COMS 3995 (Networks, Operating Systems and Security)

Spring 2010

Henning Schulzrinne

Dept. of Computer Science

Columbia Universityhttp://www.cs.columbia.edu/~hgs

Course mechanics

• Instructor: hgs@cs.columbia.edu– My office hours: Wednesdays, 4-5 pm, 723 CEPSR or by email appointment

• TA:TBA

– office hours:TBA• Web page assignments, syllabus, …

– http://www.cs.columbia.edu/~hgs/teaching/nos• Wiki hints, assorted documents• Assignment upload, slides and mailing list via Courseworks• Will set up Google Group for discussions

Books

• Unfortunately, there is no single book that “works”• OS:

– Operating System Concepts with Java (8th edition) by Silberschatz, Galvin, Gagne

• Networks:– Computer Networking – A top-down approach by Kurose, Ross

• Security:– Network Security (2nd edition) by Kaufman, Perlman, Speciner

Structure of course

• Lectures - book material + background + discussion• Homework assignments

– Java or C programming (no kernel programming)

• Midterm, final

Prerequisites

• CSEE W3827 (Fundamentals of Computer Systems)– understanding of computer system architecture– registers, cache, virtual memory, I/O, DMA, disks, etc.– interrupts– useful, but can probably survive without it

• COMS W3157 or W3101– understand how to use “make”, C compiler, gdb, …

• C/C++ and/or Java

The big questions

• Why do I see an hour glass or spinning beach ball?• How can I share the CPU so that I can still play a game

while compiling a new Linux kernel?• What's a file system and how does it work?• How does the Internet work?• How does data get from sender to destination, and why

doesn't it sometimes?• How can the Internet work without anybody in charge?

The big questions, cont’d

• What happens when there's an Internet traffic jam?• What are the fundamental limits of networks?• Can cloud computing replace traditional computing?• What's a protocol and how does it relate to an API?• How is a web browser and an operating system similar?• What is cross-site scripting?• How can I send you a secure letter without knowing your

secret?• How can I sign a contract without a pen?• How can I prove to a computer that it's really me?

Why are systems important?

• Understand abstractions– limitations, hidden costs, trade-offs

• Understand sharing & isolation– what exactly is shared?– what’s predictable?– what can I rely on?

• Scaling– everything works at small scale– even O(2n) -- see data structures class…

Course outline & topics

• Introduction– browsers, OS and networks:

sharing– security: isolation

• OS concepts– core components– threads & processes– scheduling– process synchronization– main memory– file systems– I/O (audio, video, USB)– interrupts and event-driven

programming

• Networks– Internet overview– circuits & packets– core & access– API vs. protocols– protocol layering– applications (HTTP, ssh, email)– mapping (DNS, DHCP)– transport protocols– routing overview– networks as an OS service– day-in-the-life of a web request

Course outline, cont’d

• Security– Causes of security failures (stack attacks, information leakage,

privilege escalation, denial-of-service, social engineering, ...)– Isolation and defense-in-depth– Authentication, authorization and non-repudiation– Core concepts of encryption and hashing– Introduction to public key cryptography; TLS– ACL– Web-based attacks (cross-site scripting, SQL insertion)

3-for-1 deal – what’s the catch?

• 3-for-1 deal:– core concepts in OS (COMS 4118), networks (4119), security (4180)

– emphasis on concepts & connections between the three

• Compared to 4118:– no kernel programming

• Compared to 4119:– fewer protocol details

– omit network management, multimedia details

• Compared to 4180:– less crypto

– fewer protocol details

– more emphasis on higher-layer attacks and issues

• Good preparation for all three

The deal

• Your responsibility– you’re all adults

– responsible for your own actions and scheduling choices

– if you don’t understand something, ask– Please note academic honesty policy: http://www.cs.columbia.edu/education/honesty

• discussion with others is encouraged - study groups, discussion board, etc.• zero tolerance for cheating or “outsourcing” homework• we’ll clearly identify group work• lock your files -- “just looking” is not acceptable

• Our responsibility– be responsive to your questions

– try to fix problems

Lectures

• Slides for each class– derived from book slides, but modified and enhanced

• Uploaded to Courseworks shortly after class– sometimes updated a bit later

Assignments & Grading

• Grading:– 50% assignments– 20% midterm (closed book)– 30% final (cumulative, closed book)– 0% no “extra credit” work– will be curved

• 6 written assignments (every two weeks)– individually solved

• Late policy– five late days– late assignments will not be graded, but you can submit partial assignments– at noon on due date

CLIC lab

• All programs and kernels must boot & run on the CLIC machines– if not, zero credit– but you can develop at home, on your laptop, …

• You’ll need a CLIC account– https://www.columbia.edu/~crf/accounts/

• You will be assigned a particular CLIC machine for virtual machine use

• Some CLIC machines are for in-person use; others can only be accessed remotely

• No food or drink in CLIC– be considerate -- others are trying to concentrate

Big picture

• What are “systems”?– computer systems vs. software systems

– Analogies• plumbing?• civic infrastructure?• platform?

• Systems = abstraction, sharing & isolation

Abstraction

• messy world nice programming interface– reliable– everything looks the same

• deal with physical diversity (capabilities, technology)

• deal with hardware and environment evolution

• cf. function & object abstraction (“information hiding”)– abstract data type

• provided by OS, networks, security:– OS: everything is a file descriptor

• USB stick to web page

– Networks: everything is a pipe• modem to satellite

– Security: everybody is a principal• human, robot or program

• will identify core abstractions throughout semester

Sharing & isolation

Sharing & isolation

Sharing & isolation

• Networks– can’t run separate wires everywhere– but: ensure “quality of service”

• OS– can’t have own CPU, disk, memory for each program– but: ensure responsiveness, throughput guarantees

• Security– sharing within user group, security maintains group– AAA: Authentication, Authorization, Accounting– who is getting what resource?– administer data sharing

Isolation, in real life

1880’s postcard

Sharing

Today’s system: sharing & isolation at many layers

hardwarehardware

hypervisorhypervisor

LinuxLinux WindowsWindows

multiple tabsmany JavaScripts

Flash plugin

many PHP/Ruby/… scriptsJava servlets

maintenance tasks

• Use OS features (threads, processes) for CPU

• but schedule requests itself• manage memory• manage access to OS resources for

security

• Use OS features (threads, processes) for CPU

• but schedule requests itself• manage memory• manage access to OS resources for

security

Networks and OS

• I/O with dumb devices networks of peripherals with embedded CPUs– printers: parallel port Ethernet

– keyboard: serial port BlueTooth

– USB, Firewire = small packet network

– VGA HDMI DisplayPort

• Convergence– file systems and remote storage

– thin clients

– NetBooks

• Conceptual– similar issues (scheduling, access control, caching, multiplexing)

– abstraction & layering: protocols vs. APIs