Download coms3995 - Computer Science, Columbia University

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Cross-site scripting wikipedia , lookup

Deep packet inspection wikipedia , lookup

Cyberwarfare wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Distributed firewall wikipedia , lookup

Wireless security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Hacker wikipedia , lookup

Cyberattack wikipedia , lookup

Secure multi-party computation wikipedia , lookup

Unix security wikipedia , lookup

Mobile security wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Cybercrime wikipedia , lookup

Security-focused operating system wikipedia , lookup

Computer security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript
COMS 3995 (Networks, Operating
Systems and Security)
Spring 2010
Henning Schulzrinne
Dept. of Computer Science
Columbia University
http://www.cs.columbia.edu/~hgs
Course mechanics
•
Instructor: [email protected]
– My office hours: Wednesdays, 4-5 pm, 723 CEPSR or by email appointment
•
TA:TBA
– office hours:TBA
•
•
•
•
Web page  assignments, syllabus, …
– http://www.cs.columbia.edu/~hgs/teaching/nos
Wiki  hints, assorted documents
Assignment upload, slides and mailing list via Courseworks
Will set up Google Group for discussions
Books
• Unfortunately, there is no single book that “works”
• OS:
– Operating System Concepts with Java (8th edition) by
Silberschatz, Galvin, Gagne
• Networks:
– Computer Networking – A top-down approach by Kurose, Ross
• Security:
– Network Security (2nd edition) by Kaufman, Perlman, Speciner
Structure of course
• Lectures - book material + background + discussion
• Homework assignments
– Java or C programming (no kernel programming)
• Midterm, final
Prerequisites
• CSEE W3827 (Fundamentals of Computer Systems)
–
–
–
–
understanding of computer system architecture
registers, cache, virtual memory, I/O, DMA, disks, etc.
interrupts
useful, but can probably survive without it
• COMS W3157 or W3101
– understand how to use “make”, C compiler, gdb, …
• C/C++ and/or Java
The big questions
• Why do I see an hour glass or spinning beach ball?
• How can I share the CPU so that I can still play a game
while compiling a new Linux kernel?
• What's a file system and how does it work?
• How does the Internet work?
• How does data get from sender to destination, and why
doesn't it sometimes?
• How can the Internet work without anybody in charge?
The big questions, cont’d
•
•
•
•
•
•
•
What happens when there's an Internet traffic jam?
What are the fundamental limits of networks?
Can cloud computing replace traditional computing?
What's a protocol and how does it relate to an API?
How is a web browser and an operating system similar?
What is cross-site scripting?
How can I send you a secure letter without knowing your
secret?
• How can I sign a contract without a pen?
• How can I prove to a computer that it's really me?
Why are systems important?
• Understand abstractions
– limitations, hidden costs, trade-offs
• Understand sharing & isolation
– what exactly is shared?
– what’s predictable?
– what can I rely on?
• Scaling
– everything works at small scale
– even O(2n) -- see data structures class…
Course outline & topics
• Introduction
– browsers, OS and networks:
sharing
– security: isolation
• OS concepts
–
–
–
–
–
–
–
–
core components
threads & processes
scheduling
process synchronization
main memory
file systems
I/O (audio, video, USB)
interrupts and event-driven
programming
• Networks
–
–
–
–
–
–
–
–
–
–
–
Internet overview
circuits & packets
core & access
API vs. protocols
protocol layering
applications (HTTP, ssh, email)
mapping (DNS, DHCP)
transport protocols
routing overview
networks as an OS service
day-in-the-life of a web request
Course outline, cont’d
• Security
– Causes of security failures (stack attacks, information leakage,
privilege escalation, denial-of-service, social engineering, ...)
– Isolation and defense-in-depth
– Authentication, authorization and non-repudiation
– Core concepts of encryption and hashing
– Introduction to public key cryptography; TLS
– ACL
– Web-based attacks (cross-site scripting, SQL insertion)
3-for-1 deal – what’s the catch?
• 3-for-1 deal:
– core concepts in OS (COMS 4118), networks (4119), security (4180)
– emphasis on concepts & connections between the three
• Compared to 4118:
– no kernel programming
• Compared to 4119:
– fewer protocol details
– omit network management, multimedia details
• Compared to 4180:
– less crypto
– fewer protocol details
– more emphasis on higher-layer attacks and issues
• Good preparation for all three
The deal
• Your responsibility
– you’re all adults
– responsible for your own actions and scheduling choices
– if you don’t understand something, ask
–
Please note academic honesty policy: http://www.cs.columbia.edu/education/honesty
•
•
•
•
discussion with others is encouraged - study groups, discussion board, etc.
zero tolerance for cheating or “outsourcing” homework
we’ll clearly identify group work
lock your files -- “just looking” is not acceptable
• Our responsibility
– be responsive to your questions
– try to fix problems
Lectures
• Slides for each class
– derived from book slides, but modified and enhanced
• Uploaded to Courseworks shortly after class
– sometimes updated a bit later
Assignments & Grading
•
Grading:
–
–
–
–
–
•
50% assignments
20% midterm (closed book)
30% final (cumulative, closed book)
0% no “extra credit” work
will be curved
6 written assignments (every two weeks)
– individually solved
•
Late policy
– five late days
– late assignments will not be graded, but you can submit partial assignments
– at noon on due date
CLIC lab
• All programs and kernels must boot & run on the CLIC
machines
– if not, zero credit
– but you can develop at home, on your laptop, …
• You’ll need a CLIC account
– https://www.columbia.edu/~crf/accounts/
• You will be assigned a particular CLIC machine for
virtual machine use
• Some CLIC machines are for in-person use; others can
only be accessed remotely
• No food or drink in CLIC
– be considerate -- others are trying to concentrate
Big picture
• What are “systems”?
– computer systems vs. software systems
– Analogies
• plumbing?
• civic infrastructure?
• platform?
• Systems = abstraction, sharing & isolation
Abstraction
•
messy world  nice programming interface
– reliable
– everything looks the same
• deal with physical diversity (capabilities, technology)
• deal with hardware and environment evolution
• cf. function & object abstraction (“information hiding”)
– abstract data type
•
provided by OS, networks, security:
– OS: everything is a file descriptor
• USB stick to web page
– Networks: everything is a pipe
• modem to satellite
– Security: everybody is a principal
• human, robot or program
•
will identify core abstractions throughout semester
Sharing & isolation
Sharing
Isolation
• many users, but only
occasionally
• reduce idle resources
• allow communication
• ensure performance: my
own network & system
• protect data
• reduce state complexity
Sharing & isolation
more sharing
• better peak and
average performance
• higher utilization
• lower per-user cost
more isolation
• performance
guarantees
• real-time services
• easier to debug (less
variable)
Sharing & isolation
• Networks
– can’t run separate wires everywhere
– but: ensure “quality of service”
• OS
– can’t have own CPU, disk, memory for each program
– but: ensure responsiveness, throughput guarantees
• Security
–
–
–
–
sharing within user group, security maintains group
AAA: Authentication, Authorization, Accounting
who is getting what resource?
administer data sharing
Isolation, in real life
1880’s postcard
Sharing
Today’s system: sharing & isolation at many layers
many PHP/Ruby/… scripts
Java servlets
maintenance tasks
multiple tabs
many JavaScripts
Flash plugin
Linux
Windows
hypervisor
hardware
• Use OS features (threads,
processes) for CPU
• but schedule requests itself
• manage memory
• manage access to OS resources for
security
Networks and OS
• I/O with dumb devices  networks of peripherals with embedded
CPUs
–
–
–
–
printers: parallel port  Ethernet
keyboard: serial port  BlueTooth
USB, Firewire = small packet network
VGA  HDMI  DisplayPort
• Convergence
– file systems and remote storage
– thin clients
– NetBooks
• Conceptual
– similar issues (scheduling, access control, caching, multiplexing)
– abstraction & layering: protocols vs. APIs