CS GZ03/M030: Distributed Systems and Security

Instructor

Brad Karp 7.05 MPEB


Meeting Times

UCL Term 1: 29th September, 2008 - 12th December, 2008

  • Monday 1 PM - 2 PM, MPEB 1.20
  • Tuesday 1 PM - 2 PM, MPEB 1.20
  • Thursday 3 PM - 4 PM, Bedford Way G03

  • Mailing Lists

    All important course announcements will be sent to the two official course mailing lists, gz03 and m030. By departmental policy, students must ensure they subscribe to the mailing list for each course they take, are expected to read email daily, and are presumed to read all announcements sent to the course list by the instructor. Further information about how to subscribe to departmental course mailing lists may be found here.

    N.B. that students are also responsible for monitoring the detailed calendar below throughout the term to ensure they are up-to-date on meeting times and readings.


    Detailed Course Calendar

    Roughly the first half of the course concerns how to build robust and efficient distributed systems. We'll cover the security of distributed systems in the second half of the course.

    Each paper appears in the calendar below on the day when it will be covered in lecture. All papers must be read before that lecture! The lectures are designed to assume you've already read the paper. If you haven't, it's highly likely you won't be able to follow the lecture or participate in discussion.

    N.B. that all assigned readings are examinable.

    Lecture notes will be posted no later than immediately after each lecture.

    Monday Tuesday Thursday

    29th Sep

    Course Introduction

    Lecture Notes:
    Introduction to Distributed Systems

    30th Sep

    OS Concepts

    Lecture Notes:
    OS Concepts

    2nd Oct

    Design: Worse Is Better; Concurrent I/O

    Reading: Worse Is Better

    Lecture Notes:
    I/O Concurrency

    6th Oct

    NFS

    Readings: NFS Case Study (handed out in hardcopy),
    Design and Implementation of the Sun Network Filesystem

    Lecture Notes:
    NFS

    7th Oct

    NFS (continued)

    9th Oct

    Programming Coursework Background

    Coursework 1: Programming a Distributed Tickertape
    due noon, Thursday, 30th October, 2008

    13th Oct

    RPC and Transparency

    Lecture Notes:
    RPC and Transparency

    14th Oct

    Ivy: Distributed Shared Memory

    Reading: Ivy

    Lecture Notes:
    Ivy and DSM

    16th Oct

    Ivy (continued)

    20th Oct

    Two-Phase Commit

    Lecture Notes:
    Two-Phase Commit

    21st Oct

    Paxos

    Reading: Paxos

    Lecture Notes:
    Paxos

    23rd Oct

    Paxos (continued)

    27th Oct

    Bayou: Weak Connectivity and Update Conflicts

    Reading: Bayou

    Lecture Notes:
    Bayou

    28th Oct

    GFS: The Google File System

    Reading: GFS

    Lecture Notes:
    GFS

    30th Oct

    GFS (continued)

    Coursework 1 Due: noon

    3rd Nov

    Reading week; no lecture today!

    4th Nov

    Reading week; no lecture today!

    6th Nov

    Reading week; no lecture today!

    10th Nov

    Introduction to Security

    Lecture Notes:
    Introduction to Security

    11th Nov

    User Authentication and Cryptographic Primitives

    Lecture Notes:
    User Authentication and Cryptographic Primitives

    13th Nov

    Cryptographic Primitives (continued)

    17th Nov

    Cryptographic Primitives (continued)

    18th Nov

    The Kerberos Authentication Service

    Reading: Kerberos

    Lecture Notes:
    Kerberos

    20th Nov

    Secure Sockets Layer (SSL)

    Lecture Notes:
    SSL/TLS

    24th Nov

    Reasoning Formally about Authentication: TAOS

    Reading: TAOS

    Lecture Notes:
    TAOS

    25th Nov

    TAOS (continued)

    27th Nov

    Software Vulnerabilities and Exploits

    Reading: Smashing the Stack for Fun and Profit

    Reading: Exploiting Format String Vulnerabilities

    Reading: Once Upon a free()

    Lecture Notes:
    Vulnerabilities and Exploits

    Coursework 2: Security Problem Set
    due noon, Thursday, 11th December, 2008

    1st Dec

    Vulnerabilities and Exploits (continued)

    2nd Dec

    Internet Worms

    Reading: Code-Red Case Study

    Reading: Inside the Slammer Worm

    Lecture Notes:
    Internet Worms

    4th Dec

    Preventing Exploits

    Reading: TaintCheck

    Reading: PaX Overview

    Reading: ASLR Overview

    Reading: Limits of Address Space Randomization

    Lecture Notes:
    Preventing Exploits

    8th Dec

    No lecture today!

    9th Dec

    No lecture today!

    11th Dec

    Containing Buggy Code: Software-based Fault Isolation

    Reading: SFI

    Lecture Notes:
    SFI

    Lecture on Friday, 12th Dec, 1 PM, MPEB 1.02:

    OKWS: Approximating Least Privilege in a Real-World Web Server

    Reading: OKWS

    Lecture Notes:
    OKWS and Least Privilege

    Coursework 2 Due: noon, 12th Dec