* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download coms3995 - Computer Science, Columbia University
Cross-site scripting wikipedia , lookup
Deep packet inspection wikipedia , lookup
Cyberwarfare wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Distributed firewall wikipedia , lookup
Wireless security wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Cyberattack wikipedia , lookup
Secure multi-party computation wikipedia , lookup
Unix security wikipedia , lookup
Mobile security wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Security-focused operating system wikipedia , lookup
COMS 3995 (Networks, Operating Systems and Security) Spring 2010 Henning Schulzrinne Dept. of Computer Science Columbia University http://www.cs.columbia.edu/~hgs Course mechanics • Instructor: [email protected] – My office hours: Wednesdays, 4-5 pm, 723 CEPSR or by email appointment • TA:TBA – office hours:TBA • • • • Web page assignments, syllabus, … – http://www.cs.columbia.edu/~hgs/teaching/nos Wiki hints, assorted documents Assignment upload, slides and mailing list via Courseworks Will set up Google Group for discussions Books • Unfortunately, there is no single book that “works” • OS: – Operating System Concepts with Java (8th edition) by Silberschatz, Galvin, Gagne • Networks: – Computer Networking – A top-down approach by Kurose, Ross • Security: – Network Security (2nd edition) by Kaufman, Perlman, Speciner Structure of course • Lectures - book material + background + discussion • Homework assignments – Java or C programming (no kernel programming) • Midterm, final Prerequisites • CSEE W3827 (Fundamentals of Computer Systems) – – – – understanding of computer system architecture registers, cache, virtual memory, I/O, DMA, disks, etc. interrupts useful, but can probably survive without it • COMS W3157 or W3101 – understand how to use “make”, C compiler, gdb, … • C/C++ and/or Java The big questions • Why do I see an hour glass or spinning beach ball? • How can I share the CPU so that I can still play a game while compiling a new Linux kernel? • What's a file system and how does it work? • How does the Internet work? • How does data get from sender to destination, and why doesn't it sometimes? • How can the Internet work without anybody in charge? The big questions, cont’d • • • • • • • What happens when there's an Internet traffic jam? What are the fundamental limits of networks? Can cloud computing replace traditional computing? What's a protocol and how does it relate to an API? How is a web browser and an operating system similar? What is cross-site scripting? How can I send you a secure letter without knowing your secret? • How can I sign a contract without a pen? • How can I prove to a computer that it's really me? Why are systems important? • Understand abstractions – limitations, hidden costs, trade-offs • Understand sharing & isolation – what exactly is shared? – what’s predictable? – what can I rely on? • Scaling – everything works at small scale – even O(2n) -- see data structures class… Course outline & topics • Introduction – browsers, OS and networks: sharing – security: isolation • OS concepts – – – – – – – – core components threads & processes scheduling process synchronization main memory file systems I/O (audio, video, USB) interrupts and event-driven programming • Networks – – – – – – – – – – – Internet overview circuits & packets core & access API vs. protocols protocol layering applications (HTTP, ssh, email) mapping (DNS, DHCP) transport protocols routing overview networks as an OS service day-in-the-life of a web request Course outline, cont’d • Security – Causes of security failures (stack attacks, information leakage, privilege escalation, denial-of-service, social engineering, ...) – Isolation and defense-in-depth – Authentication, authorization and non-repudiation – Core concepts of encryption and hashing – Introduction to public key cryptography; TLS – ACL – Web-based attacks (cross-site scripting, SQL insertion) 3-for-1 deal – what’s the catch? • 3-for-1 deal: – core concepts in OS (COMS 4118), networks (4119), security (4180) – emphasis on concepts & connections between the three • Compared to 4118: – no kernel programming • Compared to 4119: – fewer protocol details – omit network management, multimedia details • Compared to 4180: – less crypto – fewer protocol details – more emphasis on higher-layer attacks and issues • Good preparation for all three The deal • Your responsibility – you’re all adults – responsible for your own actions and scheduling choices – if you don’t understand something, ask – Please note academic honesty policy: http://www.cs.columbia.edu/education/honesty • • • • discussion with others is encouraged - study groups, discussion board, etc. zero tolerance for cheating or “outsourcing” homework we’ll clearly identify group work lock your files -- “just looking” is not acceptable • Our responsibility – be responsive to your questions – try to fix problems Lectures • Slides for each class – derived from book slides, but modified and enhanced • Uploaded to Courseworks shortly after class – sometimes updated a bit later Assignments & Grading • Grading: – – – – – • 50% assignments 20% midterm (closed book) 30% final (cumulative, closed book) 0% no “extra credit” work will be curved 6 written assignments (every two weeks) – individually solved • Late policy – five late days – late assignments will not be graded, but you can submit partial assignments – at noon on due date CLIC lab • All programs and kernels must boot & run on the CLIC machines – if not, zero credit – but you can develop at home, on your laptop, … • You’ll need a CLIC account – https://www.columbia.edu/~crf/accounts/ • You will be assigned a particular CLIC machine for virtual machine use • Some CLIC machines are for in-person use; others can only be accessed remotely • No food or drink in CLIC – be considerate -- others are trying to concentrate Big picture • What are “systems”? – computer systems vs. software systems – Analogies • plumbing? • civic infrastructure? • platform? • Systems = abstraction, sharing & isolation Abstraction • messy world nice programming interface – reliable – everything looks the same • deal with physical diversity (capabilities, technology) • deal with hardware and environment evolution • cf. function & object abstraction (“information hiding”) – abstract data type • provided by OS, networks, security: – OS: everything is a file descriptor • USB stick to web page – Networks: everything is a pipe • modem to satellite – Security: everybody is a principal • human, robot or program • will identify core abstractions throughout semester Sharing & isolation Sharing Isolation • many users, but only occasionally • reduce idle resources • allow communication • ensure performance: my own network & system • protect data • reduce state complexity Sharing & isolation more sharing • better peak and average performance • higher utilization • lower per-user cost more isolation • performance guarantees • real-time services • easier to debug (less variable) Sharing & isolation • Networks – can’t run separate wires everywhere – but: ensure “quality of service” • OS – can’t have own CPU, disk, memory for each program – but: ensure responsiveness, throughput guarantees • Security – – – – sharing within user group, security maintains group AAA: Authentication, Authorization, Accounting who is getting what resource? administer data sharing Isolation, in real life 1880’s postcard Sharing Today’s system: sharing & isolation at many layers many PHP/Ruby/… scripts Java servlets maintenance tasks multiple tabs many JavaScripts Flash plugin Linux Windows hypervisor hardware • Use OS features (threads, processes) for CPU • but schedule requests itself • manage memory • manage access to OS resources for security Networks and OS • I/O with dumb devices networks of peripherals with embedded CPUs – – – – printers: parallel port Ethernet keyboard: serial port BlueTooth USB, Firewire = small packet network VGA HDMI DisplayPort • Convergence – file systems and remote storage – thin clients – NetBooks • Conceptual – similar issues (scheduling, access control, caching, multiplexing) – abstraction & layering: protocols vs. APIs