USC CSCI 430 Security Systems Lecture notes Fall

USC CSCI 430 Security Systems Lecture notes – Fall 2020 Dr. Jelena Mirkovic University of Southern California Information Sciences Institute

Class Logistics

Class Web Page • http: //ccss. usc. edu/430 – – Syllabus Assignments News Lecture notes • Keep checking it! • Discussion page on Piazza

Contact • Instructor – Dr. Jelena Mirkovic – Office hours W 9 -10, F 11 -12, or by appt via Zoom – Contact via email (sunshine@isi. edu) • TA – Nicolaas Weideman – Office hours M 10 -11 via Zoom – Contact via email (csci 430. nicolaas@gmail. com)

Grading • Grading: – – – CTF exercises: 20% Homeworks: 20% Participation: 10% Midterm Exam: 20% Final Exam: 30% • Grades assigned using the curve below: A A- B+ B B- C+ C C- D+ D D 90 86 83 80 76 73 70 66 63 60 56

Background • What you need for this class – Some basic knowledge of OS and networking (see network primer on class Web page) – I will go over these basics and will remind you of relevant parts when needed in class – Good programming skills in any language – Familiarity with Linux OS – Lots of courage – Ability to learn independently by searching for answers online

Homeworks • Done on Deter. Lab testbed – I will open an account for each of you now – You will get an automated email how to log on – Your first assignment – on the Web page • We’ll have 4 homeworks, each 5% of your grade • Ask for help early – This year, due to Covid-19 emergency, you can submit homeworks any time until the last day of classes – On time submissions carry 2 extra points • Do NOT email testbed ops when you have a problem: – Email instructor or TA, will take points off if you email ops – We can either help with an issue, find out help from Deter. Lab staff or extend a deadline

Class Capture-the-Flag Exercises • Offense/defense exercises done on Deter. Lab testbed • Blue team develops some technology, Red team attacks it • Everyone will have a chance to be on both teams • Each exercise carries 10% of your grade – I’m not looking for extraordinary solutions (although they are welcome) but for good integration of what you learned in class and what you managed to learn off the Internet – Teamwork is important – Schedule is paramount! You have to develop code early and test it thoroughly

Midterm and Final • Open book, open notes (paper only) • Not cumulative (final covers only material from Intrusions and later) • Last 1 h 20 min • We will have reviews in class before each

Class Participation • Class participation is important – Ask and answer questions in class – Ask, answer, participate on-line (Piazza) – I will check the discussion boards once daily but if you want a reliable response from me email me directly – Article presentation in class carries 50% of the participation grade • Class participation carries 10% of your grade

Academic Integrity • What is and is not OK – I encourage you to talk with others if you have questions, and to look for answers online, but everyone must DO their work ALONE – Do not turn in the work of others – Do not give others your work to use as their own – Do not plagiarize from others (published or not) – Do not try to deceive the instructor – If you find answers online, read them, take an hour break and then try to write down the answer without looking back online • See the Web site – More guidelines on academic integrity – Links to university resources – If in doubt, ask • You can always ask me or TA for help!

Deter. Lab Testbed • Shared testbed where users can get exclusive access to invidual physical machines http: //isi. deterlab. net – Customize topology and OS – Sudo access, install packages, send traffic – We will use Deter. Lab for homeworks and CCTFs • Go ahead and log into Deter. Lab, then access node A in the test experiment – Check USC email – Set up password, your full name and phone – SSH to users. deterlab. net and then SSH to A. test. USC 430 – Create a local file and copy it to A – Create a file on A and copy it to your laptop

What you see on Deter. Lab SSH B SSH users A C D Links Network black grey IPs IP example DNS name DNS example experimental any but 192. 168. x. x 1. 2. 3. 4 Short name, no dots A control 192. 168. 1. 2 Long name node. exp. proj A. test. USC 430 192. 168. x. x

What’s behind the scenes Long name users exp. switch A Short name B control switch C D Links Network black grey IPs IP example DNS name DNS example experimental any but 192. 168. x. x 1. 2. 3. 4 Short name node A control 192. 168. 1. 2 Long name node. exp. proj A. test. USC 430 192. 168. x. x

Shared directories on all nodes SSH (long name) SSH users B /users/usc 430 aa /proj/USC 430 SSH, ping, etc (short name) 100 Mbps A 100 Mbps C 1 Gbps D boss Links Network black grey IPs IP example DNS name DNS example experimental any but 192. 168. x. x 1. 2. 3. 4 Short name, no dots A control 192. 168. 1. 2 Long name node. exp. proj A. test. USC 430 192. 168. x. x

Deter. Lab How. To 1. Create local file on your laptop: touch usc 430 ab. txt (use your username) 2. Get the file to the testbed on your laptop in terminal win: scp usc 430 ab. txt usc 430 ab@users. deterlab. net: usc 430 ab. txt: . 3. The file is now in your home directory on all nodes

Deter. Lab How. To 1. Create file on A: touch usc 430 ab. txt (use your username) 2. Get the file out on your laptop in terminal win: scp usc 430 ab@users. deterlab. net: usc 430 ab. txt. 3. Create file on A in /tmp folder cd /tmp touch usc 430 ab. txt ls /tmp 4. Get the file out, on A type: cp /tmp/usc 430 ab. txt ~/ apply approach 2 to get it out

Deter. Lab Cheat Sheet Problem Solution Can’t get machines Wait an hour and retry Can’t SSH to my machine Did you swap in first? I get “permission denied” or similar message on my machine Put sudo in front like sudo rm file. txt How do I transfer files in and out? Use scp How do I access my machine? SSH to users. deterlab. net then SSH into your machine from there using long name My experiment swapped out but I was still Adjust “Experiment settings” in working on it My. Deterlab view on Web UI This worked on my computer but it doesn’t work on Deterlab It has to work on Deterlab I cannot access outside repositories from my experiment Linux repos are mirrored. For everything else download onto your machine then scp into Deterlab I have questions Email me or TA any time or post on Piazza

Do’s and Don’ts Do Don’t Use short names to access between machines in your experiment, e. g. ping A Use long names unless you’re SSH-ing from users to your machine, e. g. , don’t ping A. myexp. USC 430 Store large files locally, e. g. , sudo /usr/local/etc/emulab/mkextrafs /mnt/local Store large files in your home directory Create a modest number of files, e. g. , 100 s Create millions of files in your home or 1000 s directory Always ensure you are executing commands on your experimental machine Type homework commands on users machine Read assignments carefully and start on time Wait until the night before the deadline to start a homework Ask questions early Give up on a homework

Action Logs • All your actions on Deterlab are logged – Logs help me offer appropriate help to each student since they tell me what you have tried on the testbed so far – Logs help me assess how well the whole class is doing – Logs also tell me if you have engaged with the testbed or not – and may prompt a warning from me • Logs do not affect your grade directly but they do inform my opinion of your effort • You may see some suggestions as you work on homeworks – Printed messages on your screen that should help you if you are stuck