Instructor: | Prateek Saxena (prateeks at comp dot nus dot edu dot sg) | |
Room & Timings: | Tue 10:00-12:00, COM1-VCRM | |
Semester: | AY 2022/2023 Semester 1 |
Many practical examples of distributed systems are around us: public cloud services, client-server APIs, blockchains, online social networks, messaging platforms, and so on. These systems are designed to withstand adversarial environments and are often under real attacks. Security is at the heart of designing such systems. The module will expose you to both classical results and present-day research problems in distributed systems security. The class differs from distributed algorithms / systems classes in that we will spend disproportionately large effort talking about worst-case scenarios (e.g. arbitrarily malicious behavior, permissionless networks, etc).
The philosophy of this class: learn only a few things but learn them well. Of course, expect to know about many other exciting concepts and open problems. Distributed systems security is both a very practically relevant and a theoretical sub-field. The examples of algorithms you will see will be short and can appear deceptively simple at first glance. Some of the classical results you will see might appear unbelievable at first. You may find yourself spending considerable time internalizing a single concept, which will sharpen your analytical skills.
At the end of the class, you will:
This class is a research-focused class and not graded on the curve. It counts towards the computer systems cluster requirement for PhD students. I will explain the detailed logistics of the course in the first lecture. There will be no final exam, labs or tutorials. To get the most out of the class, please come to lectures, and ask lots of questions. Naive questions are often the best!
There are 3 components on which you will be tested:
Term Paper. Write a paper about a problem / research question related to distributed systems security (see here for inspiration). Each group must pick a distinct paper to present. The topic will be agreed upon with the instructor by Aug 30th. Thereafter, you are requested to meet the instructor once midway through the semester to discuss your progress and agree on the scope of the final paper. You will be graded on a mid-term draft of the paper and the final submission (see first lecture slides for details).
Class Presentation. A recorded 30-45 minute "lecture-style" presentation (with offline Q&A) of your final paper. Graded on clarity and correctness of exposition.
Extended Learning Exercise. Most lectures will have an extended learning exercise, e.g. a fun problem to think about, a paper to read, and so on. The exercise is given during the lecture and is due in 10 days. Solve it on your own and submit your solution (PDF format) for any 1 lecture topic in this course.
The component weightage in assigning grades is:
Automatic Extension on Submission timelines: You have a total quota of 72 hours for extensions. You can use all or part of it for any submission, without seeking the instructor's permission.
In this class, you will be exposed to several powerful attack techniques. This class is not an invitation exploit vulnerabilities in the wild without informed consent of all involved parties. Attacking someone else's computer system is an offence; you are expected to use your knowledge with discretion.
For all readings and assignments, please feel free to discuss with your peers and use the Internet. But, you should write up your own submissions and cite any external resources you utilize in your write-ups. All students must comply with NUS academic honesty policies.