CS 6393: Security Architectures for Cloud and Distributed Systems
Spring 2014, Friday 10am-12:30pm, Location: FLN 3.02.10A
Course prerequisties will be strictly enforced
- 13/3/14: Presentation schedule revised. All presentations will be in ICS conference room. Yuan Cheng and Xin Jin PhD defenses scheduled. See special events in weekly schedule.
- 30/1/14: Major update.
- 12/10/13: Intial web site created. Next expected update after start of Spring 2014 semester.
- Watch this space
for important announcements throughout the course. Recent announcements will be at top and highlighted in red.
- Currently enrolled in CS PhD program at UTSA.
- Successfully passed CS PhD qualifying examination.
- Completed CS 5323 Principles of Information Security.
- Knowledge of OpenStack and AWS programming highly desirable.
- Prerequisites will be strictly enforced. No exceptions.
- 6393 Advanced Topics in Computer Security (3-0) 3 hours credit.
Analysis of computer security. The topics may include but are not limited to database and distributed systems security, formal models for computer security, privacy and ethics, intrusion detection, critical infrastructure protection, network vulnerability assessments, wireless security, trusted computing, and highly dependable systems. May be repeated for credit when topics vary.
- This course is different from any prior offering of CS 6393. It is eligible for repeated credit.
- Lectures with supporting papers from the literature.
- Programming projects on OpenStack, AWS and possibly other cloud platforms.
- Modeling projects to relate security features of OpenStack, AWS and possibly other cloud platforms, to formal security models.
- This is a research-oriented course designed for post-qualifier CS PhD students.
- Primary goal is to develop broad and deep understanding of security features of current cloud platforms and their possible shortcomings.
- Identify high potential topics for cloud security research.
- Grading will be based on: (i) individual term project, (ii) project presentation and discussion, and (iii) participation in class discussions.
- The weekly schedule is subject to change and adjustment as the semester proceeds.
- Assigned readings for a lecture are expected to be read in full in advance of the lecture for maximum benefit. Readings marked as partial are not required to be read in full. Selected aspects will be covered in class. Readings marked as reference should be reviewed as indicated in each case and will only be discussed briefly in class.
Schedule by Week: In Progress
Part 1: Lectures by Prof. Sandhu
- 1/17/14: Reprise of 4/12/13 and 4/19/13 lectures from CS 6393 Spring 2013
- 1/24/14: UTSA closed due to inclement weather
- 1/31/14: Virtualization
Read in Full:
- Diego Perez-Botero, Jakub Szefer, and Ruby B. Lee. 2013. Characterizing hypervisor vulnerabilities in cloud computing servers. In Proceedings of the 2013 international workshop on Security in cloud computing (Cloud Computing '13 at AsiaCCS).
- 2/07/14: Virtualization
Read in Full:
- Smith, J.E. and Nair, R., The Architecture of Virtual Machines," IEEE Computer , vol.38, no.5, pp.32-38, May 2005.
- SCOPE Alliance. Virtualization: State of the Art. Version 1.0, April 3, 2008. 18 pages.
Read in Part:
- Gabor Pik, Levente Buttyan, and Boldizsar Bencsath. 2013. A survey of security issues in hardware virtualization. ACM Comput. Surv. 45, 3, Article 40 (July 2013)
- Xen project wiki
- Xen Server and OpenStack wiki
- The deployment architecture of Xen with OpenStack
- How to install Xen with Ubuntu 12.04
- A note on XCP and XAPI
Read in Part:
- Uhlig, R.; Neiger, G.; Rodgers, D.; Santoni, A.L.; Martins, F.C.M.; Anderson, A.V.; Bennett, S.M.; Kagi, A.; Leung, F.H.; Smith, L., "Intel virtualization technology," IEEE Computer , vol.38, no.5, pp.48,56, May 2005
- Yaozu Dong, Shaofan Li, Asit Mallick, Jun Nakajima, Kun Tian, Xuefei Xu, Fred Yang, Wilfredd Yu. "Extending Xen With Intel Virtualization Technology." Intel Technology Journal 10.3 (2006): 193-203
- Michael Pearce, Sherali Zeadally, and Ray Hunt. 2013. Virtualization: issues, security threats, and solutions. ACM Comput. Surv. 45, 2, Article 17 (March 2013), 39 pages.
Read as Reference:
- Gerald J. Popek and Robert P. Goldberg. 1974. Formal requirements for virtualizable third generation architectures. Commun. ACM 17, 7 (July 1974), 412-421.
- R.L. Brown, P.J. Denning, W.F. Tichy, "Advanced Operating Systems," Computer, vol. 17, no. 10, pp. 173-190, October, 1984
2/21/14: Open discussion on access control in the cloud, in OpenStack and in AWS
2/28/14: No class. Project work day.
3/07/14: I/O virtualization
Read in Part:
- Waldspurger, Carl, and Mendel Rosenblum. "I/O virtualization." Communications of the ACM 55.1 (2012): 66-73.
- Simon Crosby and David Brown. 2006. The Virtualization Reality. Queue 4, 10 (December 2006), 34-41.
- Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. 2003. Xen and the art of virtualization. In Proceedings of the nineteenth ACM symposium on Operating systems principles (SOSP '03).
- Santos, Jose Renato, et al. "Bridging the Gap between Software and Hardware Techniques for I/O Virtualization." USENIX Annual Technical Conference. 2008.
3/14/14: Spring Break. No class.
3/21/14: No class. Project work day.
3/28/14: No class. Project work day.
Part 2: Presentations by students: In ICS Conference room
4/04/14: Xin Jin: Attribute Based Access Control and Implementation in Infrastructure as a Service Cloud
4/11/14: Bo Tang: Multi-Tenant Access Control for Collaborative Cloud Services
4/15/14: Tuesday make up class. Dang Nguyen: Provenance-based Access Control in Cloud IaaS
4/16/14: Wednesday special event: Yuan Cheng PhD defense, CS conference room, 10am-12noon
4/18/14: Khalid Bijon Zaman: Risk-Aware Role and Attribute Based Access Control Models
4/22/14: Tuesday special event: Xin Jin PhD defense, CS conference room, 10am-12noon
4/23/14: Wednesday make up class. Prosunjit Biswas: ZeroVM Background
4/25/14: Navid Pustchi: Multi Cloud
- Robert Wahbe, Steven Lucco, Thomas E. Anderson, and Susan L. Graham. 1993. Efficient software-based fault isolation. SIGOPS Oper. Syst. Rev. 27, 5 (December 1993), 203-216.
- Strauss, David. "Containers---Not Virtual Machines---Are the Future Cloud." Linux Journal. 2013.
4/29/14: Tuesday make up class. Tahmina Ahmed: ABAC safety and analysis
4/30/14: Wednesday make up class. Discussion with Dolph Mathews, Rackspace, OpenStack-Keystone leader.
Bo slides (pdf)
Navid slides (pptx)
5/01/14: Thursday make up class. Amy Zhang: Information Sharing in Cloud
- Lee Badger, Tim Grance, Robert Patt-Corner and Jeff Voas. "Cloud Computing Synopsis and Recommendations." NIST Special Publication 800-146, May 2012.
- Bohli, J.-M.; Gruschka, N.; Jensen, M.; Iacono, L.L.; Marnau, N., "Security and Privacy-Enhancing Multicloud Architectures," Dependable and Secure Computing, IEEE Transactions on , vol.10, no.4, pp.212,224, July-Aug. 2013.
- Vandenberghe, Wim, et al. "Architecture for the heterogeneous federation of future internet experimentation facilities." Future Network and Mobile Summit (FutureNetworkSummit), 2013. IEEE, 2013.
- Chadwick, David W., et al. "Adding Federated Identity Management to OpenStack." Journal of Grid Computing (2013): 1-25.
- del Castillo, Lorenzo, et al. "OpenStack Federation in Experimentation Multi-cloud Testbeds." (2013).