lecture1 - Academic Csuohio

advertisement
EEC 688/788
Secure and Dependable Computing
Lecture 1
Wenbing Zhao
Department of Electrical and Computer Engineering
Cleveland State University
wenbing@ieee.org
Outline


Motivation
Syllabus
3/14/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Motivation

Why secure and dependable computing is important?*
 Increased reliance on software to optimize everything from
business processes to engine fuel economy
 Relentlessly growing scale and complexity of systems and
systems-of-systems
 Near-universal reliance on a commodity technology base that is not
specifically designed for dependability
 Growing stress on legacy architectures (both hardware and
software) due to ever-increasing performance demands
 Worldwide interconnectivity of systems
 Continual threats of malicious attacks on critical systems
*Taken from “A high dependability computing consortium”, James H. Morris, CMU,
http://www.cs.cmu.edu/%7Ejhm/hdcc.htm
3/14/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
More Motivation


The cost of poor software is very high
 Annual cost to US economy of poor quality software: $60B
 source: US NIST Report 7007.011, May 2002.
Industry needs greater dependability and security
 Improved quality of products
 Improved quality of development processes
 Better system and network security, to avoid:



viruses, trojans, denial of service, ...
network penetration, loss of confidential data, ...
Improved customer satisfaction
3/14/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
(1996 Cost of Downtime Study – by Contingency Planning Research)
3/14/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Industry is Embracing
Secure and Dependable Computing

The hardware platforms are changing:




Smartcards
Pervasive computing / embedded systems
IBM, Sun “autonomic computing”
Major PC dependability and security initiatives under
way:

Trusted Computing Group



Promoters: Intel, HP, Compaq, IBM, Microsoft
Microsoft’s trustworthy computing push
Intel’s LaGrande dependable hardware
3/14/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Course Objectives



Have solid understanding of the basic theory of
secure and dependable computing
Getting familiar with some basic building blocks
(tools and APIs) needed to build secure and
dependable systems
No attempt to be comprehensive: topics covered are
what I am interested in and what I think important
3/14/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Prerequisite

Operating system principles


Java programming language



Processes, scheduling, file systems, etc.
At least you should know how to write a Hello
World program
You don’t have to be a Java expert
Computer networks

TCP, UDP, IP, Ethernet, etc.
3/14/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Grading Policy



Class participation (10%)
Three midterms (45%)
5 labs (20%)


Mandatory attendance
Course project (25%)
3/14/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Grading Policy







A: 90-100%
A-: 85-89%
B+: 80-84%
B: 70-79%
B-: 65-69%
C: 60-44%
F: <60%
3/14/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Class Participation


10% of the course credit
In general, there is a mock quiz in the beginning of
each lecture, so that


To obtain the full credit for class participation, you
must satisfy ALL of the following conditions:




I know who is here & I get feedback for my teaching
You do not miss more than 2 lectures
You do not miss any exam and lab sessions
You asked at least 10 questions during the semester
You will lose all 10% credit if you miss more than 6
lectures/labs
3/14/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Outline of Lectures







Dependability concepts
Security and cryptography
Secure communication
Intrusion detection and prevention
Faults and their manifestation
Dependability techniques
Byzantine fault tolerance
3/14/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Outline of Labs






Lab 0 – Getting familiar with Linux
Lab 1 – Secure shell
Lab 2 – Secure computing in Java
Lab 3 – Traffic analysis and intrusion detection
Lab 4 – Group communication with Spread toolkit
Lab 5 – Byzantine fault tolerance (possibly)
3/14/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Course Project


Build an interesting secure and/or dependable
system/application
Example course project topics





3/14/2016
Gmail secure data backup and recovery
Causally ordered reliable multicast
Token-based totally ordered reliable multicast
Public-key based authentication service
Traffic analysis of Telnet traffic
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Course Project


Individual Project
You define the project you want to work on



A secure Java application
A dependable Java service based on replication
Deliverables



Project proposal: must have my approval
Progress report to help you keep good pace
Final project report




Design documentation
Source code of your system/application
Performance measurement and analysis
Demonstration and presentation
3/14/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
What You Should Not Do


Steal other’s project and use it as yours
Why it is not a good idea to do so?



If you can find it from the Internet, I can find it too
=> You get F grade
During presentation, I will ask you questions
=> Your grade on the project will be reduced
significantly if I determine you don’t know what
you are talking about
You lose the chance of learning something
practical and useful for your future career
3/14/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
What You Should Do


Make your own design, code your own system
Write in your own words and create your own power
point slides



Don’t copy and paste => I can detect it easily
Start early and don’t wait until the last week of the
semester to start
Communicate with me often and ask for help
3/14/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Project Presentation

An oral presentation is required in class (10-15min)





Describe briefly your design, implementation, correctness
and performance evaluation
Don’t spend too much time on background info
Don’t mention something you don’t know: I will ask you
questions
Show a demo of your work
Top 3 projects voted by students will get full credit
automatically
3/14/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Project Report Requirement







Introduction: define the problem domain and your
implementation. Provide motivation on your system
System model: assumption, restrictions, models
Design: component diagram, class diagram, pseudo code,
algorithms, header explanation
Implementation: what language, tools, libraries did you use, a
simple user guide on how to user your system
Performance and testing: throughput, latency, test cases
Related work
Conclusion and future work
3/14/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Project Report Requirement

Report format: IEEE Transactions format. 4-10 pages
 MS Word Template


LaTex Template



http://www.ieee.org/portal/cms_docs/pubs/transactions/TRANS-JOUR.DOC
http://www.ieee.org/portal/cms_docs/pubs/transactions/
IEEEtran.zip (main text)
http://www.ieee.org/portal/cms_docs/pubs/transactions/
IEEEtranBST.zip (bibliography)
Report due: May11th midnight (no extensions!)
 Electronic copy of the report & source code required (please email to my


gmail account!!!)
Project outline due: April 4th in class (no extension!)
Project progress report due: April 13th in class (no extension!)
3/14/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Exams



Three midterms
Exams are closed book and closed notes, except
that you are allowed to bring with you a one-page
cheat sheet no larger than the US letter size
(double-sided allowed)
There is no makeup exam!
3/14/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Do not cheat!


Do not copy other student’s lab report, exams or
projects
Do not copy someone else’s work found on the
Internet



Including project implementation and report
You can quote a sentence or two, but put those in quote
and give reference
You can build your projects on top of open source libraries,
but again, you should explicitly give acknowledgement and
state clearly which parts are implemented by you
3/14/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Consequences for Cheating




You get 0 credit for the project/lab/exam that you
have cheated
If the task is worth 25% or more of the course, it is
considered a major infraction
Otherwise, it is considered a minor infraction
For major infraction and repeated minor infractions



You will get an F grade, and
You may be suspended or repulsed from CSU
CSU Code of Conduct

http://www.csuohio.edu/studentlife/StudentCodeOfConduct.pdf
3/14/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Reference Texts





Security in Computing (4th Edition), by Charles P. Pfleeger,
Shari Lawrence Pfleeger, Prentice Hall, 2006
Replication: Theory and Practice, Editted by by Bernadette
Charron-Bost, Fernando Pedone, Andre Schiper, Springer,
2010
Computer Networks (4th Edition), by Andrew S. Tanenbaum,
Prentice Hall, 2003
Cryptography and Network Security: Principles and
Practices (3rd Edition), by William Stallings, Prentice Hall,
2003
SSH, the Secure Shell (2nd Edition), by Daniel J. Barrett,
Robert G. Byrnes, Richard E. Silverman, O'Reilly, 2005
3/14/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Reference Texts




Reliable Computer Systems: Design and Evaluation (3rd
Edition), by Daniel P. Siewiorek and Robert S. Swarz, A K
Peters, 1998
Distributed Systems: Principles and Paradigms, by Andrew
S. Tanenbaum, and Maarten van Steen, Prentice Hall, 2002
Reliable Distributed Systems: Technologies, Web Services,
and Applications, by Kenneth P. Birman, Springer, 2005
Network Intrusion Detection (3rd Edition), by Stephen
Northcutt, Judy Novak, New Riders Publishing, 2002
3/14/2016
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Instructor Information

Instructor: Dr. Wenbing Zhao




Email: wenbing@ieee.org
Lecture hours: MW 6:00-7:50pm
Office hours: MW 2:00-4:00pm & by appointment
Course Web site:

3/14/2016
http://academic.csuohio.edu/zhao_w/teaching/EEC688-S11/eec688.htm
EEC688/788 Secure and Dependable
Computing
Wenbing Zhao
Download