COMS 3995 (Networks, Operating Systems and Security)
Spring 2010
Henning Schulzrinne
Dept. of Computer Science
Columbia Universityhttp://www.cs.columbia.edu/~hgs
Course mechanics
• Instructor: [email protected]– My office hours: Wednesdays, 4-5 pm, 723 CEPSR or by email appointment
• TA:TBA
– office hours:TBA• Web page assignments, syllabus, …
– http://www.cs.columbia.edu/~hgs/teaching/nos• Wiki hints, assorted documents• Assignment upload, slides and mailing list via Courseworks• Will set up Google Group for discussions
Books
• Unfortunately, there is no single book that “works”• OS:
– Operating System Concepts with Java (8th edition) by Silberschatz, Galvin, Gagne
• Networks:– Computer Networking – A top-down approach by Kurose, Ross
• Security:– Network Security (2nd edition) by Kaufman, Perlman, Speciner
Structure of course
• Lectures - book material + background + discussion• Homework assignments
– Java or C programming (no kernel programming)
• Midterm, final
Prerequisites
• CSEE W3827 (Fundamentals of Computer Systems)– understanding of computer system architecture– registers, cache, virtual memory, I/O, DMA, disks, etc.– interrupts– useful, but can probably survive without it
• COMS W3157 or W3101– understand how to use “make”, C compiler, gdb, …
• C/C++ and/or Java
The big questions
• Why do I see an hour glass or spinning beach ball?• How can I share the CPU so that I can still play a game
while compiling a new Linux kernel?• What's a file system and how does it work?• How does the Internet work?• How does data get from sender to destination, and why
doesn't it sometimes?• How can the Internet work without anybody in charge?
The big questions, cont’d
• What happens when there's an Internet traffic jam?• What are the fundamental limits of networks?• Can cloud computing replace traditional computing?• What's a protocol and how does it relate to an API?• How is a web browser and an operating system similar?• What is cross-site scripting?• How can I send you a secure letter without knowing your
secret?• How can I sign a contract without a pen?• How can I prove to a computer that it's really me?
Why are systems important?
• Understand abstractions– limitations, hidden costs, trade-offs
• Understand sharing & isolation– what exactly is shared?– what’s predictable?– what can I rely on?
• Scaling– everything works at small scale– even O(2n) -- see data structures class…
Course outline & topics
• Introduction– browsers, OS and networks:
sharing– security: isolation
• OS concepts– core components– threads & processes– scheduling– process synchronization– main memory– file systems– I/O (audio, video, USB)– interrupts and event-driven
programming
• Networks– Internet overview– circuits & packets– core & access– API vs. protocols– protocol layering– applications (HTTP, ssh, email)– mapping (DNS, DHCP)– transport protocols– routing overview– networks as an OS service– day-in-the-life of a web request
Course outline, cont’d
• Security– Causes of security failures (stack attacks, information leakage,
privilege escalation, denial-of-service, social engineering, ...)– Isolation and defense-in-depth– Authentication, authorization and non-repudiation– Core concepts of encryption and hashing– Introduction to public key cryptography; TLS– ACL– Web-based attacks (cross-site scripting, SQL insertion)
3-for-1 deal – what’s the catch?
• 3-for-1 deal:– core concepts in OS (COMS 4118), networks (4119), security (4180)
– emphasis on concepts & connections between the three
• Compared to 4118:– no kernel programming
• Compared to 4119:– fewer protocol details
– omit network management, multimedia details
• Compared to 4180:– less crypto
– fewer protocol details
– more emphasis on higher-layer attacks and issues
• Good preparation for all three
The deal
• Your responsibility– you’re all adults
– responsible for your own actions and scheduling choices
– if you don’t understand something, ask– Please note academic honesty policy: http://www.cs.columbia.edu/education/honesty
• discussion with others is encouraged - study groups, discussion board, etc.• zero tolerance for cheating or “outsourcing” homework• we’ll clearly identify group work• lock your files -- “just looking” is not acceptable
• Our responsibility– be responsive to your questions
– try to fix problems
Lectures
• Slides for each class– derived from book slides, but modified and enhanced
• Uploaded to Courseworks shortly after class– sometimes updated a bit later
Assignments & Grading
• Grading:– 50% assignments– 20% midterm (closed book)– 30% final (cumulative, closed book)– 0% no “extra credit” work– will be curved
• 6 written assignments (every two weeks)– individually solved
• Late policy– five late days– late assignments will not be graded, but you can submit partial assignments– at noon on due date
CLIC lab
• All programs and kernels must boot & run on the CLIC machines– if not, zero credit– but you can develop at home, on your laptop, …
• You’ll need a CLIC account– https://www.columbia.edu/~crf/accounts/
• You will be assigned a particular CLIC machine for virtual machine use
• Some CLIC machines are for in-person use; others can only be accessed remotely
• No food or drink in CLIC– be considerate -- others are trying to concentrate
Big picture
• What are “systems”?– computer systems vs. software systems
– Analogies• plumbing?• civic infrastructure?• platform?
• Systems = abstraction, sharing & isolation
Abstraction
• messy world nice programming interface– reliable– everything looks the same
• deal with physical diversity (capabilities, technology)
• deal with hardware and environment evolution
• cf. function & object abstraction (“information hiding”)– abstract data type
• provided by OS, networks, security:– OS: everything is a file descriptor
• USB stick to web page
– Networks: everything is a pipe• modem to satellite
– Security: everybody is a principal• human, robot or program
• will identify core abstractions throughout semester
Sharing & isolation
Sharing & isolation
Sharing & isolation
• Networks– can’t run separate wires everywhere– but: ensure “quality of service”
• OS– can’t have own CPU, disk, memory for each program– but: ensure responsiveness, throughput guarantees
• Security– sharing within user group, security maintains group– AAA: Authentication, Authorization, Accounting– who is getting what resource?– administer data sharing
Isolation, in real life
1880’s postcard
Sharing
Today’s system: sharing & isolation at many layers
hardwarehardware
hypervisorhypervisor
LinuxLinux WindowsWindows
multiple tabsmany JavaScripts
Flash plugin
many PHP/Ruby/… scriptsJava servlets
maintenance tasks
• Use OS features (threads, processes) for CPU
• but schedule requests itself• manage memory• manage access to OS resources for
security
• Use OS features (threads, processes) for CPU
• but schedule requests itself• manage memory• manage access to OS resources for
security
Networks and OS
• I/O with dumb devices networks of peripherals with embedded CPUs– printers: parallel port Ethernet
– keyboard: serial port BlueTooth
– USB, Firewire = small packet network
– VGA HDMI DisplayPort
• Convergence– file systems and remote storage
– thin clients
– NetBooks
• Conceptual– similar issues (scheduling, access control, caching, multiplexing)
– abstraction & layering: protocols vs. APIs