Resilient Networks Copyright 2008 UC Regents. all rights reserved 0. Preliminaries Mathias Fischer 1
Who is Who Prof. Dr. Mathias Fischer Assistant Professor for IT-Security and Security-Management mfischer@informatik.uni-hamburg.de iss.informatik.uni-hamburg.de Teaching Assistant Steffen Haas (haas@informatik.uni-hamburg.de) will be involved in one of the reading groups Apart from that you are mainly depending on me alone Questions? Feel free to contact us. Consultation Just drop me an email, pass by my office 2
ISS @ UHH Scope and Research Goals Resilient and privacy-preserving services Critical infrastructure protection Research Topics Resilient P2P Networks Anonymous and censorship resistant communication Security monitoring and data analytics IDS, Honeypots Collaborative Intrusion Detection Botnet monitoring 3
Course Schedule Winter term 2016 Starts October 17th and ends February 4 th Christmas break from December 24 th January 8th Lecture Tuesdays 10:15 am 11:45 am Starts October 18th and ends January 31st Exercise Exercise course Tuesdays 08:15 am 08:45 am Exercise starts October 25th, ends January 31st 4
Slide history and Course Language Slide history Based on a course given at TU Darmstadt Network design part derived from book: Michal Pioro and Deepankar Medhi - Routing, Flow, and Capacity Design in Communication and Computer Networks, The Morgan Kaufmann Series in Networking, 800 pages, 2004 Some slides taken from earlier courses at TU Ilmenau, Uni Mannheim Heavily derived from Protection of Communication Infrastructures of Prof. G. Schäfer in Ilmenau A lot of additional content, updates, figures, etc. newly added Course Language Slides are in English Papers are in English Presentation as you prefer (we made an election) 5
Pre-requisites Basic knowledge about networks and network protocols Basic knowledge in cryptography Some knowledge on mathematical optimization problems helpful, but not required 6
Course Objectives Considering the Internet: networking is an essential service, hence the networking infrastructure is/may be the main target of attacks! Now what!? Main topics of the course are: Resilient network design Security/resilience of deployed, crucial networks, networking functions, and network protocols DoS Attacks and countermeasures Intrusion detection (and response) This course is not a lecture on: Classic network security ;) System security 7
Preliminary Course Overview 1. Introduction 2. Graph Theory 3. Resilient Network Design 4. Resilient Routing + Reading Group + Few practical exercises 5. Domain Name System (DNS) Security 6. Denial of Service Attacks (DoS) and Countermeasures 7. Intrusion Detection and Response There will be some ex-cathedra parts, but please ask and discuss as much as possible! 8
The Exercise Course (1) Reading group Exercise course mostly organized as reading group Papers (links) available on the webpage (soon) Read papers early One or two papers with relation to lecture topics will be presented (by a random one of you!) and discussed (by you!) each week (please take note of the emphasize on YOU :-) ) 9
Reading Group Intention of the reading group is to learn from good (and bad) scientific papers that what others do is mostly no rocket science how to read a paper properly (for sure not in the order from beginning to the end!) Different kinds of papers Papers: the classic form of scientific content spreading Journal papers: based on conference paper +30% new content Surveys: summarizing a field or research area 10
Reading Group Reviewing Papers 1. Paper idea What is the field of research? What is the motivation of the paper? What is the problem the paper tries to solve? What is the research question? How relevant is this research? What is the paper hypothesis? 2. Paper content What are the assumptions of the paper? Which definitions are contained? What is the idea for solving the problem? How is the evaluation carried out? What about the results? 3. Critical acclaim: merits & shortcomings 11
Reading Group Reviewing Surveys (1) 12
Reading Group Reviewing Surveys (2) 1. What is the field of research? What is the exact problem domain? 2. Survey content What are the assumptions in the survey? Which definitions are used? Aspects, requirements, concepts, properties? Which classification is used? 3. Critical acclaim Sensibility of classification Completeness of the survey Merits & shortcomings 13
The Exercise Course Few complementary exercises Some exercises will request you to do something practical Will be announced during the lecture and on the website Solutions will be Submitted by you in advance and/or presented by one of you during an exercise Successful participation in the seminar requires you to to submit solutions to the practical tasks, to present at least one paper or one solution of a practical exercise task 14
Attendance Attending lectures is voluntary. I don t take your absence personally. Some (a small minority of) people is better off by reading a book However, there is a correlation between attendance and successful exams Attending seminars/exercises is semi-voluntary ;) You will need to submit assignments You will need to present at least once You should participate in discussions during reading group as this is already a good preparation for the exam 15
The Exam There will be an oral exam. Content: lecture + exercise (=reading group and exercises) Pre-requisite: successful participation in the seminar You will need to make an appointment Possible dates will be published No written material allowed (books, slides, notes) Except language dictionaries for non-native speakers (German/English), without any personal add-ons, handwritten comments, supplements, etc. If needed, we will provide a list of important equations Procedure Questions available in German (and English upon request) Answers given in German (and English upon request) All necessary information (will be) on the website 16
Takeaways from this course Terminology: You are capable to communicate with (other) security experts. Understanding: You are able to understand security problems. You can read and understand security papers. Awareness: You are aware of security challenges when implementing / developing own (resilient) systems. + hopefully some knowledge on how to solve those challenges! 17
Preliminary Schedule (expect changes ;) October 2016 December 2016 Mon Tues Wed Thurs Fri Sat Sun Mon Tues Wed Thurs Fri Sat Sun 26 27 28 29 30 1 2 28 29 30 1 2 3 4 3 4 5 6 7 8 9 5 6 7 8 9 10 11 10 11 12 13 14 15 16 12 13 14 15 16 17 18 17 18 19 20 21 22 23 19 20 21 22 23 24 25 24 25 26 27 28 29 30 26 27 28 29 30 31 1 31 1 2 3 4 5 6 January 2017 Mon Tues Wed November 2016 Thurs Fri Sat Sun Mon Tues Wed Thurs 26 27 28 29 Fri 30 31 Sat 1 Sun 31 1 2 3 4 5 6 2 3 4 5 6 7 8 7 8 9 10 11 12 13 9 10 11 12 13 14 15 14 15 16 17 18 19 20 16 17 18 19 20 21 22 21 22 23 24 25 26 27 23 24 25 26 27 28 29 28 29 30 1 2 3 4 30 31 1 2 3 4 5 Lecture Lecture + Reading Group Lecture + Exercise 18
Questions? http://xkcd.com/1256/ 19