320 likes | 340 Views
EEC 688/788 Secure and Dependable Computing. Lecture 1 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University wenbing@ieee.org. Outline. Motivation Syllabus. Motivation. Why secure and dependable computing is important ?*
E N D
EEC 688/788Secure and Dependable Computing Lecture 1 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University wenbing@ieee.org
Outline • Motivation • Syllabus EEC688/788 Secure and Dependable Computing
Motivation • Why secure and dependable computing is important?* • Increased reliance on software to optimize everything from business processes to engine fuel economy • Relentlessly growing scale and complexity of systems and systems-of-systems • Near-universal reliance on a commodity technology base that is not specifically designed for dependability • Growing stress on legacy architectures (both hardware and software) due to ever-increasing performance demands • Worldwide interconnectivity of systems • Continual threats of malicious attacks on critical systems *Taken from “A high dependability computing consortium”, James H. Morris, CSMU, http://www.cs.cmu.edu/%7Ejhm/hdcc.htm EEC688/788 Secure and Dependable Computing
More Motivation • The cost of poor software is very high • Annual cost to US economy of poor quality software: $60B • source: US NIST Report 7007.011, May 2002. • Industry needs greater dependability and security • Improved quality of products • Improved quality of development processes • Better system and network security, to avoid: • viruses, trojans, denial of service, ... • network penetration, loss of confidential data, ... • Improved customer satisfaction EEC688/788 Secure and Dependable Computing
(1996 Cost of Downtime Study – by Contingency Planning Research) EEC688/788 Secure and Dependable Computing
2001 Cost of Downtime per Hour – by Contingency Planning Research EEC688/788 Secure and Dependable Computing
Problem of Data Breach • Compromised computer systems • Lost laptop, backup tapes • Well-known incidents • Massive confidential data loss in a UC Berkley system (1.4 million people are affected) • http://www.securityfocus.com/news/9758 • Potential revealing of personal data of 26.5 million veterans due to loss of laptops • http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1189759,00.html EEC688/788 Secure and Dependable Computing
Cost of Data Breach • Data loss costs U.S. businesses more than $18 billion a year (according to a 2003 study) • http://www.usatoday.com/tech/news/computersecurity/2006-06-11-lost-data_x.htm?csp=2 • Data breaches cost companies an average of $182 per compromised record => typically several million dollars per incident • http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1227119,00.html EEC688/788 Secure and Dependable Computing
Industry is Embracing Secure and Dependable Computing • The hardware platforms are changing: • Smartcards • Pervasive computing / embedded systems • IBM, Sun “autonomic computing” • Major PC dependability and security initiatives under way: • Trusted Computing Group • Promoters: Intel, HP, Compaq, IBM, Microsoft • Microsoft’s trustworthy computing push • Intel’s LaGrande dependable hardware EEC688/788 Secure and Dependable Computing
Course Objectives • Have solid understanding of the basic theory of secure and dependable computing • Getting familiar with some basic building blocks (tools and APIs) needed to build secure and dependable systems • No attempt to be comprehensive: topics covered are what I am interested in and what I think important • Focus on basic knowledge and skills, rather than cutting edge state of the art EEC688/788 Secure and Dependable Computing
Prerequisite • Operating system principles • Processes, scheduling, file systems, etc. • Computer networks • TCP, UDP, IP, Ethernet, etc. • Java programming language • At least you should know how to write a Hello World program • You don’t have to be a Java expert EEC688/788 Secure and Dependable Computing
Grading Policy • Class participation (10%) • Two midterms (40%) • 5 labs (20%) • Mandatory attendance • Course project (30%) EEC688/788 Secure and Dependable Computing
Grading Policy • A: 90-100% • A-: 85-89% • B+: 75-84% • B: 65-74% • B-: 55-64% • C: 50-54% • F: <50% EEC688/788 Secure and Dependable Computing
Class Participation • 10% of the course credit • In general, there is a mock quiz in the beginning of each lecture, so that • I know who is here & I get feedback for my teaching • To obtain the full credit for class participation, you must satisfy ALL of the following conditions: • You do not miss more than 2 lectures • You do not miss any exam and lab sessions • You asked at least 10 questions during the semester • You will lose all 10% credit if you miss more than 6 lectures/labs EEC688/788 Secure and Dependable Computing
Class Participation • Send me an email with the following information for each question you have asked within 24 hours after each lecture: • The question you asked • My response • Your comment on my response and suggestion for improvement, if any EEC688/788 Secure and Dependable Computing
Class Participation • You are also encouraged to give me comments/suggestions on how you would like me to improve my teaching to make it more conducive • For each piece of comment/suggestion, it will be counted as 2 questions EEC688/788 Secure and Dependable Computing
Outline of Lectures • Dependability concepts • Security and cryptography • Secure communication • Intrusion detection and prevention • Faults and their manifestation • Dependability techniques • Byzantine fault tolerance EEC688/788 Secure and Dependable Computing
Outline of Labs • Lab 0 – Getting familiar with Linux • Lab 1 – Secure shell • Lab 2 – Secure computing in Java • Lab 3 – Traffic analysis and intrusion detection • Lab 4 – Group communication with Spread toolkit EEC688/788 Secure and Dependable Computing
Course Project • Alternative project will be considered due to low enrollment this time • Build an interesting secure and/or dependable system/application • Example course project topics • Gmail secure data backup and recovery • Causally ordered reliable multicast • Token-based totally ordered reliable multicast • Public-key based authentication service • Traffic analysis of Telnet traffic EEC688/788 Secure and Dependable Computing
Course Project • Team of up to two (2) persons • You define the project you want to work on • A secure Java application • A dependable Java service based on replication • Deliverables • Project proposal: must have my approval • Progress report to help you keep good pace • Final project report • Design documentation • Source code of your system/application • Performance measurement and analysis • Demonstration and presentation EEC688/788 Secure and Dependable Computing
What You Should Not Do • Steal other’s project and use it as yours • Join a team but do not work on it at all • Why it is not a good idea to do so? • If you can find it from the Internet, I can find it too => You get F grade • During presentation, I will ask you questions=> Your grade on the project will be reduced significantly if I determine you don’t know what you are talking about • You lose the chance of learning something practical and useful for your future career EEC688/788 Secure and Dependable Computing
What You Should Do • Make your own design, code your own system • Write in your own words and create your own power point slides • Don’t copy and paste => I can detect it easily • If you are on a team, make your best contribution to the project • Different grade might be assigned to different team members • Start early and don’t wait until the last week of the semester to start • Communicate with me often and ask for help EEC688/788 Secure and Dependable Computing
Project Presentation • Each team is required to give an oral presentation in class (10-15min) • Describe briefly your design, implementation, correctness and performance evaluation • Don’t spend too much time on background info • Don’t mention something you don’t know: I will ask you questions • It is best to show a demo of your work • Top 3 projects voted by students will get full credit automatically EEC688/788 Secure and Dependable Computing
Project Report Requirement • Introduction: define the problem domain and your implementation. Provide motivation on your system • System model: assumption, restrictions, models • Design: component diagram, class diagram, pseudo code, algorithms, header explanation • Implementation: what language, tools, libraries did you use, a simple user guide on how to user your system • Performance and testing: throughput, latency, test cases • Related work • Conclusion and future work EEC688/788 Secure and Dependable Computing
Project Report Requirement • Report format: IEEE Transactions format. 4-10 pages • MS Word Template • http://www.ieee.org/portal/cms_docs/pubs/transactions/TRANS-JOUR.DOC • LaTex Template • http://www.ieee.org/portal/cms_docs/pubs/transactions/IEEEtran.zip (main text) • http://www.ieee.org/portal/cms_docs/pubs/transactions/IEEEtranBST.zip (bibliography) • Report due: May 11 midnight (no extensions!) • Electronic copy of the report & source code is required EEC688/788 Secure and Dependable Computing
Exams • Three midterms • Exams are closed book and closed notes, except that you are allowed to bring with you a one-page cheat sheet no larger than the US letter size (double-sided allowed) • There is no makeup exam! EEC688/788 Secure and Dependable Computing
Do not cheat! • Do not copy other student’s lab report, exams or projects • Do not copy someone else’s work found on the Internet • Including project implementation and report • You can quote a sentence or two, but put those in quote and give reference • You can build your projects on top of open source libraries, but again, you need to explicitly give acknowledgement and state clearly which parts are implemented by you EEC688/788 Secure and Dependable Computing
Consequences for Cheating • You get 0 credit for the project/lab/exam that you have cheated • If the task is worth more than 25% of the course, it is considered a major infraction • Otherwise, it is considered a minor infraction EEC688/788 Secure and Dependable Computing
Consequences for Cheating • For major infraction and repeated minor infractions • You will get an F grade, and • You may be suspended or repulsed from CSU • CSU Code of Conduct • http://www.csuohio.edu/studentlife/conduct/StudentCodeOfConduct2004.pdf EEC688/788 Secure and Dependable Computing
Reference Texts • Security in Computing (4th Edition), by Charles P. Pfleeger, Shari Lawrence Pfleeger, Prentice Hall, 2006 • Computer Networks (4th Edition), by Andrew S. Tanenbaum, Prentice Hall, 2003 • Cryptography and Network Security: Principles and Practices (3rd Edition), by William Stallings, Prentice Hall, 2003 • SSH, the Secure Shell (2nd Edition), by Daniel J. Barrett, Robert G. Byrnes, Richard E. Silverman, O'Reilly, 2005 EEC688/788 Secure and Dependable Computing
Reference Texts • Reliable Computer Systems: Design and Evaluation (3rd Edition), by Daniel P. Siewiorek and Robert S. Swarz, A K Peters, 1998 • Distributed Systems: Principles and Paradigms, by Andrew S. Tanenbaum, and Maarten van Steen, Prentice Hall, 2002 • Reliable Distributed Systems: Technologies, Web Services, and Applications,by Kenneth P. Birman, Springer, 2005 • Network Intrusion Detection (3rd Edition), by Stephen Northcutt, Judy Novak, New Riders Publishing, 2002 EEC688/788 Secure and Dependable Computing
Instructor Information • Instructor: Dr. Wenbing Zhao • Email: wenbing@ieee.org • Lecture hours: MW 4:00-5:50pm • Office hours: MW 2:00-4:00pm and by appointment • Anonymous email: • teachingcsu@gmail.com • Password: • if you are not happy, please do let me know • Course Web site: • http://academic.csuohio.edu/zhao_w/teaching/EEC688-S09/eec688.htm EEC688/788 Secure and Dependable Computing