Advanced topics in dependable and secure distributed systems (3CFU)

Advanced topics in dependable and secure distributed systems (3CFU)

A.A. 2010-2011
Lecturer: Leonardo Querzoni

Lecture hours: 2nd semester

Modern computing architectures, characterized by complex structures, large scale and dynamic behaviours, continuously face the security hurdles posed by unreliable infrastructures, malicious hackers, industrial espionage or even modern cyber weapons. Well known best practices in security, even if still needed, somewhat struggle to face this new generation of threats and must be thus strengthened and combined with novel approaches. Starting from well known techniques for security (public/secret key cryptography, digital signatures, standard authentication protocols, intrusion detection tools) this course aims at analyzing current threats and studying a set of advanced tools and techniques for enforcing dependability and security aspects in modern distributed systems.
The course will focus on the following topics:

  • Resilience to byzantine faults (including Byzantine-resilient state machine replication)
  • Security in complex distributed systems (including distributed attacks to complex IT infrastructures, intrusion detection, distributed port scan detection)
  • Introduction to digital forensics and legal issues (including digital forensic evidence treatment and technological aspects implied by the italian CAD (Codice dell'amministrazione digitale))
Notes:
Lectures:

October 6th, 2011 - Intro.
March 21st, 2011 - Intro.
March 22nd, 2011 - Distributed Consensus and the liveness problem. The Byzantine generals problem.
March 28th, 2011 - Reliable state machine replication with PBFT.
March 29th, 2011 - Improving PBFT.
April 4th, 2011 - Security in complex systems: attacks and IDSs
April 5th, 2011 - Security in complex systems: attacks and IDSs
April 11th, 2011 - Detecting port scans
April 12th, 2011 - Detecting port scans
May 9th, 2011 - Introduction to computer forensiscs
May 10th, 2011 - Introduction to computer forensiscs

Slides:

The password for accessing the following PDFs is "eds"
Introduction - 1 - 2 - 3 - 4 - 5

Exam rules

Instructions (Please read carefully and contact me for further information)
List of suggested topics.
Paper templates in LaTeX and Word.

Useful links:
  1. L. Lamport,R. Shostak and M. Pease. The Byzantine Generals Problem. ACM Trans. Program. Lang. Syst. 4, 3 (July 1982), 382-401.
  2. F. Schneider. Implementing Fault-Tolerant Services Using the State Machine Approach: A Tutorial. ACM Comp. Surveys, vol. 22, n. 4, 1990
  3. L. Lamport. The Part-Time Parliament. ACM Transactions on Computer Systems, vol. 16, n. 2, pp.133-169, 1998.
  4. L. Lamport. Paxos Made Simple. ACM SIGACT News vol. 32, n. 4, pp. 51-58, 2001
  5. M. Castro and B. Liskov. Practical Byzantine fault-tolerance and proactive recovery. ACM Transactions on Computer Systems (TOCS), vol. 20, n. 4, November 2002
  6. R. Kotla, L. Alvisi, M. Dahlin, A. Clement, and E. Wong. Zyzzyva: speculative byzantine fault tolerance. Proc. of 21st ACM SIGOPS symposium on Operating systems principles (SOSP '07). ACM, New York, NY, USA, 45-58, 2007.
  7. J. Yin, J-Ph. Martin, A. Venkataramani, L. Alvisi, and M. Dahlin. Separating agreement from execution for byzantine fault tolerant services. SIGOPS Oper. Syst. Rev. 37, 5 (October 2003), 253-267.
  8. A. Lazarevic, V. Kumar and J. Srivastava, Intrusion Detection: a Survey. In V. Kumar et al. "Managing Cyber Threats: Issues, Approaches and Challenges", Springer, 2005.
  9. S. Staniford, J. A. Hoagland and J. M. McAlerney, Practical automated detection of stealthy portscans, Journal of Computer Security, 10, 105–136, 2002
  10. J. Jaeyeon, V. Paxson, A. W. Berger and H. Balakrishnan, Fast portscan detection using sequential hypothesis testing, Proceedings of the IEEE Symposium on Security and Privacy, 2004

Many of these papers are freely available. Those that require an active subscription can be downloaded from computers connected through the proxy installed at La Sapienza. Check the BIXY service (in italian), or contact me for further details.