190 likes | 312 Views
SAE 599: Resilient, Cyber Secure Systems & System-of-Systems University of Southern California Viterbi School of Engineering Systems Architecture & Engineering (SAE). Ken Cureton August 2014 cureton@usc.edu. SAE 599 General Objective. Part of Systems Architecting & Engineering (SAE) Series
E N D
SAE 599:Resilient, Cyber SecureSystems & System-of-Systems University of Southern CaliforniaViterbi School of EngineeringSystems Architecture & Engineering (SAE) Ken Cureton August 2014 cureton@usc.edu
SAE 599 General Objective • Part of Systems Architecting & Engineering (SAE) Series • Objective:“Provide System Engineers and Architects with Methods and Tools for the Design and Analysis of Current and Future Complex Systems and System-of-Systems, with Emphasis on Cloud Computing, Cyber Security, and Resiliency.” • Elective Course in University of Southern California’s Masters Program in Systems Architecting & Engineering • New Class Starting in Fall 2014 • Will be re-numbered and added to the Course Catalog when formally approved by the University • Supplants SAE 574: Net-Centric Systems Architecting & Engineering SAE_599_Proposal.ppt
SAE 599 Detailed Learning Objectives • To provide students with the ability to develop & understand requirements and apply the right analytical methods when architecting complex System-of-Systems • To improve the students’ understanding of the role of system architects and their relationship to systems engineering of complex System-of-Systems • To introduce the students to new and advanced topics relevant to complex System-of-Systems architecting and modeling • Emphasis on the Systems Architecting & Systems Engineering of Cloud Computing, Cyber Security, and Resiliency • To improve the students’ ability to generate a professional-level research paper, suitable for presentation at a systems engineering conference or publication in a professional journal SAE_599_Proposal.ppt
SAE 599 Class Format • Semester Class, 16 Weeks, One night/week • 13 Weekly Lectures, 2 hours 40 minutes each • 2 days off (Holiday or Break, Study Days) • 1 Final Exam week (scheduled but not used) • Distance Learning Format • Few (if any) students in the TV Studio, majority of students attending remotely via Distance Learning • Class content webcasted for online/offline viewing • Webex for real-time interaction; E-mail, Telephone, and Office Hours for backup interaction • Class content talking points and illustrations in PowerPoint format, hosted on Blackboard Software for student preview • Blackboard Software used for repository of class lecture content, assignment submission & grade recording, andoff-line discussion Boards SAE_599_Proposal.ppt
SAE 599 Class Grading • One Research Paper required of each student • In place of a Final Exam, 2/3 of class grade • Papers are typically 25 single-spaced pages, suitably formatted for publication in a technical journal • Student materials on “How to Write a Research Paper” • Students are encouraged to e-mail Instructor with questions, outlines, drafts, etc. • Students choose research topic • Submit abstract for approval by Instructor • Bi-Weekly Homework • In place of a Mid-Term Exam, 1/3 of class grade • Structured analysis required for paper, homework • Specific analyses required in each case to demonstrate student’s ability to apply the class fundamentals SAE_599_Proposal.ppt
SAE 599 Lecture #1 • Syllabus • Definitions & Characteristics • Systems Architecting & Systems Engineering • Resilient Systems • System-of-Systems & System-of-Systems Engineering • Evolution of Service-Oriented Architectures(leading up to Cloud Computing) • Networked System Characteristics(fixed/mobile networks, fixed/mobile nodes) • Cyber Security • Net-Enabled Ecosystem, Emergent Behavior • Complexity Theory applied to Complex Networked Systems (such as Cloud Computing) SAE_599_Proposal.ppt
SAE 599 Lecture #2 • Characteristics of Cloud Computing Architectures(from a Systems Architecting/ Systems Engineering Perspective) • Fundamentals of Service-Oriented Architectures (SOA) • Data-as-a-Service (DaaS) • Infrastructure-as-a-Service (IaaS) • Platform-as-a-Service (PaaS) • Software-as-a-Service (SaaS) • Into the Future: Everything-as-a-Service? • Public/Private (or Hybrid) Clouds • Mobile (or Tactical) Clouds • Open/Standard & Proprietary/Closed Cloud Interfaces SAE_599_Proposal.ppt
SAE 599 Lecture #3 • Benefits & Drawbacks of Cloud Computing • The Business Case: • Reduced Cost & Development Time • Commonality & Open Applications • Software Development Support Environment • Agility to Meet Changing Environment • The Risks & Drawbacks: • System Complexity • Shared Multi-tenant Environment • Internet-facing Services • Loss of Some Control • Visibility of Governance & Policy Adherence • Security & Trust SAE_599_Proposal.ppt
SAE 599 Lecture #4 • Sample Application of Cloud Computing • Response to a Major Complex Humanitarian Disaster • Haiti Earthquake: 12 Jan 2010, M7 Earthquake • Multi-National Incident Response • Dissimilarity of Organizations • Military & Other Government Organizations,Non-Governmental Organizations, Private Entities • Lack of Surviving Infrastructure • Use of Cloud-Based Services to Coordinate activities for: • Search-And-Rescue, Medical Transportation, Logistics of Supply Pickup/Storage/Delivery, Peace-Keeping (e.g. looting control), Asset Tracking (personnel & equipment locations), Situational Awareness (e.g. weather, road conditions) SAE_599_Proposal.ppt
SAE 599 Lecture #5 • Resilient Architecture in Cloud Computing • BEFORE: Phase I of Disruption in Cloud-Based Services • Allows Anticipation, Design Margins & Corrective Action to be Considered in an Incident Response Plan for Typical Disruptions of Cloud-Based Services • DURING: Phase II of Disruption in Cloud-Based Services • How the System Survives the Impact of Disruptions • Implement Incident Response Plan, Ranging from Fail-Operational Down to Manual Methods • AFTER: Phase III of Disruption in Cloud-Based Services • How the System Recovers from Disruptions • Incident Analysis and Resolution • Incident Response Plan Optimization • Note that a “disruption” may be Accidental or Deliberate SAE_599_Proposal.ppt
SAE 599 Lecture #6 • Cyber Security for Cloud Computing (Part I)Assuring Availability: Fault Tolerance • Fundamentals of Fault Tolerance for Resiliency:Assured Operation, Inadvertent Operation, Intermittent Operation, Generic Failures, Fault Containment • Impacts on Reliability, Maintainability, Training • Typical Hardware & Software Steps to Assure: • Network Availability • Data Availability • Processing Capability • Advantages & Disadvantages of Cross-Strapping of Redundant Capability SAE_599_Proposal.ppt
SAE 599 Lecture #7 • Cyber Security for Cloud Computing (Part II)Assuring Integrity & Trust • Fundamentals of Trust for Critical & Safety-Of-Life Applications • Trusted System Concepts (Hardware, People, Processes) • Trusted Software Concepts & Methodologies(including Formal Methods) • Data Integrity (Checksums, CRC, Hash codes, etc.) • Data in Storage (Local & in the Cloud) • Data in Transit • Data in Computation (Local & in the Cloud) SAE_599_Proposal.ppt
SAE 599 Lecture #8 • Cyber Security for Cloud Computing (Part III)Handling Accidental & Deliberate Threats • Identity Management & Assured Authentication • Methods of Strong Authentication, Biometrics, Trusted Third Parties/Certificate Authorities, etc. • Assured Confidentiality & Authorization • Encryption: PKI, PGP, IPSEC/VPN, Digital Certificates • Identity-Based Access Control vs. various types ofRole-Based Access Control, “Least Privileges”, etc. • Assured Non-Repudiation & Methods of Digitally-Signed Audit Trails • Networked Security Management • Enclave Security, Defense-In-Depth, Firewalls, IDS, etc. • Defense against Virus, Worms, DOS/DDOS, Polymorphic, Eavesdropping, Trap Doors, Trojans, Insider Attack, etc. SAE_599_Proposal.ppt
SAE 599 Lecture #9 • Risk Management in Cloud Computing • Failure Modes & Effects with Criticality Analysis (FMECA)of Complex Networked Systems • Risk Management Framework & the Security Life Cycle • Categorize the Information Systems and the Information Processed, Stored, and Transmitted • Select an Initial Set of Baseline Security Controls • Implement the Security Controls • Assess the security controls using appropriate procedures to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome • Authorize Information System Operation • Monitor and Assess Selected Security Controls • Recommended Process for Applying Risk Management in Cloud Computing SAE_599_Proposal.ppt
SAE 599 Lecture #10 • Interoperability Challenges in Cloud Computing(System-of-Systems) • Interaction of Processes, People, & Technology • Layers of Interoperability • Network Transport • Information Services • Applications, Processes, and People • Application Program Interfaces (APIs) • Multiple, Conflicting Standards • Provider-Specific Proprietary Interfaces • Differences (Inconsistency) in: • Security Implementation & Policies • Privacy Implementation & Policies • Architecture of Cloud Service Consumers & Providers SAE_599_Proposal.ppt
SAE 599 Lecture #11 • Architecture Modeling for Cloud Computing • Goals & Objectives of Architecture Modeling • Enterprise Architecture Models (Zachman, TOGAF, etc.) • Brief Introduction to System-of-Systems Analysis & Modeling Tools: • Unified Modeling Language (UML) • System Modeling Language (SysML) • Model-Driven Architecture (MDA) & Development • Model-Based Systems Engineering (MBSE) • Use of Executable Models: Visualization of Scenarios, Validation of Requirements, Verifiability of Requirements • Domain-Driven Architecture • Recommended Process for Applying Architecture Modeling in Cloud Computing SAE_599_Proposal.ppt
SAE 599 Lecture #12 • Complexity Theory Applied to Cloud Computing • Characterization Of Network Types • Ranging from Uniform to Highly Heterogeneous • Robustness on Node or Link Insertion or Removal • Characterize Structure of Networks in Terms of Correlation Measures: • Heterogeneity, Randomness, Modularity • Mutual Information, Noise & Joint Entropies • Network Clustering in Domain of Entropy/Noise Space • Entropy: Measure of Uncertainty • Noise Level: Measure of Assortativeness • Typical Constraints on the Possible Universe of Complex Networks SAE_599_Proposal.ppt
SAE 599 Lecture #13 • Guest Lecture • Topics Pertinent to Systems Architecting and Systems Engineering of Complex System and System-of-Systems • Cloud Computing, Cyber Security, and Resiliency • Ranging from Practical Experience to State-of-the-Art • Emphasis on Tools, Methods, Lessons-Learned SAE_599_Proposal.ppt
SAE 599 Summary • Students Exposed to a Broad Range of Cloud Computing Architecture Fundamentals & Implementation Details • Students Required to Demonstrate (for their chosen topic): • Cloud Computing Architecture Characteristics • Expected Benefits & Drawbacks of the Architecture • Resiliency Before, During, and After Disruption of Service • Assured Availability/Fault Tolerance of the Architecture • Assured Integrity & Trust of the Architecture • Handling of Accidental & Deliberate Threats • Risk Management Assessment of the Architecture • Interoperability Characteristics of the Architecture • Architecture Model • Complexity Theory Assessment of the Architecture • Objective: Train Systems Architects & Systems Engineers in the application of methods and tools for the design and analysis of current and future complex systems and system-of-systems, with emphasis on Cloud Computing, Cyber Security, and Resiliency SAE_599_Proposal.ppt