|
Experience |
April 98 - Present Microsoft Redmond, WA Founder CyberSecurity & Systems Mgmt Group (Research April 2002 - Current) Founded the
Microsoft Research CyberSecurity and Systems
Management research group realizing that major breakthroughs would be
required to address the malware threats and manageability costs of running
large data centers. This required foresight of critical and urgent technology
problems impacting the company’s core business, creating a strategy for
addressing these problems to obtain executive funding and establishing
alliances with strategic cross-division groups to productize our
technologies. Critical to the group’s success has been recruiting top talent
to fill key roles and establish a group culture inspiring innovation and
focusing on measurable incremental deliverables. The group has grown to 11
people with 20+ publications and 10 completed technology transfers to
Microsoft products listed below:: Strider
Troubleshooter (2002) –
This project focused on identifying a black-box method for
troubleshooting configuration problems on Windows systems. This work was
published at DSN’03,
won Best Paper
at LISA’03 , and inspired the Peer Pressure, PC
Fragility, and Computer
Genomics projects. Malware
Detection (2003) –
Troubleshooting problems, we found that a growing number of issues were
caused by spyware and rootkit infections. This
project focused on identifying black-box techniques for identifying malware
to eliminate the costly manual human collection and classification process
required by traditional signature based solutions. We also investigated what
the worst possible malware infection could be so we could begin developing
techniques to combat it. This work was published at LISA’04,
DSN’05,
and Oakland’06. LUA Troubleshooter
(2004) – Processes
running with elevated privileges unnecessarily expose a system to hackers.
However, identifying why these privileges are needed is extremely difficult
for experienced developers due to complexity caused by software layers. We
created a black-box troubleshooter that identifies the specific action
requiring elevated privileges with extremely low false +/-. This work was
published at NDSS’05,
shipped with Application
Compatibility Toolkit v5.0 as the User Account Control Compatibility Evaluator (UACCE) / Standard User
Analyzer (SUA), and this work formed the basis for the design of Systems Center Operations
Manager ‘s Run As feature. Flight Data
Recorder (2004) –
Troubleshooting, securing, and managing systems all fundamentally require
a comprehensive understanding of who/what/when/how data is used and modified
by the programs and users of a system. FDR was developed to address these
problems by auditing the 10-100’s of millions of daily interactions with
virtually no overhead, and centrally analyze 1000’s of daily logs in real
time on a single server. This work was published at LISA’04, ICAC’04,
SigMetrics’06, OSDI’06,
LISA’06, and ;Login:
4/07. This technology has shipped
as part of Windows
Vista, Application
Compatibility Toolkit v5.0 as part of the Setup Analysis Tool and the Update
Compatibility Evaluator(UCE), deployed on 1000’s of production servers in
MSN as part of LiveOps internal release, and
deployed on 1000’s of desktops as part of an internal compliance solution. HoneyMonkey: Malicious Web Site Detector (2005) – To eliminate the spread of malware
infections, we created a system that scanned the Internet looking for
malicious web sites. Identifying the malicious sites enabled us to block them
in proxies and firewalls and to collaborate with law enforcement agents to
have them shutdown and the owners investigated. This work was published at NDSS’06,
and released as an internal Microsoft service. SuperStrider (2006) –
Online services are increasingly being targeted by scammers who profit by
polluting search results with SPAM pages to increase their traffic, host
malicious Ads that take over the visitors machines, and profit from domain
squatting of trademark names. This project focused on identifying this
unwanted content and more importantly the people that created the content.
This work was published at SRUTI’06. Software Architect (Microsoft Operations Manager April 00 - April 02) § Leading the Server Manager ‘core’ team, responsible for product architecture, integration with MOM code base, Application Center code base. Led a team of 10+ developers to build the base of server manager, and maintain the SWAT, QFE, SP work related to MOM. Participated in customer sales calls for large accounts as the technical point person, and helped architect deployments of our management product. Drove the security efforts in server manager for secure distributed environments, cross forest / cross platform issues, and implementation / use of roles and secure coding practices. § Led the MOM development team through the ‘MOM 2000’ product cycle. Responsible for architecture, public API, Net IQ technical relationship, managing the Net IQ virtual team (10 dev) running the Microsoft development team (6 DEV), and contributing to business / technical decisions. Presented to the field in airlifts and at Tech Ed for product readiness. Also contributed deeply as a developer coding key technical problems, and participating as a top bug closer for customer and product issues. § Design / Implement the next generation MOM product leveraging NGWS technologies. (Windows Datacenter Sept 99 - April 00) § Worked on the Headless management functionality in Windows 2003 product, encompassing automated /remote / programmatic exposure of data / events / functionality from running and non-running machine states for XML based interaction over red port. § Architect “Virtual Node” infrastructure for lights out data center interaction with server farms in a scale out environment. § Design / Develop core infrastructure for “service chain” discovery, tracking, monitoring, administration to facilitate end-to-end QoS, and policy based management. § Design / Implement event log analysis tools. (Java VM team April 98- Sept 99) § Developed Java implemented Enterprise applications (using COM/DCOM, MTS, MSMQ, ADSI, J/Direct, Office, IE, and NT Server) that fully utilized the Microsoft VM, and integrated the Microsoft platform, services and BackOffice applications. Worked with other developers to optimize support for large scale, long running, and full featured server applications. § Led the Java effort to ensure comprehensive coverage of COM integration with the Microsoft VM, product integration and COM integration with MTS, MSMQ and ADO. Covered in detail the areas of COM threading, implementing NT Services, custom class factories DCOM, and Windows Integration. § Worked with external customers and support engineers to solve Java and COM related problems. Provided Java and COM expertise on external and internal projects. § Evaluated the SDK for Java and worked with the developers and managers to understand areas where improved samples and documentation would be an asset to external Java developers. Spearheaded projects for adding new features to the Microsoft VM and Java SDK. Worked with Program Managers from the product groups across Microsoft to expose Microsoft technologies through Java. |
|
||||
|
|
June 97 - April 98 Manage.com (now Cogency Software) Lead Engineer § Architected network management software capable of intelligent discovery, analysis, fault/performance/historical monitoring of application/system/network levels. Implemented core components using Sun/Microsoft Java, J/Direct, Java/COM, Voyager, Servlets, PSE Pro. § Led the development team and offshore consulting for the implementation of the company’s Flagship Network Management application. § Evaluated and made product partnership and development decisions related to Java based GUI APIs, databases, and communication packages using my experience with ObjectSpace/Voyager, JavaSoft RMI, IBM/Aglets, ObjectStore/PSE, Neuron Data/JAdvisor, Advent/SNMP, Cisco/SNMPOnJava, Rogue Wave/JWidgets, JFC, KLG/BWT, Neuron Data/PresenterJ, Microsoft/AFC. § Designed/implemented/managed project plans for off site programming staff and managed the project. Responsible for integration of all project components developed locally and overseas. § Object database schema design and implementation for system/application/network objects containing real time and historical data. § Defined performance/quick status/on demand rules for network/system/application management. § Leveraged non-Java system resources through use of J/Direct and JNI, for promiscuous mode packet grabbing, native user administration, native process/daemon monitoring, and controls to develop cross platform remote monitoring/administration applications. |
|
|||||
|
|
1996 - 1997 Cisco Systems San
Jose, Software Engineer § Evaluated upcoming Java technologies such as Java Beans, Servlets, Aglets, RMI, CORBA, JMAPI, Java Spaces, and Voyager for use in network management applications. Redesigned Cisco View from an open-ended data driven TCL program to a Java based client/network application and built a working prototype illustrating all interactions and functionality. Contributed to the development of a modular application framework for Cisco by defining models for interaction and component modularity. § Completed the Cisco View 4.0 ship cycle and laid the ground work for the next version. Designed backend network management server applications that function as standalone applications and integrate with larger enterprise application offerings. Played an active role in implementing the final product and setting its direction. § Used
my background in networking and knowledge of network protocols to develop GUI
representations of abstract network concepts, and define functionality of new
network applications. Evaluated what
information needs to be monitored in Performance, Fault, and Troubleshooting
applications. This work lead to the web based version of Cisco
View, later called § Explained designs, ideas, and recommendations in comprehensive engineering documents and presented research findings and architectural proposals to my peers and for the company at large. Led design meetings and interacted with relevant people and business units to acquire information and resources. |
|
|||||
|
|
1996 MFS Global
Network Services San Jose, Network Engineer § Designed and implemented a network management scheme for the MFS Network using SNMP polling and traps to acquire network information from ATM, FDDI, Ethernet, Token Ring, Frame Relay protocols, transport layer information such as SONET, DS1, DS3, E1, E2, PLCP as well as device characteristics such as power supply failures. § Developed a method of integrating the MFS data network with other phone companies to encompass management of all devices along the customer network path. Developed a strategy for acquiring and presenting customer network statistics. Created software to perform specific network management tasks where existing software is unable to satisfy the requirements. § Established and maintained a Sybase database for storing customer network statistics. Created proprietary programs using TCL/Tk/Perl/SybPerl/C++ for performing asynchronous polling and SQL database insertions as well as automatic WWW report generation. Created tools for network planning to use in determining the state of the network including load, topology, and customer size. § Evaluated network devices such as Stratacom, Cascade and GDC switches; DL3200, Wellfleet/Bay Networks, NetEdge and Orion edge devices; Cisco and Xyplex packet routers and terminal servers for robustness and manageability. This required development of experiments to test the limits of devices, and running the experiments in a lab environment using an HP SONET/DS3 Traffic Generator, a network protocol analyzer and polling software I created to run the tests. Developed a configuration standard and management standards for these devices. § Evaluated network software for usefulness, applicability and robustness with respect to the MFS network. Determined machine and manpower requirements and provide recommendations as to how to implement software solutions. Implemented network management packages by acquiring the necessary hardware, configuring the system and presenting the package to Tier 2 support in the network control center. Educated tier two support on using and maintaining the products. § Provided tier three support for customer network problems. This typically involves debugging network devices and working directly with vendors to develop a patch for the problem. |
|
|||||
|
|
1994–1996 Teer Technology Winnipeg, President § Software Development/Network consulting for C/C++, TCL/TK, Perl, HTML and Java 1.0 business application development, UNIX/NT network installation, debugging, troubleshooting and network planning. § Configured customer networks for Internet access, providing software, hardware, and support. § Presented hands on tutorials for customers covering e-mail, gopher, news and the world wide web. |
|
|||||
|
Education |
1991–1996 University of Manitoba Manitoba, Canada § Bachelor of Science in Electrical Engineering § Graduate coursework studying ATM switches and communication protocols. § Thesis "ATM Network Management Using SNMP." § ITIL certified |
|||||
|
Awards |
§ Corporate Bench Program, 2006 § Microsoft Gold Star Award, 2005 § Microsoft Gold Star Award, 2004 § Microsoft Gold Star Award, 2002 § Microsoft Gold Star Award, 2001 § Best Paper Award, 17th Usenix Large Installation System Administration (LISA) Conference, 2003 |
|||||
|
Publications |
§
Chad
Verbowski, “The
Secret Lives of Computers Exposed: Flight Data Recorder for Windows,” to
appear in ;login: The Usenix
Magazine, April 2007, Volume 32, Number
2 § Chad Verbowski, Juhan Lee, Xiogang Liu, Roussi Roussev, Yi-Min Wang, “LiveOps : Systems Management as a Service,” to
appear in Proc. Twenthieth Symposium on Large Installation System Administration
(LISA), 2006 |
|||||
|
§ (MOM)
Rules and Scripting presentation slides
from Tech Ed 2001 MGT307 talk. § (MOM)
Integration and Connectivity presentation slides
from Tech Ed 2001 MGT308 talk. § MOM Architecture presentation slides
from Tech Ed 2001 MGT401 talk. § (MOM)
Management Packs presentation slides
from Tech Ed 2001 MGT402 talk. § Webcast Presentation of the Strider Patch Management Toolkit. (slides) § Systems Administration: Drowning in Management Complexity, Invited Talk at Lisa’06 |
||||||
|
|||||||