Introduction CS 239 Security for Networks and System
Download
Report
Transcript Introduction CS 239 Security for Networks and System
Introduction
CS 188
Secure Design for Embedded
Systems
Peter Reiher
January 3, 2011
CS 188, Winter 2011
Lecture 1
Page 1
Purpose of Class
• To teach students about designing
secure systems
• While also considering other important
system requirements
– Functionality
– Power use
• Via actual system design
CS 188, Winter 2011
Lecture 1
Page 2
Description of Class
•
•
•
•
•
•
General outline of class
Prerequisites
Grading
Reading materials
Office hours
Web page
CS 188, Winter 2011
Lecture 1
Page 3
Outline of Class
• Not a lecture class
– I’ll talk today and Wednesday, but no
more lectures
• Based on actual design, building, and
evaluation of a working system
• Using teams of students
• Working on assigned projects
• Grading based entirely on project elements
CS 188, Winter 2011
Lecture 1
Page 4
So What Will You Learn?
• Practical experience in designing
systems with security goals
• Practical experience in designing
systems for embedded platforms
• Practical experience in evaluating the
power use of systems
CS 188, Winter 2011
Lecture 1
Page 5
How Will It Work?
• Teams of students will be assigned to
one of five projects
– 4-5 students per team
• Each team will design and built a
working system
• Presenting results at the end of the
class
CS 188, Winter 2011
Lecture 1
Page 6
Choosing Projects
• I will present the five projects later today
• Each student will send an ordered list of the
projects he prefers
• I will assign team members and projects
– I’ll listen to particular appeals for team
membership
– But don’t guarantee I’ll agree to them
CS 188, Winter 2011
Lecture 1
Page 7
Class Activities
• Each team will meet with the professor
and TA each week
– To discuss progress and problems
• Teams will create and defend a design
• Teams will build to that design
• Teams will evaluate their prototype
• And present their results
CS 188, Winter 2011
Lecture 1
Page 8
The Design Platform
• The Intel ATOM
– A popular platform for embedded
systems
– X86-based
• Running the Linux OS
• Augmented with special powermeasurement capabilities
CS 188, Winter 2011
Lecture 1
Page 9
The LEAP Technology
• A power-measurement technology
developed at UCLA
– By Prof. William Kaiser
• Allows unprecedented detailed
measurement of power use
CS 188, Winter 2011
Lecture 1
Page 10
The Atom LEAP Platform
CS 188, Winter 2011
Lecture 1
Page 11
Another View
CS 188, Winter 2011
Lecture 1
Page 12
More On LEAP
• LEAP allows energy measurement of
individual system components
• Also allows measurement of power use
by particular pieces of code
– Controllable by the programmer
CS 188, Winter 2011
Lecture 1
Page 13
What Can You Measure?
•
•
•
•
•
CPU power use
Memory power use
Disk power use
Bridge power use
Individual power costs for each
component
CS 188, Winter 2011
Lecture 1
Page 14
Energy Calipers
• Technique used to measure power
costs of particular code
• Essentially establishes a start and end
point in code for measurement
• Gives power use of that code for each
measured component
CS 188, Winter 2011
Lecture 1
Page 15
How Does It Work?
• An external DAQ samples power use
• A clock signal synchronizes the DAQ
outputs and the energy calipers
– Indicated when the code was entered
and exited
• Since signals are synchronized,
software can assign power to code
– Sync granularity is 100 msec
CS 188, Winter 2011
Lecture 1
Page 16
LEAPFrog
• LEAP For Repetitive, Organized
Gathering
• Tool to make experimentation with
LEAP easier
– Eases running multiple experiments
– Better user interface for LEAP
– Better formatting of results
CS 188, Winter 2011
Lecture 1
Page 17
Prerequisites
• CS111 (Operating Systems)
• CS 136 (Computer Security)
• If you aren’t familiar with this
material, you’ll be at a disadvantage
– Talk to me if you want to take this
class, anyway
• Some knowledge of embedded systems
won’t hurt
CS 188, Winter 2011
Lecture 1
Page 18
Teaching Assistant
• Peter Peterson
– [email protected]
• No formal recitation sections
• But will work closely with students on the
Atom LEAPs
• Will also work with me on group meetings
• Office hours: TBA
CS 188, Winter 2011
Lecture 1
Page 19
Grading
•
•
•
•
•
•
All based on projects
No tests, no homeworks
Project design – 20%
Weekly updates (weeks 2-9) – 40%
Final presentation – 10%
Final report – 30%
CS 188, Winter 2011
Lecture 1
Page 20
Class Format
• Few lectures
– Today, we talk about the class
organization
– Wednesday, we talk about evaluation
issues
• Group presentation in last week
• No class meetings in weeks 2-9
CS 188, Winter 2011
Lecture 1
Page 21
Weekly Group Meetings
• One hour meeting every week for each
group
• Some during scheduled hours
• Others at mutual convenience
• With professor and TA
• Attendance is mandatory for all group
members
CS 188, Winter 2011
Lecture 1
Page 22
What Happens at the Group
Meetings?
• Each is a research meeting for that
group
• To present and discuss design and
implementation issues
• To update professor on progress
CS 188, Winter 2011
Lecture 1
Page 23
Your Basic Schedule
• Week 1: Choose projects
• Week 2-3: Design your project and
security evaluation of its design
• Week 4-7: Implementation of project
• Week 8-9: Performance, power,
security evaluation of project
• Week 10: Present your project
CS 188, Winter 2011
Lecture 1
Page 24
Reading Materials
• No required reading materials
• There’s one copy of an Atom book that
I can share with the class
• Some materials related to the projects
produced by Peter Peterson
• Other materials made available on web
site
CS 188, Winter 2011
Lecture 1
Page 25
Office Hours
• MW 2-3
• Held in 3532F Boelter Hall
• Other times available by prior
arrangement
• Above and beyond weekly group
meetings
CS 188, Winter 2011
Lecture 1
Page 26
Class Web Page
http://www.lasr.cs.ucla.edu/classes/188_winter11
• Slides for lectures will be posted there
– But there are only two lectures
– In 6-up PDF form or Powerpoint
• Schedule for group meetings posted
there
• Materials for using Atom LEAPS there
CS 188, Winter 2011
Lecture 1
Page 27
Why a Class on Secure Software
Design?
• Software is usually designed to meet
some particular need
• That need is usually not securityrelated
• But software designed without
considering security won’t be secure
– And it won’t be easy to fix that
CS 188, Winter 2011
Lecture 1
Page 28
How Do You Learn Secure
Design?
• Primarily by doing it
• There are some principles and
approaches that help
• But you really only get there through
practice
• You’re going to get some practice here
CS 188, Winter 2011
Lecture 1
Page 29
The Tricky Thing About Security
Design
• Again, the primary goal of the software
isn’t to be secure
• It has to meet functionality goals first
• And performance goals
• And, for embedded systems, power goals
• AND it has to be secure
• A classic example of engineering tradeoffs
CS 188, Winter 2011
Lecture 1
Page 30
So What Will You Be Doing?
• You’ll be assigned one of five projects
– All security related
• You’ll design software to solve a
problem
• You’ll implement that software on the
ATOM
• You’ll use LEAP to investigate its
power properties
CS 188, Winter 2011
Lecture 1
Page 31
The zPad
• A fictional project to develop a poweraware highly secure pad computer
• Atom is a reasonable hardware
platform for it
– Linux is underlying software
• You will work on important pieces of
the system
CS 188, Winter 2011
Lecture 1
Page 32
The Five Projects
•
•
•
•
•
CryptoFlex
PowerZone
OffLoading
ElectricSandbox
CryptoDisk
CS 188, Winter 2011
Lecture 1
Page 33
CryptoFlex
•
•
•
•
Alter crypto used for network transmissions
Based on power status and security posture
Reduce crypto strength when power is low
Prioritize use of crypto among different
transmissions to minimize power use
• Students build part of system that makes
decisions and alters crypto accordingly
CS 188, Winter 2011
Lecture 1
Page 34
PowerZone
• Depending on threat level and power status,
allow security apps to alter behavior
– E.g., firewalls and antivirus software
– Delaying scans, prioritizing operations,
etc.
• General interface for apps to make these
decisions
• Build general framework and two sample
apps using it
CS 188, Winter 2011
Lecture 1
Page 35
OffLoading
• Certain security-related operations use a lot
of power
– E.g., PK authentication
• Could offload some operations to a server
– Which would require wireless
transmissions, which also burn power
• When will this win?
• Investigate this idea and build framework to
test when it wins and loses
CS 188, Winter 2011
Lecture 1
Page 36
ElectricSandbox
• Untrusted code can be run in a sandbox to
provide greater protection
• But at what power cost?
– Different sandboxing approaches might
have different costs
• Design basic sandboxing systems and
investigate power costs of running them
CS 188, Winter 2011
Lecture 1
Page 37
CryptoDisk
• Data can be protected on disk via full-disk
encryption
– Which can be done in hardware or
software
• Which is more suitable for this kind of
device?
• Build software full disk encryption and
investigate performance costs of SW and
HW full disk encryption
CS 188, Winter 2011
Lecture 1
Page 38
Common Elements of Projects
•
•
•
•
•
All require design
All require software implementation
All require security evaluation
All require performance evaluation
All require energy use evaluation
CS 188, Winter 2011
Lecture 1
Page 39
Security Design
• All five projects are security related
• But it’s equally important that the
systems you build are secure
– In design and implementation
• Requires attention to secure design and
coding techniques
• And security evaluations
CS 188, Winter 2011
Lecture 1
Page 40
Evaluating Your Systems
• Must evaluate your system for
functionality, performance, power, and
security
• Each is different kind of evaluation
– And each particular to the project
• But all require experimentation
– Some material on that presented next
class
CS 188, Winter 2011
Lecture 1
Page 41