1 / 32

EEC 688/788 Secure and Dependable Computing

EEC 688/788 Secure and Dependable Computing. Lecture 1 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University wenbing@ieee.org. Outline. Motivation Syllabus. Motivation. Why secure and dependable computing is important ?*

kent
Download Presentation

EEC 688/788 Secure and Dependable Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EEC 688/788Secure and Dependable Computing Lecture 1 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University wenbing@ieee.org

  2. Outline • Motivation • Syllabus EEC688/788 Secure and Dependable Computing

  3. Motivation • Why secure and dependable computing is important?* • Increased reliance on software to optimize everything from business processes to engine fuel economy • Relentlessly growing scale and complexity of systems and systems-of-systems • Near-universal reliance on a commodity technology base that is not specifically designed for dependability • Growing stress on legacy architectures (both hardware and software) due to ever-increasing performance demands • Worldwide interconnectivity of systems • Continual threats of malicious attacks on critical systems *Taken from “A high dependability computing consortium”, James H. Morris, CSMU, http://www.cs.cmu.edu/%7Ejhm/hdcc.htm EEC688/788 Secure and Dependable Computing

  4. More Motivation • The cost of poor software is very high • Annual cost to US economy of poor quality software: $60B • source: US NIST Report 7007.011, May 2002. • Industry needs greater dependability and security • Improved quality of products • Improved quality of development processes • Better system and network security, to avoid: • viruses, trojans, denial of service, ... • network penetration, loss of confidential data, ... • Improved customer satisfaction EEC688/788 Secure and Dependable Computing

  5. (1996 Cost of Downtime Study – by Contingency Planning Research) EEC688/788 Secure and Dependable Computing

  6. 2001 Cost of Downtime per Hour – by Contingency Planning Research EEC688/788 Secure and Dependable Computing

  7. Problem of Data Breach • Compromised computer systems • Lost laptop, backup tapes • Well-known incidents • Massive confidential data loss in a UC Berkley system (1.4 million people are affected) • http://www.securityfocus.com/news/9758 • Potential revealing of personal data of 26.5 million veterans due to loss of laptops • http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1189759,00.html EEC688/788 Secure and Dependable Computing

  8. Cost of Data Breach • Data loss costs U.S. businesses more than $18 billion a year (according to a 2003 study) • http://www.usatoday.com/tech/news/computersecurity/2006-06-11-lost-data_x.htm?csp=2 • Data breaches cost companies an average of $182 per compromised record => typically several million dollars per incident • http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1227119,00.html EEC688/788 Secure and Dependable Computing

  9. Industry is Embracing Secure and Dependable Computing • The hardware platforms are changing: • Smartcards • Pervasive computing / embedded systems • IBM, Sun “autonomic computing” • Major PC dependability and security initiatives under way: • Trusted Computing Group • Promoters: Intel, HP, Compaq, IBM, Microsoft • Microsoft’s trustworthy computing push • Intel’s LaGrande dependable hardware EEC688/788 Secure and Dependable Computing

  10. Course Objectives • Have solid understanding of the basic theory of secure and dependable computing • Getting familiar with some basic building blocks (tools and APIs) needed to build secure and dependable systems • No attempt to be comprehensive: topics covered are what I am interested in and what I think important • Focus on basic knowledge and skills, rather than cutting edge state of the art EEC688/788 Secure and Dependable Computing

  11. Prerequisite • Operating system principles • Processes, scheduling, file systems, etc. • Computer networks • TCP, UDP, IP, Ethernet, etc. • Java programming language • At least you should know how to write a Hello World program • You don’t have to be a Java expert EEC688/788 Secure and Dependable Computing

  12. Grading Policy • Class participation (10%) • Two midterms (40%) • 5 labs (20%) • Mandatory attendance • Course project (30%) EEC688/788 Secure and Dependable Computing

  13. Grading Policy • A: 90-100% • A-: 85-89% • B+: 75-84% • B: 65-74% • B-: 55-64% • C: 50-54% • F: <50% EEC688/788 Secure and Dependable Computing

  14. Class Participation • 10% of the course credit • In general, there is a mock quiz in the beginning of each lecture, so that • I know who is here & I get feedback for my teaching • To obtain the full credit for class participation, you must satisfy ALL of the following conditions: • You do not miss more than 2 lectures • You do not miss any exam and lab sessions • You asked at least 10 questions during the semester • You will lose all 10% credit if you miss more than 6 lectures/labs EEC688/788 Secure and Dependable Computing

  15. Class Participation • Send me an email with the following information for each question you have asked within 24 hours after each lecture: • The question you asked • My response • Your comment on my response and suggestion for improvement, if any EEC688/788 Secure and Dependable Computing

  16. Class Participation • You are also encouraged to give me comments/suggestions on how you would like me to improve my teaching to make it more conducive • For each piece of comment/suggestion, it will be counted as 2 questions EEC688/788 Secure and Dependable Computing

  17. Outline of Lectures • Dependability concepts • Security and cryptography • Secure communication • Intrusion detection and prevention • Faults and their manifestation • Dependability techniques • Byzantine fault tolerance EEC688/788 Secure and Dependable Computing

  18. Outline of Labs • Lab 0 – Getting familiar with Linux • Lab 1 – Secure shell • Lab 2 – Secure computing in Java • Lab 3 – Traffic analysis and intrusion detection • Lab 4 – Group communication with Spread toolkit EEC688/788 Secure and Dependable Computing

  19. Course Project • Alternative project will be considered due to low enrollment this time • Build an interesting secure and/or dependable system/application • Example course project topics • Gmail secure data backup and recovery • Causally ordered reliable multicast • Token-based totally ordered reliable multicast • Public-key based authentication service • Traffic analysis of Telnet traffic EEC688/788 Secure and Dependable Computing

  20. Course Project • Team of up to two (2) persons • You define the project you want to work on • A secure Java application • A dependable Java service based on replication • Deliverables • Project proposal: must have my approval • Progress report to help you keep good pace • Final project report • Design documentation • Source code of your system/application • Performance measurement and analysis • Demonstration and presentation EEC688/788 Secure and Dependable Computing

  21. What You Should Not Do • Steal other’s project and use it as yours • Join a team but do not work on it at all • Why it is not a good idea to do so? • If you can find it from the Internet, I can find it too => You get F grade • During presentation, I will ask you questions=> Your grade on the project will be reduced significantly if I determine you don’t know what you are talking about • You lose the chance of learning something practical and useful for your future career EEC688/788 Secure and Dependable Computing

  22. What You Should Do • Make your own design, code your own system • Write in your own words and create your own power point slides • Don’t copy and paste => I can detect it easily • If you are on a team, make your best contribution to the project • Different grade might be assigned to different team members • Start early and don’t wait until the last week of the semester to start • Communicate with me often and ask for help EEC688/788 Secure and Dependable Computing

  23. Project Presentation • Each team is required to give an oral presentation in class (10-15min) • Describe briefly your design, implementation, correctness and performance evaluation • Don’t spend too much time on background info • Don’t mention something you don’t know: I will ask you questions • It is best to show a demo of your work • Top 3 projects voted by students will get full credit automatically EEC688/788 Secure and Dependable Computing

  24. Project Report Requirement • Introduction: define the problem domain and your implementation. Provide motivation on your system • System model: assumption, restrictions, models • Design: component diagram, class diagram, pseudo code, algorithms, header explanation • Implementation: what language, tools, libraries did you use, a simple user guide on how to user your system • Performance and testing: throughput, latency, test cases • Related work • Conclusion and future work EEC688/788 Secure and Dependable Computing

  25. Project Report Requirement • Report format: IEEE Transactions format. 4-10 pages • MS Word Template • http://www.ieee.org/portal/cms_docs/pubs/transactions/TRANS-JOUR.DOC • LaTex Template • http://www.ieee.org/portal/cms_docs/pubs/transactions/IEEEtran.zip (main text) • http://www.ieee.org/portal/cms_docs/pubs/transactions/IEEEtranBST.zip (bibliography) • Report due: May 11 midnight (no extensions!) • Electronic copy of the report & source code is required EEC688/788 Secure and Dependable Computing

  26. Exams • Three midterms • Exams are closed book and closed notes, except that you are allowed to bring with you a one-page cheat sheet no larger than the US letter size (double-sided allowed) • There is no makeup exam! EEC688/788 Secure and Dependable Computing

  27. Do not cheat! • Do not copy other student’s lab report, exams or projects • Do not copy someone else’s work found on the Internet • Including project implementation and report • You can quote a sentence or two, but put those in quote and give reference • You can build your projects on top of open source libraries, but again, you need to explicitly give acknowledgement and state clearly which parts are implemented by you EEC688/788 Secure and Dependable Computing

  28. Consequences for Cheating • You get 0 credit for the project/lab/exam that you have cheated • If the task is worth more than 25% of the course, it is considered a major infraction • Otherwise, it is considered a minor infraction EEC688/788 Secure and Dependable Computing

  29. Consequences for Cheating • For major infraction and repeated minor infractions • You will get an F grade, and • You may be suspended or repulsed from CSU • CSU Code of Conduct • http://www.csuohio.edu/studentlife/conduct/StudentCodeOfConduct2004.pdf EEC688/788 Secure and Dependable Computing

  30. Reference Texts • Security in Computing (4th Edition), by Charles P. Pfleeger, Shari Lawrence Pfleeger, Prentice Hall, 2006 • Computer Networks (4th Edition), by Andrew S. Tanenbaum, Prentice Hall, 2003 • Cryptography and Network Security: Principles and Practices (3rd Edition), by William Stallings, Prentice Hall, 2003 • SSH, the Secure Shell (2nd Edition), by Daniel J. Barrett, Robert G. Byrnes, Richard E. Silverman, O'Reilly, 2005 EEC688/788 Secure and Dependable Computing

  31. Reference Texts • Reliable Computer Systems: Design and Evaluation (3rd Edition), by Daniel P. Siewiorek and Robert S. Swarz, A K Peters, 1998 • Distributed Systems: Principles and Paradigms, by Andrew S. Tanenbaum, and Maarten van Steen, Prentice Hall, 2002 • Reliable Distributed Systems: Technologies, Web Services, and Applications,by Kenneth P. Birman, Springer, 2005 • Network Intrusion Detection (3rd Edition), by Stephen Northcutt, Judy Novak, New Riders Publishing, 2002 EEC688/788 Secure and Dependable Computing

  32. Instructor Information • Instructor: Dr. Wenbing Zhao • Email: wenbing@ieee.org • Lecture hours: MW 4:00-5:50pm • Office hours: MW 2:00-4:00pm and by appointment • Anonymous email: • teachingcsu@gmail.com • Password: • if you are not happy, please do let me know • Course Web site: • http://academic.csuohio.edu/zhao_w/teaching/EEC688-S09/eec688.htm EEC688/788 Secure and Dependable Computing

More Related