), Josiah Hester (Clemson), Xiaohui Liang (UMass Boston), Byron Lowens (Clemson), Shrirang Mare (UW), Vivian Motti (GMU), Aarathi Prasad (Amherst), Avi Rubin (JHU), Jacob Sorber (Clemson).
    Collaborators (former): Sasikanth Avancha (Intel Labs), Amit Baxi (Intel Labs), Benjamin Buck (Clemson), Guanling Chen (UMass Lowell), Tanzeem Choudhury (Cornell), Kevin Freeman (Clemson), Bhargav Golla (Clemson), Apu Kapadia (Indiana University), Kolin Paul (IIT Delhi), Sanjiva Prasad (IIT Delhi), Anand Rajan (Intel Labs), Ashutosh Sabharwal (Rice), Manoj Sastry (Intel Labs), Minho Shin (Korea), Tim Stablein (Union College), Mark Yarvis (Intel Labs).

    Funded by the NSF Secure and Trustworthy Computing (SaTC) program (Award 1329686) and by the NSF Computer and Network Systems program (CSR) (Award 1314281).
    Past funding from the NSF Trustworthy Computing program (Award 0910842), from the NSF IIS program (Award 1016823), from the NSF Computer and Network Systems program (PC3) (Award 1143548), from HHS-ONC through the SHARP program (see SHARPS website), the Department of Homeland Security (DHS-NCSD) through ISTS, and from the Intel University Research Council.


    Security and privacy in sensor systems (AnonySense system) [2006-2009]

    Pervasive computing, often known as ubiquitous computing, is touted as the future in which computing devices become so embedded in our everyday lives that they are pervasive--- throughout our homes, workplaces, public spaces, and even woven into our clothing or embedded into our body. These systems raise significant challenges regarding security and privacy.

    We developed the AnonySense system, which includes novel mechanisms for the anonymous collection of sensor data from people who volunteer their cell phones as part of a distributed sensing platform, addressing a key challenge in the important area of participatory and opportunistic urban sensing, and developed a novel interface to allow people to specify how sensor data about them might be shared with others. To evaluate this work, we measured system performance in terms of bandwidth and power consumption, conducted a user study, and used large wireless-network traces from the Dartmouth campus. We also developed a method for access control called virtual walls, which is an intuitive method for controlling access to contextual sensor data.

    People: Denise Anthony, Cory Cornelius, Jeff Fielding, Tristan Henderson, Apu Kapadia, Dan Peebles, Minho Shin, Nikos Triandopoulos, and Patrick Tsang.
    Part of the MetroSense project and the PLACE project.
    Funded by the Department of Justice (BJA), the Department of Commerce (NIST), and the Department of Homeland Security (DHS-NCSD) through ISTS.


    Context-sensitive authorization [2002-08]

    We developed a theory and implementation of context-sensitive authorization, the first distributed approach that respects confidentiality and integrity goals. In context-sensitive authorization systems, the authorization policies (e.g., for access to physical resources like a room or virtual resources like a database) depend on the context (e.g., location or activity) of the person requesting access to the resource. Our work recognizes that the sources of context information are inherently distributed, and that the context used (such as a person's location) is sensitive information that must remain confidential. Our techniques allow an authorization query to be evaluated in a distributed fashion while respecting confidentiality and integrity policies imposed by the many parties involved.

    People: Kazuhiro Minami.
    Funded by DARPA, and DHS (through ISTS).


    Middleware for pervasive computing (Solar project) [2000-08]

    Successful pervasive-computing systems allow their applications to be aware of the context in which they execute, or the context of the applications' users. For example, an application may behave differently when its user is at home than at the office, or outdoors; alone, or with other people; driving or eating or walking. We developed the Solar system, a comprehensive middleware framework for the development of context-aware applications. Solar is based on a publish-subscribe model, allowing applications to subscribe to streams of events carrying context data. The applications may deploy a distributed network of operators that transform raw sensor data, as published by sources, into the desired context. Through a novel context naming system, applications can identify the desired sources, which themselves may be named output of a tree of operators that aggregate many other sources. A key novelty in this naming system is that names are context-sensitive; for example, an application may subcribe to "photographs from a camera in the same location as Mary Smith," and have the source of events transparently change as Mary Smith moves about.

    The Solar work also contributed novel methods for data-flow management, recognizing that some sensor-based context systems may produce far more data (events) than can be carried by an underlying wireless network or can be consumed by operators and applications. Two contributions of Solar, therefore, include a mechanism for filtering data at the context source in a way that recognizes the overlapping goals of the many subscribers to the source, and an inline filtering and summarization technique that manages the flow of events through the Solar system.

    The SOLAR web site has lots more information, including downloadable code.

    People: Guanling Chen, Adrian Hartline, Ming Li, Chris Masone, Arun Mathias, Kazuhiro Minami, Cal Newport, Jue Wang, Abe White, Lin Zhong.
    Funding: DARPA, DoD MURI, Microsoft Research, Cisco Systems, and USENIX; DHS and DOJ (BJA) through ISTS.


    Security - intrusion analysis tools (Kerf project) [2003-05]

    Kerf (formerly known as Sawmill) is a set of tools designed to help system administrators analyze intrusions in their network. Our tools collect host and network log data in secure databases, allow administrators sophisticated searches using our SQL-language variant (SawQL, pronounced saw-kwill), and present the results through a browsable graphical interface. The Kerf web site has lots more information, papers, and downloadable code.

    People: Jay Aslam, Sergey Bratus, Marco Cremonini, Kevin Mitcham, Ron Peterson, Daniela Rus, Brett Tofel, and students Kyle Smith, Virgil Pavlu, and Wei Zhang.
    Funding: DHS Science and Technology Directorate [details].


    Security - delegation (Snowflake project) [1997-2001]

    We tackled the problem of naming and sharing resources across administrative boundaries. In the Snowflake project, we developed a theory and implementation for restricted delegation, building on the classic "speaks-for" relation that forms the foundation of many authorization logics. In Snowflake, principals can delegate authority to other principles, but in a limited way; in earlier work, it was only possible for a principal to delegate all of its authority. The work is theoretically well-founded and yet practical to implement.

    People: Jon Howell.
    Funding: USENIX Association.


    Mobility modeling [2005-07]

    Much research in mobile computing, including many papers on ad hoc networks, wireless networks, and pervasive computing, evaluate their proposed systems or algorithms through simulation; since they deal with mobile devices, the simulation includes a mobility model. Most such research, unfortunately, use woefully inadequate models based on random-walk behavior ("random waypoint" and similar models). Building upon traces collected from Dartmouth's wireless network, we derived mobility models and parameters that more closely match the mobility behaviors of real users.

    People: Minkyong Kim, Jeff Fielding, Songkuk Kim.
    Funding: Cisco, NSF, and Dartmouth College.


    Mobility prediction [2002-07]

    Leveraging Dartmouth's collection of wireless-network data, we developed and evaluated methods to predict the next access point where a Wi-Fi device is likely to associate, based on its past history. There was a lot of prior work that provides nice theoretical results; our papers were the first to evaluate all those algorithms with real mobility data. The results show that the more sophisticated algorithms do not provide any substantial advantage, and that simple predictors suffice.

    People: Libo Song, Udayan Deshpande, Ravi Jain, Ulas Kozat, and Xiaoning He.
    Funding: DoCoMo Labs USA, Department of Justice (BJA) through ISTS.


    Wireless-network testbed (DIST project) [2007-2011]

    We developed the Dartmouth Internet Security Testbed (DIST), a large-scale deployment designed to support research on wireless-network security challenges. The Institute for Security Technology Studies (ISTS), in collaboration with Dartmouth's Peter Kiewit Computing Services, deployed this integrated testbed comprising a wireless-network measurement infrastructure and a suite of Wi-Fi capable mobile devices. This project built on the technology of the MAP project, and supports the work done in the NetSANI project.

    People: Chrisil Arackaparambil, Sergey Bratus, Mike Locasto, Anna Shubina, Keren Tan, Punch Taylor, and Bennet Vance (Computer Science); Frank Archambeault, Paul Schmidt (Computing Services); Guanling Chen and Bo Yan (UMass Lowell); and Chris McDonald (Univ. Western Australia).
    Funded by the Department of Homeland Security (NCSD) through ISTS.


    Wireless-network security (MAP project) [2004-08]

    Wireless networks are pervasive, but concerns remain about their security. In the HSARPA-funded project MAP (Measure, Analyze, Protect) we developed methods for large-scale monitoring and real-time analysis of Wi-Fi network traffic to identify attacks on the network. Specifically, the MAP effort focused on attacks that disable the network, denying access to legitimate clients or reducing the quality of their network performance. The MAP papers provide effective mechanisms for sampling network traffic using sniffers placed throughout the enterprise, a new way to detect whether a given client MAC address is being "spoofed" by an attacker node, and new methods for active fingerprinting of wireless devices.

    People: Andrew Campbell, Guanling Chen, Udayan Deshpande, Tristan Henderson, Michael Locasto, Chris McDonald, Yong Sheng, Keren Tan, Bennet Vance, Joshua Wright, Bo Yan, Hongda Yin.
    Funded by the Department of Homeland Security (HSARPA).


    Wireless-network usage characterization [2002-08]

    Wireless 802.11 (Wi-Fi) networks have become universal. In 2001, however, there were few large deployments and Dartmouth was one of the first universities to deploy a campus-wide Wi-Fi network. In 2001-02 we conducted the largest-ever characterization effort on a wireless network. In the initial effort he captured statistics and network traces from over 476 access points spread over 161 buildings at Dartmouth College, capturing the activity of nearly two thousand users. We repeated the data-collection effort two years later and were able to measure trends and changes in network activity, as well as adding a new focus on VOIP and P2P traffic and on user mobility. We released the data, and ultimately founded CRAWDAD.org, a "Community Resource for Archiving Wireless Data at Dartmouth".

    People: Ilya Abyzov, Denise Anthony, David Blinn, Guanling Chen, Kobby Essien, Jeff Fielding, Tristan Henderson, Pablo Stern.
    Funded by Cisco Systems, Dartmouth College, DoCoMo USA Labs, and Intel Corporation, and somewhat by Department of Justice (BJA) through ISTS.


    Wireless-network trace anonymization (NetSANI project) [2009-date]

    The NetSANI project aims to increase network-trace sharing by making it safer and easier to sanitize network traces (remove sensitive information). Sanitization always involves a challenging trade-off between sanitization effectiveness (providing anonymity for network users and secrecy for network operational information) and research usefulness (since only the information retained can be used by the researcher).

    To this end, we are developing NetSANI (Network Trace Sanitization and ANonymization Infrastructure), a flexible and extensible suite of software tools for sanitizing network traces, based on user-specified sanitization goals and user-specified research goals.

    In the process we have also conducted some anonymization (and de-anonymization) research.

    People: Keren Tan, Chris McDonald, Jihwang Yeo, Phil Fazio, and Guanhua Yan.
    Funded by the National Science Foundation Cyber Trust Award CNS-0831409.


    Wireless-network trace archive (CRAWDAD project) [2005-date] [Active project]

    We founded CRAWDAD.org, a "Community Resource for Archiving Wireless Data at Dartmouth", to collect and distribute traces of wireless-network activity or locations of mobile devices. This archive stores wireless trace data from many contributing locations. We work with community leaders to ensure that the archive meets the needs of the research community, and work with research organizations and corporations to ensure continuing support for the archive.

    People: Tristan Henderson, Jihwang Yeo, Anna Shubina, Chris McDonald, and several undergraduate students.
    Funded by ACM SIGMOBILE.
    Funded previously by the National Science Foundation (CISE) through CRI Award 0454062, with gifts from Aruba Networks and Intel Corporation, and financial support from ACM SIGCOMM.


    Wireless mesh networks [2007-08]

    Wireless mesh networks provide Wi-Fi service to mobile clients, much like an infrastructure wireless network, but the backhaul connection between access points is itself an ad hoc wireless network. One large challenge in mesh networks is management. We developed the MeshMon system, which can inform a sysadmin about the health of the mesh network and help diagnose any problems with the network.

    People: Soumendra Nanda.
    Funded by the Department of Justice (BJA) through ISTS.


    Wireless mobile ad hoc networks (MANET) [2003-07]

    Mobile ad hoc networks (MANET) have been a subject of frequent study. Most researchers evaluate their systems and algorithms using simulation--- but most such simulations depend on models of the physical layer that are overly simplistic. We evaluated the relative performance of MANET simulations and MANET experiments. In the process, we identified the common assumptions made in MANET research and quantitatively showed how simulation results will not match reality unless good models are used. We conducted the largest-ever outdoor experiment with multiple routing algorithms, and developed new ways to drive a simulator with conditions that match those in the experiment.

    People: Calvin Newport, Yougu Yuan, Robert S. Gray, Jason Liu, Chip Elliott, David M. Nicol, Nikita Dubrovsky, Aaron Fiske, Christopher Masone, Susan McGrath, and Luiz Felipe Perrone.
    Funding: DOD, AFOSR, DARPA, and DHS (through ISTS).


    Mobile agents (D'Agents system) [1994-2002]

    Mobile agents are software programs that can move from host to host at times and to places of their own choosing. They are a form of active mobile code that open up new possibilities in distributed computing. Our team created Agent Tcl, one of the first comprehensive mobile-agent software platforms in the research community. In a five-year DARPA-funded effort we transformed Agent Tcl into D'Agents, which supported Java and Scheme as well as the Tcl programming languages, and which enabled our research on performance aspects of mobile code, the security challenges in mobile code, and market-based control of mobile agents and distributed systems.

    The D'Agents web site has lots more information, and downloadable code.

    People: Professors George Cybenko, Bob Gray, and Daniela Rus, and many others.
    Funding: AFoSR, AFRL, ONR, DoD MURI, DARPA [details].


    Market-based resource control [1997-2003]

    The concept of market-based resource control is to use economic principles to drive resource management in distributed systems. We developed novel mechanisms for mobile agents to compete for resources in a distributed system of agent hosts; the relative budget provided to different agents provided them differing priority, and yet the agents' ability to bid for computing time at various hosts provided dynamic adaptation to load and load distribution.

    People: Daniela Rus, Jon Bredin, and collaborators at UIUC (Rajiv T. Maheswaran and Çagri Imer and Tamer Basar).
    Funding: DARPA.


    Parallel I/O (Armada project) [2001-06]

    Large parallel computing systems, especially those used for scientific computation, consume and produce huge amounts of data. To provide the necessary semantics for parallel processes accessing a file, and to provide the necessary throughput for an application working with terabytes of data, requires a multiprocessor file system.

    We developed the Armada parallel file system. The point of Armada is to allow a programmer more flexibility in specifying how data could flow from a set of I/O nodes to a set of computation nodes, in the context of large-scale computational grids. In these grids, network latency is significant, and it is important to pipeline the data flow. Armada allows the programmer to specify the data-transformation operators between the computation nodes and the I/O nodes, and internally optimizes the structure before automatically deploying the operators to intermediate nodes.

    For more information see the Armada web page.

    People: Ron Oldfield.
    Funding: DOE (Sandia National Labs).


    Parallel I/O (Galley project) [1994-98]

    Large parallel computing systems, especially those used for scientific computation, consume and produce huge amounts of data. To provide the necessary semantics for parallel processes accessing a file, and to provide the necessary throughput for an application working with terabytes of data, requires a multiprocessor file system.

    We developed the Galley parallel file system, which demonstrated the power of a split-level interface: a low-level interface that allowed efficient data transfers and in particular the ability of I/O nodes in a multiprocessor to execute some of the file-system code, and a set of high-level interfaces that may be specific to a programming language or application domain and thus most convenient for the programmer.

    For more information see the Galley web page.

    People: Nils Nieuwejaar.
    Funding: NSF, NASA.


    Parallel I/O (CHARISMA project) [1994-96]

    Large parallel computing systems, especially those used for scientific computation, consume and produce huge amounts of data. To provide the necessary semantics for parallel processes accessing a file, and to provide the necessary throughput for an application working with terabytes of data, requires a multiprocessor file system.

    One of the big challenges facing research on parallel file systems was to develop a solid understanding of the workload: what do parallel programmers actually do with parallel file systems. We launched a cooperative effort, called CHARISMA, to collect and analyze file-system traces from multiple applications on several different file systems. The resulting papers are some of the only work to characterize production parallel computer systems.

    For more information see the CHARISMA web page.

    People: Nils Nieuwejaar, Apratim Purakayastha, Mike Best, Carla Ellis.
    Funding: NSF, NASA.


    Parallel I/O (STARFISH project) [1994-97]

    Large parallel computing systems, especially those used for scientific computation, consume and produce huge amounts of data. To provide the necessary semantics for parallel processes accessing a file, and to provide the necessary throughput for an application working with terabytes of data, requires a multiprocessor file system.

    In the STARFISH project we developed the concept of disk-directed I/O, in which the application process requested a large parallel data transfer to or from a parallel file, and then the file system arranged the transfer of information between disks and memory in a way that suited the disks' own timing. The results show strong performance benefits--- but only if suitable interfaces allow the application to make such requests known to the file system at a high level.

    For more information see the STARFISH web page.

    People: just me.
    Funding: NSF.


    Parallel I/O (RAPID-Transit project) [1988-93]

    Large parallel computing systems, especially those used for scientific computation, consume and produce huge amounts of data. To provide the necessary semantics for parallel processes accessing a file, and to provide the necessary throughput for an application working with terabytes of data, requires a multiprocessor file system.

    We developed methods for caching in parallel file systems, and in particular several novel methods for prefetching data based on the patterns observed thus far. I implemented these methods on a Butterfly GP-1000 parallel computer and validated the results through experimentation.

    For more information see the RAPID-Transit web page.

    People: Carla Ellis.
    Funding: DARPA, NSF, NASA.


    Parallel I/O (other) [1991-2002]

    Large parallel computing systems, especially those used for scientific computation, consume and produce huge amounts of data. To provide the necessary semantics for parallel processes accessing a file, and to provide the necessary throughput for an application working with terabytes of data, requires a multiprocessor file system. We created an on-line bibliography of parallel I/O papers. This annotated bibliography helped many new researchers learn about and begin research in the area of parallel I/O.


    Single-address-space operating systems (SASOS) [1993-96]

    In the mid 1990s there was a lot of interest in operating systems that used a single, large address space, made possible by the new 64-bit microprocessors, to hold all processes and persistent data. Although the concept was interesting, it required an address to be used once and then never reused. We actually measured the usage of live computer systems to get a good estimate on how quickly such an address space would be consumed.

    For more information see our SASOS web page.

    People: Preston Crow.
    Funding: NASA.


    Education (DAPPLE project) [1990-96]

    In the DAPPLE project I set out to develop a mechanism to teach parallel programming to undergraduates, indeed, to undergraduates in their second computer science course. DAPPLE is an easy-to-use extension of C++ that was used for several years in Dartmouth's computer science classes. DAPPLE was (and is) available for download and use by others.

    People: just me; early conversations with Fillia Makedon and Donald Johnson.
    Funding: NSF.

    I also collaborated with old teammates to develop a free, distributed Internet version of the ACM Programming Contests. We ran the contest for several years, involving hundreds of students around the world. Some materials are still online. This project was a lot of fun.

    People: Owen Astrachan, Vick Khera, Steve Tate.
    Funding: none.


    Other papers

    There are a few papers that do not fit into other categories.


    Maintained by David Kotz (lastname AT cs.dartmouth.edu).
    Generated automatically on Thu Sep 29 10:23:01 EDT 2016.