notes - Academic Csuohio - Cleveland State University

Download Report

Transcript notes - Academic Csuohio - Cleveland State University

EEC 688/788
Secure and Dependable Computing
Lecture 1
Wenbing Zhao
Department of Electrical and Computer Engineering
Cleveland State University
[email protected]
Outline


Motivation
Syllabus
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Motivation

Why secure and dependable computing is important?*
 Increased reliance on software to optimize everything from
business processes to engine fuel economy
 Relentlessly growing scale and complexity of systems and
systems-of-systems
 Near-universal reliance on a commodity technology base that is not
specifically designed for dependability
 Growing stress on legacy architectures (both hardware and
software) due to ever-increasing performance demands
 Worldwide interconnectivity of systems
 Continual threats of malicious attacks on critical systems
*Taken from “A high dependability computing consortium”, James H. Morris, CMU,
http://www.cs.cmu.edu/%7Ejhm/hdcc.htm
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
More Motivation


The cost of poor software is very high
 Annual cost to US economy of poor quality software: $60B
 source: US NIST Report 7007.011, May 2002.
Industry needs greater dependability and security
 Improved quality of products
 Improved quality of development processes
 Better system and network security, to avoid:



viruses, trojans, denial of service, ...
network penetration, loss of confidential data, ...
Improved customer satisfaction
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
(1996 Cost of Downtime Study – by Contingency Planning Research)
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Industry is Embracing
Secure and Dependable Computing

The hardware platforms are changing:




Smartcards
Pervasive computing / embedded systems
IBM, Sun “autonomic computing”
Major PC dependability and security initiatives under
way:

Trusted Computing Group



Promoters: Intel, HP, Compaq, IBM, Microsoft
Microsoft’s trustworthy computing push
Intel’s LaGrande dependable hardware
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Course Objectives



Have solid understanding of the basic concepts and
theory of secure and dependable computing
Getting familiar with some basic building blocks
(tools and APIs) needed to build secure and
dependable systems
No attempt to be comprehensive: topics covered are
what I am interested in and what I think important
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Prerequisite

Operating system principles


Java programming language



Processes, scheduling, file systems, etc.
At least you should know how to write a Hello
World program
You don’t have to be a Java expert
Computer networks

TCP, UDP, IP, Ethernet, etc.
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Outline of Lectures


Dependability concepts
Introduction to computer and network security


Cryptography, Secure communication, Intrusion detection
and prevention
Dependability techniques






Logging & checkpointing
Recovery-oriented computing
Replication
Group communication systems
Consensus and Paxos
Byzantine fault tolerance
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Outline of Labs





Lab 0 – Getting familiar with Linux
Lab 1 – Secure shell
Lab 2 – Secure computing in Java
Lab 3 – Traffic analysis and intrusion detection
Lab 4 – Group communication with Spread toolkit
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Course Projects

Two tracks available


Lab track (programming oriented)
Exam track (theory oriented)
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Lab Track

Up to 3-person-team project
The project is to design a lab exercise similar to
mine

Deliverables




Project proposal: propose a topic, must have my approval
Progress report to help you keep good pace
Final project report




Must do pre-check at turnitin.com
Must address plagiarism problems if detected
Presentation and demonstration
Exam is waived

Attendance on the exam-track presentations is required
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Exam Track

Up to 5-person-team project
The project is to design a comprehensive exam
for the course

Track deliverables






The comprehensive exam designed
Full solution to the exam designed
Presentation and explanation of each problem in the exam
Must take a comprehensive exam. The problems in the
actual exam will be taken from the submitted problems
Labs are waived

Attendance on lab track project presentations is
required
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Exam




One final comprehensive exam
Exam is required only for students in the Exam
Track
Exams are closed book and closed notes, except
that you are allowed to bring with you a one-page
cheat sheet no larger than the US letter size
(double-sided allowed)
There is no makeup exam!
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Grading Policy


Class participation (20%)
Lab track



Labs (20%)
Project (60%)
Exam track


Project (40%)
Exam (40%)
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Grading Policy







A: 90-100%
A-: 85-89%
B+: 80-84%
B: 70-79%
B-: 65-69%
C: 60-44%
F: <60%
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Class Participation


20% of the course credit
In general, there is a mock quiz in the beginning of
each lecture, so that


To obtain the full credit for class participation, you
must satisfy ALL of the following conditions:




I know who is here & I get feedback for my teaching
You do not miss more than 2 lectures
You do not miss any exam and lab sessions
You asked at least 10 questions during the semester
You will lose all 20% credit if you miss more than 6
lectures/labs/presentations
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Do not cheat!


Do not copy other student’s lab report, exams or
projects
Do not copy someone else’s work found on the
Internet



Including project implementation and report
You can quote a sentence or two, but put those in quote
and give reference
You can build your projects on top of open source libraries,
but again, you should explicitly give acknowledgement and
state clearly which parts are implemented by you
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Consequences for Cheating




You get 0 credit for the project/lab/exam that you
have cheated
If the task is worth 25% or more of the course, it is
considered a major infraction
Otherwise, it is considered a minor infraction
For major infraction and repeated minor infractions



You will get an F grade, and
You may be suspended or repulsed from CSU
CSU Code of Conduct

http://www.csuohio.edu/studentlife/StudentCodeOfConduct.pdf
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Reference Texts






Building Dependable Distributed Systems, by Wenbing
Zhao, Wiley-Scrivener, March 2014
Security in Computing (4th Edition), by Charles P. Pfleeger,
Shari Lawrence Pfleeger, Prentice Hall, 2006
Replication: Theory and Practice, Editted by by Bernadette
Charron-Bost, Fernando Pedone, Andre Schiper, Springer,
2010
Computer Networks (4th Edition), by Andrew S. Tanenbaum,
Prentice Hall, 2003
Cryptography and Network Security: Principles and
Practices (3rd Edition), by William Stallings, Prentice Hall,
2003
SSH, the Secure Shell (2nd Edition), by Daniel J. Barrett,
Robert G. Byrnes, Richard E. Silverman, O'Reilly, 2005
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Reference Texts




Reliable Computer Systems: Design and Evaluation (3rd
Edition), by Daniel P. Siewiorek and Robert S. Swarz, A K
Peters, 1998
Distributed Systems: Principles and Paradigms, by Andrew
S. Tanenbaum, and Maarten van Steen, Prentice Hall, 2002
Reliable Distributed Systems: Technologies, Web Services,
and Applications, by Kenneth P. Birman, Springer, 2005
Network Intrusion Detection (3rd Edition), by Stephen
Northcutt, Judy Novak, New Riders Publishing, 2002
4/10/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Instructor Information

Instructor: Dr. Wenbing Zhao




Email: [email protected]
Lecture hours: TTh 2:00-3:50 & 4:00-5:50pm
Office hours: TTh 12:00-2:00pm & by appointment
Course Web site:

4/10/2016
http://academic.csuohio.edu/zhao_w/teaching/EEC688-F14/eec688.htm
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao