IBM®
Skip to main content
    Country/region change    Terms of use
  
 
 
    Home    Products    Services & solutions    Support & downloads    My account    
IBM Research

My Past and Present


 

Herein lies a abbreviated history of my experiences at IBM Research, roughly in chronological order.

In the Deep, Deep, Deep Dark Past

I worked for a few summers at different IBM locations. Notably, at the IBM Cambridge Scientific Center in Tech Square (same building as MIT), and at the IBM T. J. Watson Research Center in Yorktown Heights, New York. In Cambridge I wrote APL programs for Yon Bard. I still remain in contact with Ron Frank and David Boloker. Subsequently I graduated with a B.S. in Computer Science from Union College in Schenectady, N.Y.

A Really Long Time Ago

In 1982 I became a full time IBMer, working in the Computing Systems Department. My peers included David Chess, Art Appel and Norm Brenner, among others well know to us Watson old timers. During my first 20 months at IBM I worked on three notable projects.

Auditor was an on-line monitoring system to detect and report the status of essential services, including networking and printing. Unresponsive services would be reported to operations staff or automatically restarted. There is an IBM Systems Journal article describing this work.

The Cooperative VIEWing Facility (a.k.a. CONSULT). This was an early real-time collaborative computing application. Think of it as a NetMeeting or eMeeting for mainframe users. CVIEW has been used extensively for interactive consulting services. When I wrote CVIEW, the T. J. Watson Research Center had three remote locations, but consulting services were centrally located. CVIEW was created to enable remote consulting services from a centralized location.
While CVIEW is no longer offered as a stand-alone product, its functionality has been incorporated into the Passthru Virtual Machine (PVM) product offering from IBM. Sadly, I can not find any on-line documentation for CVIEW as a reference. Although Google will turn up some references to CVIEW. I did write a technical report (ps | pdf | html). (The pdf version is missing the figures.)

XT/370 -- a mainframe on a desktop. This was a simplified IBM 370 running a slimmed down CP/CMS on a coprocessor card. I worked on the design of the terminal emulator, and wrote parts of the client-server enablement code. A couple of IBM Systems Journal articles describe the XT/370. One gives an overview of XT/370. The other describes the client-server software.

Linking It All Together

In 1983 I enrolled in graduate school at the University of Maryland, College Park. At the time, Ben Shneiderman had just created the Human Computer Interaction Laboratory (HCIL). This was in the early days of hypertext, an early area of focus for HCIL. Ben and I wrote a CACM article on Embedded Menus: Selecting Items in Context, which was later reprinted in Sparks Of Innovation in Human-Computer Interaction. I also became interested in object oriented languages and systems (SmallTalk was pretty new at that time). Also distributed systems, another hot area. There were many influential faculty members at UMCP, some of them well known (including Ben Shneiderman and the late Mark Weisser). There are too many to list. (And I fear that I will offend someone by unintentionally omitting their name!)

Tying The Pieces Together

I returned to Watson to work as a technical assistant to Allan H. Weis, the Director of Computing Systems. This was during a period when there was a substantial amount of innovation and development being done within that organization. In addition to providing computing services to the Watson lab, it was at the forefront of developing new services and products both for the Watson Research Center and product groups. There was substantial work in networking (including TCP/IP), text processing, workstations and large systems management. Al Weis later went on to found Advanced Network & Services, parts of which were later spun off to AOL. A couple of notable people working in the department at that time were Barry Appleman (who went on to AOL) and Yakov Rekhter (currently at Juniper Networks?).

This period was early in the era of IBM developing RISC-based workstations and starting to bring TCP/IP to the mainframe. Along with a group of very talented systems and networking people, we built network based services, including a e-mail transfer gateway (a.k.a. XAGENT) that enabled site-wide transport-independent e-mail and newsgroups (i.e., netnews). This was an extension of the server-side Single System Image concept.

I met Ted Selker shortly after he joined IBM. Ted is well known for inventing TrackPoint, the ubiquitous little red joystick found on IBM/Lenovo Thinkpads, keyboards, etc. He and I worked on a few projects. One area was visual languages, a project we did with Cathy Wolf. Another project was Room With A View, where we invented a handheld interactive viewing device called a View Board.

Virtually There

While working on distributed computing services, I started to work with Alan Baratz, who would later become the head of the JavaSoft division of Sun Microsystems. I started developing Room With A View when I met Dan Ling (who is now the vice president at Microsoft, heading their research organization in Redmond). Together, with Jim Lipscomb, we created a project called Veridical User Environments to develop virtual reality technologies to assist with visualization tasks. The team did impressive work on building multi-modal multi-user 3D virtual environments that integrated visualizations of numerical simulations with a number of input and output devices. A range of user interface and graphics technologies were developed by the project, resulting in a number of publications. The technologies we developed included graphics toolkits, a User Interface Management System, and programming tools for event-based interactive systems. The project was also heavily involved in visualization techniques. Many people worked on this project over its 5 year lifetime. Check my publications for a partial list of contributors.

Getting Around

Cathy Wolf and I prototyped the ability to use multiple modes of interacting with multiple forms of communication (voice mail, e-mail, etc.). We did some of this work with Ed Kunzinger.

In pre-Java days, IBM was working on hardware and software for hand-held mobile devices. With Henry Chang, Carl Tait, and Parviz Kermani, we worked on CORBA-based object replication algorithms.

Good Things In Small Packages

As Java became more popular, IBM put a JVM into a diskless computer called the IBM NetWork Station. With a comparatively small memory foot print (64MB RAM) and no internal disk drive, it was a challenge to run multiple applications securely in a single Java 1.1 virtual machine. The goal was to be able to run multiple web browsers and applications. Since Java 2 security did not exist, I developed a technique to enable multiple browsers to run with their own SecurityManagers and define their own security policies.

Keeping It Under Wraps

Based on my experiences with Java in the IBM NetWork Station security, Tony Nadalin (currently the Chief Security Architect for IBM Tivoli), Don Neal, Bob Blakley and I were asked to study the Java security architectures of Netscape Navigator and Sun's proposed Java 2 Standard Edition. One of the outcomes was that we made recommendations to Sun on how to enhance J2SE security, and identified a number of areas where IBM and Sun could collaborate on the development of security technologies for Java. Over the next several years IBM and Sun worked closely on the development of the standards and reference implementations of JAAS, a variety of cryptography related technologies, and J2EE security.

Isolation is a key element of the Java security sandbox. However, the Java runtime libraries do not afford complete isolation. The lack of complete isolation affects both security and several approaches to creating more scalable Java runtime implementations. To identify isolation faults in the runtime libraries, I collaborated with my colleagues in the Haifa Research Lab, Bilha Mendelson, Sara Porat and Marina Biberstein, to define mutablity for Java classes and create a tool to identify isolation faults.

Aaron Kershenbaum rejoined IBM Research and we developed a context-sensitive call graph construction algorithm, called JaBA, that builds upon the earlier work with Haifa. We have since used JaBA in a number of security projects, including SWORD4J and non-security projects, including SABER (also known as J2EE Code Validator) and CMPOpt.

Marco Pistoia , George Leeman and Ted Habeck subsequently joined us. Based on our earlier observations about the usability Java 2 security, we wrote tools, some of them based on JaBA, to make it easier to identify J2SE permission requirements and privileged code placement, as well as J2EE authorization requirements, for componentized applications, as well as identify potential security vulnerabilities. The most recent embodiment of this work is SWORD4J.

Along with another team in Research we looked at the general problem of bug finding using static analysis. Darrell Reimer and I did some initial prototyping to demonstrate feasibility of finding bugs in large J2EE applications. Others joined us to build SABER, which also looked at the structural properties of nested objects. A related piece of work was identifying unwanted synchronization.

Along with Vugranam C. Sreedhar, Wietse Venema, Julian Dolby, Chris Vanden Berghe and several other colleagues, we have recently been looking at the challenges of securing PHP applications. More generally, we are starting to look at how the evolution of scripting languages impacts security of servers and clients.

Closing Thoughts

I've had the great pleasure to work with many fine colleagues. A small fraction of them are listed in my publications.




    About IBM    Privacy    Contact