Elective in Architecture and Distributed Systems - A.A. 2011-2012

Advanced topics in dependable and secure distributed systems (3CFU)

A.A. 2011-2012
Lecturer: Leonardo Querzoni

Lecture hours: 1st semester, Monday, 8:30-10:00, Room A5

Modern computing architectures, characterized by complex structures, large scale and dynamic behaviours, continuously face the security hurdles posed by unreliable infrastructures, malicious hackers, industrial espionage or even modern cyber weapons. Well known best practices in security, even if still needed, somewhat struggle to face this new generation of threats and must be thus strengthened and combined with novel approaches. Starting from well known techniques for security (public/secret key cryptography, digital signatures, standard authentication protocols, intrusion detection tools) this course aims at analyzing current threats and studying a set of advanced tools and techniques for enforcing dependability and security aspects in modern distributed systems.
The course will focus on the following topics:

  • Resilience to byzantine faults (including Byzantine-resilient state machine replication)
  • Security in complex distributed systems (including distributed attacks to complex IT infrastructures, intrusion detection, distributed port scan detection)
  • Federated digital identity management
  • Introduction to digital forensics.
Notes:

Seminar: Gaetano Consalvo - Digital Evidence and Digital Forensics.
December 16, 2011. "Aula Magna", 15:00.
Note: the talk will be in Italian.
Topics:

  • Computer Forensics, cyber crimine ed investigazione digitale
  • Strumenti di supporto alle indagini digitali
  • Ripetibilità ed irripetibilità nella Computer Forensics
  • Computer Forensics al tempo del cloud computing
Lectures:

October 6th, 2011 - Intro.
October 17th, 2011 - Consensus with byzantine faults.
October 31st, 2011 - Consensus with byzantine faults.
November 7th, 2011 - Consensus with byzantine faults. Security in complex systems: attacks and IDSs.
November 14th, 2011 - Security in complex systems: attacks and IDSs.
November 21st, 2011 - Security in complex systems: attacks and IDSs.
December 12th, 2011 - Introduction to Digital Forensics.
December 19th, 2011 - Federated digital identity management.

Slides:

The password for accessing the following PDFs is "eds"
Introduction - 1 - 2 - 3 - 4 - 5 - 6 - 7

Exam rules

Instructions (Please read carefully and contact me for further information)
List of suggested topics.
Paper templates in LaTeX and Word.

Useful links:
  1. A. Avizienis, J.-C. Laprie, B. Randell and C. Landwehr. Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. on Dependable and Secure Computing, vol. 1, no. 1, pp. 11–33, 2004.
  2. L. Lamport,R. Shostak and M. Pease. The Byzantine Generals Problem. ACM Trans. Program. Lang. Syst. 4, 3 (July 1982), 382-401.
  3. F. Schneider. Implementing Fault-Tolerant Services Using the State Machine Approach: A Tutorial. ACM Comp. Surveys, vol. 22, n. 4, 1990
  4. L. Lamport. The Part-Time Parliament. ACM Transactions on Computer Systems, vol. 16, n. 2, pp.133-169, 1998.
  5. L. Lamport. Paxos Made Simple. ACM SIGACT News vol. 32, n. 4, pp. 51-58, 2001
  6. M. Castro and B. Liskov. Practical Byzantine fault-tolerance and proactive recovery. ACM Transactions on Computer Systems (TOCS), vol. 20, n. 4, November 2002
  7. R. Kotla, L. Alvisi, M. Dahlin, A. Clement, and E. Wong. Zyzzyva: speculative byzantine fault tolerance. Proc. of 21st ACM SIGOPS symposium on Operating systems principles (SOSP '07). ACM, New York, NY, USA, 45-58, 2007.
  8. J. Yin, J-Ph. Martin, A. Venkataramani, L. Alvisi, and M. Dahlin. Separating agreement from execution for byzantine fault tolerant services. SIGOPS Oper. Syst. Rev. 37, 5 (October 2003), 253-267.
  9. A. Lazarevic, V. Kumar and J. Srivastava, Intrusion Detection: a Survey. In V. Kumar et al. "Managing Cyber Threats: Issues, Approaches and Challenges", Springer, 2005.
  10. S. Staniford, J. A. Hoagland and J. M. McAlerney, Practical automated detection of stealthy portscans, Journal of Computer Security, 10, 105–136, 2002
  11. J. Jaeyeon, V. Paxson, A. W. Berger and H. Balakrishnan, Fast portscan detection using sequential hypothesis testing, Proceedings of the IEEE Symposium on Security and Privacy, 2004

Many of these papers are freely available. Those that require an active subscription can be downloaded from computers connected through the proxy installed at La Sapienza. Check the BIXY service (in italian), or contact me for further details.