CS 588: Security and Privacy in Networked and Distributed Systems

Announcements

  • Project is Due Monday May 8th at 2:00 (or at appointment if later). Sign up for appointment/project at the Final. If you are doing an Ethos assignment, I'll test it myself, I just need your code.
  • Project
    • Should produce a writeup explaining the project and its security and privacy properties
    • Should cite all sources
    • Should explain how to use it
    • Should provide all work
  • Final Exam 8:00 AM on Monday May 1st in room SES 138. You may bring one sheet, printed on one side with 10pt type (or equavalent).
  • Final exam topics include:
    • From chapter 11,12,13 and the lecture notes on the same material
    • Homeworks
    • Ethos progjects
    Although details of encryption are not needed for the test, you should know diffie hellman, merkle trees, and Shamir's algorithm.
  • Program 1: You are to write a distributed logger server in Ethos, which receives via a LogIt RPC which has a string parameter to log. The log entries should be written to a logging directory using WriteStream. You will need to write clients to test it. You are to describe the security properties of your program if run across a network. This project is to be done in pairs, but each member of the pair is individually responsible for the whole.
  • Ethos: you should have receieved an email about how to install Ethos on virtual box.
  • Emails should be sent to cs588 at ethos mail site.
  • Homework 3 (Due 29 Mar): Chap 13: 1, 2, 4, 7, 13, 16, 17, 23 and
    • MinimalLT uses time-based nonces. What is the advantage of this?
    • How can MinimaLT protect against spoofed IP addresses?
    • What happens if an adversary changes IP or UDP fields in MinimaLT?
    • What happens if an adversary changes public key, tunnelId, or nonce in MinimaLT?
    • What do puzzles protect against?
    • Does the MinimaLT directory service request incur an Internet latency?
    • Why doesn't MinimaLT require a SYN/ACK (or something similar)?
    • How does MinimaLT ensure Perfect Forward Security?
  • Project slides are here contains due dates!
  • PGP assignment: send a PGP encrypted message to me
  • Homework 2 (due 13 Mar): Chap 11--problems 27, 29; Chap 12: problems 1, 3, 5, 7, 10, 13
  • We are meeting from 3:00-4:15 MW
  • Homework 1 (due 22 Feb): Chap 11--problems 1,6,7,11,14,15,18,22,25
  • Course is offered in Spring 2017

We will probably have a test and a final this time.

Required Text

We'll be using my manuscript, the first part of which is used in CS 587, supplemented by papers. It is over 500 pages at this point plus front and back matter, and covers a superset of the material covered in class. (Published texts only covered about 30-40% of the course material). The reason I've switched over to this is so that:
  • Lecture notes can cover material at a higher level, details and extensive examples in the text.
  • Students will have a source for more in-depth coverage of the material with examples than possible with existing texts.
  • The course is oriented towards security properties, which is new work.
  • This is the most effective way to refine the course and technical details.
-->

Recommended Reading:

  • Ross Anderson, Security Engineering, John Wiley. (Really nice discussions of many topics and very readable. Highly recommended.)
  • Charlie Kaufman, Radia Perlman and Mike Speciner, Network Security: Private Communication in a Public World, 2nd ed., Prentice-Hall, 2002.
  • Pfleeger and Pfleeger, Security in Computing, Prentice-Hall, 3rd Edition. (Used last time for this course, good coverage of OS issues.)
  • Gollmann, Computer Security, John Wiley. (Broad coverage, but terse)
  • Ethos OS This is the home page to my Ethos operating system project with lots of links to things including a 50+ page annotated bibliography I put together.

Description:

This course explores in depth Security and Privacy on Networked and Distributed Systems. While CS 587 covered protection on a single, but shared system, CS 588 will examine the issues that enter when multiple organizations are connected via networks.

This course will examine:

  • Applied Cryptography: Encryption, Decryption, and Authentication requirements and assumptions: Public Key, Private Key, Cryptographic hashing.
  • Networking Issues Security Protocols including authentication and shared key; Distributed Denial of Service including attack taxonomy and Defenses.
  • Distributed systems: Theory of Distributed authentication; Certificate based systems; Kerberos; Trust negotiation systems;
  • Privacy Digital Cash, Bitcoin, Tor, ...

This is a systems course, and while it is intended to be self-contained will explore issues in networking, distributed systems, and operating systems to understand the impact of systems on protection.

Required Work

The work is going to include:
  • test(s) on prepared material,
  • homeworks (written and at least one programming assignment)
  • present a paper, and
  • a course project. The course project can either be
    • an implementation project,
    • possibly a project where you install and validate some software, or
    • a written project.
    The last 2 course project choices will require a 15 minute classroom presentation.

Undergraduates wishing to take the course should send me email with the following information:

  • Number of completed credit hours
  • Any required courses not yet taken.
  • List of 400 level courses taken (and grades achieved).
  • Background in OS (including kernel background)
  • Are you requesting course count as a technical elective (this will be harder)
  • Have you filed a petition?
  • Reason for wanting to take the course