notes - Academic Csuohio - Cleveland State University
Download
Report
Transcript notes - Academic Csuohio - Cleveland State University
EEC 688/788
Secure and Dependable Computing
Lecture 1
Wenbing Zhao
Department of Electrical and Computer Engineering
Cleveland State University
[email protected]
Outline
Motivation
Syllabus
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Motivation
Why secure and dependable computing is important?*
Increased reliance on software to optimize everything from
business processes to engine fuel economy
Relentlessly growing scale and complexity of systems and
systems-of-systems
Near-universal reliance on a commodity technology base that is not
specifically designed for dependability
Growing stress on legacy architectures (both hardware and
software) due to ever-increasing performance demands
Worldwide interconnectivity of systems
Continual threats of malicious attacks on critical systems
*Taken from “A high dependability computing consortium”, James H. Morris, CMU,
http://www.cs.cmu.edu/%7Ejhm/hdcc.htm
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
More Motivation
The cost of poor software is very high
Annual cost to US economy of poor quality software: $60B
source: US NIST Report 7007.011, May 2002.
Industry needs greater dependability and security
Improved quality of products
Improved quality of development processes
Better system and network security, to avoid:
viruses, trojans, denial of service, ...
network penetration, loss of confidential data, ...
Improved customer satisfaction
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
(1996 Cost of Downtime Study – by Contingency Planning Research)
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Industry is Embracing
Secure and Dependable Computing
The hardware platforms are changing:
Smartcards
Pervasive computing / embedded systems
IBM, Sun “autonomic computing”
Major PC dependability and security initiatives under
way:
Trusted Computing Group
Promoters: Intel, HP, Compaq, IBM, Microsoft
Microsoft’s trustworthy computing push
Intel’s LaGrande dependable hardware
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Course Objectives
Have solid understanding of the basic concepts and
theory of secure and dependable computing
Getting familiar with some basic building blocks
(tools and APIs) needed to build secure and
dependable systems
No attempt to be comprehensive: topics covered are
what I am interested in and what I think important
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Prerequisite
Operating system principles
Java programming language
Processes, scheduling, file systems, etc.
At least you should know how to write a Hello
World program
You don’t have to be a Java expert
Computer networks
TCP, UDP, IP, Ethernet, etc.
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Outline of Lectures
Dependability concepts
Introduction to computer and network security
Cryptography, Secure communication, Intrusion detection
and prevention
Dependability techniques
Logging & checkpointing
Recovery-oriented computing
Replication
Group communication systems
Consensus and Paxos
Byzantine fault tolerance
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Outline of Labs
Lab 0 – Getting familiar with Linux
Lab 1 – Secure shell
Lab 2 – Secure computing in Java
Lab 3 – Traffic analysis and intrusion detection
Lab 4 – Group communication with Spread toolkit
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Course Projects
Two tracks available
Lab track (programming oriented)
Exam track (theory oriented)
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Lab Track
Up to 3-person-team project
The project is to design a lab exercise similar to
mine
Deliverables
Project proposal: propose a topic, must have my approval
Progress report to help you keep good pace
Final project report
Must do pre-check at turnitin.com
Must address plagiarism problems if detected
Presentation and demonstration
Exam is waived
Attendance on the exam-track presentations is required
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Exam Track
Up to 5-person-team project
The project is to design a comprehensive exam
for the course
Track deliverables
The comprehensive exam designed
Full solution to the exam designed
Presentation and explanation of each problem in the exam
Must take a comprehensive exam. The problems in the
actual exam will be taken from the submitted problems
Labs are waived
Attendance on lab track project presentations is
required
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Exam
One final comprehensive exam
Exam is required only for students in the Exam
Track
Exams are closed book and closed notes, except
that you are allowed to bring with you a one-page
cheat sheet no larger than the US letter size
(double-sided allowed)
There is no makeup exam!
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Grading Policy
Class participation (20%)
Lab track
Labs (20%)
Project (60%)
Exam track
Project (40%)
Exam (40%)
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Grading Policy
A: 90-100%
A-: 85-89%
B+: 80-84%
B: 70-79%
B-: 65-69%
C: 60-44%
F: <60%
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Class Participation
20% of the course credit
In general, there is a mock quiz in the beginning of
each lecture, so that
To obtain the full credit for class participation, you
must satisfy ALL of the following conditions:
I know who is here & I get feedback for my teaching
You do not miss more than 2 lectures
You do not miss any exam and lab sessions
You asked at least 10 questions during the semester
You will lose all 20% credit if you miss more than 6
lectures/labs/presentations
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Do not cheat!
Do not copy other student’s lab report, exams or
projects
Do not copy someone else’s work found on the
Internet
Including project implementation and report
You can quote a sentence or two, but put those in quote
and give reference
You can build your projects on top of open source libraries,
but again, you should explicitly give acknowledgement and
state clearly which parts are implemented by you
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Consequences for Cheating
You get 0 credit for the project/lab/exam that you
have cheated
If the task is worth 25% or more of the course, it is
considered a major infraction
Otherwise, it is considered a minor infraction
For major infraction and repeated minor infractions
You will get an F grade, and
You may be suspended or repulsed from CSU
CSU Code of Conduct
http://www.csuohio.edu/studentlife/StudentCodeOfConduct.pdf
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Reference Texts
Building Dependable Distributed Systems, by Wenbing
Zhao, Wiley-Scrivener, March 2014
Security in Computing (4th Edition), by Charles P. Pfleeger,
Shari Lawrence Pfleeger, Prentice Hall, 2006
Replication: Theory and Practice, Editted by by Bernadette
Charron-Bost, Fernando Pedone, Andre Schiper, Springer,
2010
Computer Networks (4th Edition), by Andrew S. Tanenbaum,
Prentice Hall, 2003
Cryptography and Network Security: Principles and
Practices (3rd Edition), by William Stallings, Prentice Hall,
2003
SSH, the Secure Shell (2nd Edition), by Daniel J. Barrett,
Robert G. Byrnes, Richard E. Silverman, O'Reilly, 2005
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Reference Texts
Reliable Computer Systems: Design and Evaluation (3rd
Edition), by Daniel P. Siewiorek and Robert S. Swarz, A K
Peters, 1998
Distributed Systems: Principles and Paradigms, by Andrew
S. Tanenbaum, and Maarten van Steen, Prentice Hall, 2002
Reliable Distributed Systems: Technologies, Web Services,
and Applications, by Kenneth P. Birman, Springer, 2005
Network Intrusion Detection (3rd Edition), by Stephen
Northcutt, Judy Novak, New Riders Publishing, 2002
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Instructor Information
Instructor: Dr. Wenbing Zhao
Email: [email protected]
Lecture hours: TTh 2:00-3:50 & 4:00-5:50pm
Office hours: TTh 12:00-2:00pm & by appointment
Course Web site:
4/10/2016
http://academic.csuohio.edu/zhao_w/teaching/EEC688-F14/eec688.htm
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao