lecture1 - Academic Csuohio
Download
Report
Transcript lecture1 - Academic Csuohio
EEC 688/788
Secure and Dependable Computing
Lecture 1
Wenbing Zhao
Department of Electrical and Computer Engineering
Cleveland State University
[email protected]
Outline
Motivation
Syllabus
4/11/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Motivation
Why secure and dependable computing is important?*
Increased reliance on software to optimize everything from
business processes to engine fuel economy
Relentlessly growing scale and complexity of systems and
systems-of-systems
Near-universal reliance on a commodity technology base that is not
specifically designed for dependability
Growing stress on legacy architectures (both hardware and
software) due to ever-increasing performance demands
Worldwide interconnectivity of systems
Continual threats of malicious attacks on critical systems
*Taken from “A high dependability computing consortium”, James H. Morris, CMU,
http://www.cs.cmu.edu/%7Ejhm/hdcc.htm
4/11/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
More Motivation
The cost of poor software is very high
Annual cost to US economy of poor quality software: $60B
source: US NIST Report 7007.011, May 2002.
Industry needs greater dependability and security
Improved quality of products
Improved quality of development processes
Better system and network security, to avoid:
viruses, trojans, denial of service, ...
network penetration, loss of confidential data, ...
Improved customer satisfaction
4/11/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Industry is Embracing
Secure and Dependable Computing
The hardware platforms are changing:
Smartcards
Pervasive computing / embedded systems
IBM, Sun “autonomic computing”
Major PC dependability and security initiatives under
way:
Trusted Computing Group
4/11/2016
Promoters: Intel, HP, Compaq, IBM, Microsoft
Microsoft’s trustworthy computing push
Intel’s LaGrande dependable hardware
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
The Cost of Downtime
From “Assessing the Financial Impact of Downtime” by Vision
Solutions, Inc. 2008
(http://www.strategiccompanies.com/pdfs/Assessing%20the%20Financial%
20Impact%20of%20Downtime.pdf)
Typical hourly cost of downtime by Industry
4/11/2016
Brokerage Service: $6,480,000
Energy: $2,800,000
Telecom: $2,000,000
Manufacturing: $1,600,000
Retail: $1,100,000
Healthcare: $636,000
Media: $90,000
Wenbing Zhao
Course Objectives
Have solid understanding of the basic concepts and
theory of secure and dependable computing
Getting familiar with some basic building blocks
(tools and APIs) needed to build secure and
dependable systems
No attempt to be comprehensive: topics covered are
what I am interested in and what I think important
4/11/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Prerequisite
Operating system principles
Java programming language
Processes, scheduling, file systems, etc.
At least you should know how to write a Hello
World program
You don’t have to be a Java expert
Computer networks
TCP, UDP, IP, Ethernet, etc.
4/11/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Outline of Lectures
Dependability concepts
Introduction to computer and network security
Cryptography, Secure communication, Intrusion detection
and prevention
Dependability techniques
4/11/2016
Logging & checkpointing
Recovery-oriented computing
Replication
Group communication systems
Consensus and Paxos
Byzantine fault tolerance
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Outline of Labs
Lab 0 – Getting familiar with Linux
Lab 1 – Secure shell
Lab 2 – Secure computing in Java
Lab 3 – Traffic analysis and intrusion detection
Lab 4 – Group communication with Spread toolkit
4/11/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Course Projects
Write a short survey paper on a particular topic
and make a presentation.
The topic must be approved by the instructor.
Must be done individually.
The project is expected to survey 5-10 research
papers, among them at least 2 must be published
within 5 years.
4/11/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Exam
One midterm on security
One final exam on fault tolerance
Exams are closed book and closed notes, except
that you are allowed to bring with you a one-page
cheat sheet no larger than the US letter size
(double-sided allowed)
There is no makeup exam!
4/11/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Grading Policy
Class participation (10%)
Lab reports (10%)
Project (20%)
Exams (60%)
4/11/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Grading Policy
A: 90-100%
A-: 85-89%
B+: 80-84%
B: 75-79%
B-: 70-74%
C+: 65-69%
C: 60-64%
F: <60%
4/11/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Class Participation
10% of the course credit
In general, there is a mock quiz in the beginning of
each lecture, so that
To obtain the full credit for class participation, you
must satisfy ALL of the following conditions:
I know who is here & I get feedback for my teaching
You do not miss more than 2 lectures
You do not miss any exam and lab sessions
You asked at least 10 questions during the semester
You will lose all 10% credit if you miss more than 6
lectures/labs/presentations
4/11/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Do not cheat!
Do not copy other student’s lab report, exams or
projects
Do not copy someone else’s work found on the
Internet
4/11/2016
Including project implementation and report
You can quote a sentence or two, but put those in quote
and give reference
You can build your projects on top of open source libraries,
but again, you should explicitly give acknowledgement and
state clearly which parts are implemented by you
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Consequences for Cheating
You get 0 credit for the project/lab/exam that you
have cheated
If the task is worth 25% or more of the course, it is
considered a major infraction
Otherwise, it is considered a minor infraction
For major infraction and repeated minor infractions
You will get an F grade, and
You may be suspended or repulsed from CSU
CSU Code of Conduct
4/11/2016
http://www.csuohio.edu/studentlife/StudentCodeOfConduct.pdf
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Reference Texts
Building Dependable Distributed Systems, by Wenbing
Zhao, Wiley-Scrivener, March 2014
Security in Computing (4th Edition), by Charles P. Pfleeger,
Shari Lawrence Pfleeger, Prentice Hall, 2006
Replication: Theory and Practice, Editted by by Bernadette
Charron-Bost, Fernando Pedone, Andre Schiper, Springer,
2010
Computer Networks (4th Edition), by Andrew S. Tanenbaum,
Prentice Hall, 2003
Cryptography and Network Security: Principles and
Practices (3rd Edition), by William Stallings, Prentice Hall,
2003
SSH, the Secure Shell (2nd Edition), by Daniel J. Barrett,
Robert G. Byrnes, Richard E. Silverman, O'Reilly, 2005
4/11/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Reference Texts
Reliable Computer Systems: Design and Evaluation (3rd
Edition), by Daniel P. Siewiorek and Robert S. Swarz, A K
Peters, 1998
Distributed Systems: Principles and Paradigms, by Andrew
S. Tanenbaum, and Maarten van Steen, Prentice Hall, 2002
Reliable Distributed Systems: Technologies, Web Services,
and Applications, by Kenneth P. Birman, Springer, 2005
Network Intrusion Detection (3rd Edition), by Stephen
Northcutt, Judy Novak, New Riders Publishing, 2002
4/11/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Instructor Information
Instructor: Dr. Wenbing Zhao
Email: [email protected], [email protected]
Lecture hours: TTh 2:10-4:00 & 6:00-7:50pm
Office hours: TTh 4:00-6:00pm & by appointment
Course Web site:
4/11/2016
http://academic.csuohio.edu/zhao_w/teaching/EEC688-F15/eec688.htm
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao