Jump to Content
Willem de Bruijn

Willem de Bruijn

Willem joined Google in 2011 as a kernel developer. Before that, he built research operating systems in academia. At Cornell University he co-developed Nexus, a microkernel operating system that derives authorization from application invariants on confidentiality and integrity. At the Vrije University of Amsterdam he received his PhD for research on a high-throughput network stack and its application in intrusion detection. As Bachelor and Master student at Leiden University he implemented active and p2p networks.

Research Areas

Authored Publications
Google Publications
Other Publications
Sort By
  • Title
  • Title, descending
  • Year
  • Year, descending
    Preview abstract We describe our experience with Fathom, a system for identifying the network performance bottlenecks of any service running in the Google fleet. Fathom passively samples RPCs, the principal unit of work for services. It segments the overall latency into host and network components with kernel and RPC stack instrumentation. It records these detailed latency metrics, along with detailed transport connection state, for every sampled RPC. This lets us determine if the completion is constrained by the client, network or server. To scale while enabling analysis, we also aggregate samples into distributions that retain multi-dimensional breakdowns. This provides us with a macroscopic view of individual services. Fathom runs globally in our datacenters for all production traffic, where it monitors billions of TCP connections 24x7. For five years Fathom has been our primary tool for troubleshooting service network issues and assessing network infrastructure changes. We present case studies to show how it has helped us improve our production services. View details
    Logical Attestation: An Authorization Architecture for Trustworthy Computing
    Emin Gün Sirer
    Patrick Reynolds
    Alan Shieh
    Kevin Walsh
    Dan Williams
    Fred B. Schneider
    Proceedings of the 23rd ACM Symposium on Operating System Principles, ACM, New York, NY, USA (2011)
    Preview abstract This paper describes the design and implementation of a new operating system authorization architecture to support trustworthy computing. Called logical attestation, this architecture provides a sound framework for reasoning about run time behavior of applications. Logical attestation is based on attributable, unforgeable statements about program properties, expressed in a logic. These statements are suitable for mechanical processing, proof construction, and verification; they can serve as credentials, support authorization based on expressive authorization policies, and enable remote principals to trust software components without restricting the local user’s choice of binary implementations. We have implemented logical attestation in a new operating system called the Nexus. The Nexus executes natively on x86 platforms equipped with secure coprocessors. It supports both native Linux applications and uses logical attestation to support new trustworthy-computing applications. When deployed on a trustworthy cloud-computing stack, logical attestation is efficient, achieves high-performance, and can run applications that provide qualitative guarantees not possible with existing modes of attestation. View details
    Application-Tailored I/O with Streamline
    Herbert Bos
    Henri Bal
    ACM Transactions on Computer Systems, vol. 29 (2011), 6:1-6:33
    Model-T: Rethinking The OS For Terabit Speeds
    Herbert Bos
    Workshop on high-speed networks (HSN 2008), Co-located with INFOCOM 2008, pp. 1-6
    PipesFS: Fast Linux I/O in the Unix Tradition
    Herbert Bos
    ACM SigOps Operating Systems Review, vol. 42 (2008), pp. 55-63
    Beltway Buffers: Avoiding the OS Traffic Jam
    Herbert Bos
    INFOCOM 2008. The 27th Conference on Computer Communications, IEEE, pp. 136-143
    SafeCard: a Gigabit IPS on the network card
    Asia Slowinska
    Kees van Reeuwijk
    Tomas Hruby
    Li Xu
    Herbert Bos
    Proceedings of 9th International Symposium on Recent Advances in Intrusion Detection (RAID'06), Springer, Hamburg, Germany (2006), pp. 311-330
    Robust Distributed Systems: Achieving Self-Management Through Inference
    Herbert Bos
    Henri Bal
    Proceedings of Sixth International Symposium on a World of Wireless Mobile and Multimedia Networks (WoWMoM 2005), IEEE, pp. 542-546
    FPL-3: towards language support for distributed packet processing
    Mihai-Lucian Cristea
    Herbert Bos
    Proceedings of IFIP Networking 2005, Lecture Notes in Computer Science, Springer, pp. 743-755
    Scalable network monitors for high-speed links: a bottom-up approach
    Trung Nguyen
    Mihai Cristea
    Herbert Bos
    Proceedings of the IEEE Workshop on IP Operations and Management, 2004 (IPOM 2004), IEEE, pp. 16-22
    FFPF: Fairly Fast Packet Filters
    Herbert Bos
    Mihai Cristea
    Trung Nguyen
    Georgios Portokalidis
    Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation (OSDI 2004), USENIX, pp. 347-363
    SNMP Plus a Lightweight API for SNAP Handling
    Herbert Bos
    Jonathan T. Moore
    IEEE/IFIP Network Operations and Management Symposium, 2004 (NOMS 2004), pp. 743-756
    Atomsnet: Multimedia Peer2Peer File Sharing
    Michael S. Lew
    International Conference on Image and Video Retrieval 2002 (CIVR 2002). Lecture Notes in Computer Science vol. 2382, Springer, London, pp. 138-146