eec 688/788 secure and dependable computing

EEC 688/788EEC 688/788Secure and Dependable Secure and Dependable ComputingComputing

Lecture 1Lecture 1

Wenbing ZhaoWenbing ZhaoDepartment of Electrical and Computer EngineeringDepartment of Electrical and Computer EngineeringCleveland State UniversityCleveland State [email protected]@ieee.org

04/22/2304/22/23 Wenbing ZhaoWenbing Zhao

OutlineOutline Motivation Syllabus

EEC688/788 Secure and Dependable EEC688/788 Secure and Dependable ComputingComputing


MotivationMotivation Why secure and dependable computing is important?*

Increased reliance on software to optimize everything from business processes to engine fuel economy

Relentlessly growing scale and complexity of systems and systems-of-systems

Near-universal reliance on a commodity technology base that is not specifically designed for dependability

Growing stress on legacy architectures (both hardware and software) due to ever-increasing performance demands

Worldwide interconnectivity of systems Continual threats of malicious attacks on critical systems

*Taken from “A high dependability computing consortium”, James H. Morris, CMU, http://www.cs.cmu.edu/%7Ejhm/hdcc.htm



More MotivationMore Motivation The cost of poor software is very high

Annual cost to US economy of poor quality software: $60B source: US NIST Report 7007.011, May 2002.

Industry needs greater dependability and security Improved quality of products Improved quality of development processes Better system and network security, to avoid:

viruses, trojans, denial of service, ... network penetration, loss of confidential data, ...

Improved customer satisfaction



(1996 Cost of Downtime Study – by Contingency Planning Research)



Industry is Embracing Industry is Embracing Secure and Dependable ComputingSecure and Dependable Computing The hardware platforms are changing:

Smartcards Pervasive computing / embedded systems

IBM, Sun “autonomic computing” Major PC dependability and security initiatives under

way: Trusted Computing Group

Promoters: Intel, HP, Compaq, IBM, Microsoft Microsoft’s trustworthy computing push Intel’s LaGrande dependable hardware



Course ObjectivesCourse Objectives Have solid understanding of the basic theory of

secure and dependable computing Getting familiar with some basic building blocks

(tools and APIs) needed to build secure and dependable systems

No attempt to be comprehensive: topics covered are what I am interested in and what I think important



PrerequisitePrerequisite Operating system principles

Processes, scheduling, file systems, etc. Java programming language

At least you should know how to write a Hello World program

You don’t have to be a Java expert Computer networks

TCP, UDP, IP, Ethernet, etc.



Grading PolicyGrading Policy Class participation (10%) Three midterms (45%) 5 labs (20%)

Mandatory attendance Course project (25%)



Grading PolicyGrading Policy A: 90-100% A-: 85-89% B+: 80-84% B: 70-79% B-: 65-69% C: 60-44% F: <60%



Class ParticipationClass Participation 10% of the course credit In general, there is a mock quiz in the beginning of

each lecture, so that I know who is here & I get feedback for my teaching

To obtain the full credit for class participation, you must satisfy ALL of the following conditions: You do not miss more than 2 lectures You do not miss any exam and lab sessions You asked at least 10 questions during the semester

You will lose all 10% credit if you miss more than 6 lectures/labs



Outline of LecturesOutline of Lectures Dependability concepts Security and cryptography Secure communication Intrusion detection and prevention Faults and their manifestation Dependability techniques Byzantine fault tolerance



Outline of LabsOutline of Labs Lab 0 – Getting familiar with Linux Lab 1 – Secure shell Lab 2 – Secure computing in Java Lab 3 – Traffic analysis and intrusion detection Lab 4 – Group communication with Spread toolkit Lab 5 – Byzantine fault tolerance (possibly)



Course Project Course Project Build an interesting secure and/or dependable

system/application Example course project topics

Gmail secure data backup and recovery Causally ordered reliable multicast Token-based totally ordered reliable multicast Public-key based authentication service Traffic analysis of Telnet traffic



Course ProjectCourse Project Individual Project You define the project you want to work on

A secure Java application A dependable Java service based on replication

Deliverables Project proposal: must have my approval Progress report to help you keep good pace Final project report

Design documentation Source code of your system/application Performance measurement and analysis

Demonstration and presentation



What You Should Not DoWhat You Should Not Do Steal other’s project and use it as yours Why it is not a good idea to do so?

If you can find it from the Internet, I can find it too => You get F grade

During presentation, I will ask you questions=> Your grade on the project will be reduced significantly if I determine you don’t know what you are talking about

You lose the chance of learning something practical and useful for your future career



What You Should DoWhat You Should Do Make your own design, code your own system Write in your own words and create your own power

point slides Don’t copy and paste => I can detect it easily

Start early and don’t wait until the last week of the semester to start

Communicate with me often and ask for help



Project PresentationProject Presentation An oral presentation is required in class (10-15min)

Describe briefly your design, implementation, correctness and performance evaluation

Don’t spend too much time on background info Don’t mention something you don’t know: I will ask you

questions Show a demo of your work

Top 3 projects voted by students will get full credit automatically



Project Report RequirementProject Report Requirement Introduction: define the problem domain and your

implementation. Provide motivation on your system System model: assumption, restrictions, models Design: component diagram, class diagram, pseudo code,

algorithms, header explanation Implementation: what language, tools, libraries did you use, a

simple user guide on how to user your system Performance and testing: throughput, latency, test cases Related work Conclusion and future work



Project Report RequirementProject Report Requirement Report format: IEEE Transactions format. 4-10 pages

MS Word Template http://www.ieee.org/portal/cms_docs/pubs/transactions/TRANS-JOUR.DOC

LaTex Template http://www.ieee.org/portal/cms_docs/pubs/transactions/

IEEEtran.zip (main text) http://www.ieee.org/portal/cms_docs/pubs/transactions/

IEEEtranBST.zip (bibliography) Report due: May11th midnight (no extensions!)

Electronic copy of the report & source code required (please email to my gmail account!!!)

Project outline due: April 4th in class (no extension!) Project progress report due: April 13th in class (no extension!)



ExamsExams Three midterms Exams are closed book and closed notes, except

that you are allowed to bring with you a one-page cheat sheet no larger than the US letter size (double-sided allowed)

There is no makeup exam!



Do not cheat!Do not cheat! Do not copy other student’s lab report, exams or

projects Do not copy someone else’s work found on the

Internet Including project implementation and report You can quote a sentence or two, but put those in quote

and give reference You can build your projects on top of open source libraries,

but again, you should explicitly give acknowledgement and state clearly which parts are implemented by you



Consequences for CheatingConsequences for Cheating You get 0 credit for the project/lab/exam that you

have cheated If the task is worth 25% or more of the course, it is

considered a major infraction Otherwise, it is considered a minor infraction For major infraction and repeated minor infractions

You will get an F grade, and You may be suspended or repulsed from CSU

CSU Code of Conduct http://www.csuohio.edu/studentlife/StudentCodeOfConduct.pdf



Reference TextsReference Texts Security in Computing (4th Edition), by Charles P. Pfleeger,

Shari Lawrence Pfleeger, Prentice Hall, 2006 Replication: Theory and Practice, Editted by by Bernadette

Charron-Bost, Fernando Pedone, Andre Schiper, Springer, 2010

Computer Networks (4th Edition), by Andrew S. Tanenbaum, Prentice Hall, 2003

Cryptography and Network Security: Principles and Practices (3rd Edition), by William Stallings, Prentice Hall, 2003

SSH, the Secure Shell (2nd Edition), by Daniel J. Barrett, Robert G. Byrnes, Richard E. Silverman, O'Reilly, 2005



Reference TextsReference Texts Reliable Computer Systems: Design and Evaluation (3rd

Edition), by Daniel P. Siewiorek and Robert S. Swarz, A K Peters, 1998

Distributed Systems: Principles and Paradigms, by Andrew S. Tanenbaum, and Maarten van Steen, Prentice Hall, 2002

Reliable Distributed Systems: Technologies, Web Services, and Applications, by Kenneth P. Birman, Springer, 2005

Network Intrusion Detection (3rd Edition), by Stephen Northcutt, Judy Novak, New Riders Publishing, 2002



Instructor InformationInstructor Information Instructor: Dr. Wenbing Zhao

Email: [email protected] Lecture hours: MW 6:00-7:50pm Office hours: MW 2:00-4:00pm & by appointment

Course Web site: http://academic.csuohio.edu/zhao_w/teaching/EEC688-S11/eec688.htm


eec 688/788 secure and dependable computing

Documents

dependable computing

importanteec688788 secure

basic theory of secure

dependable systemsno

wenbing zhaoindustry

wenbing zhaograding

file systems

critical systems