Operating Systems 2015F Lecture 22: Difference between revisions

From Soma-notes
Created page with "==Video== The video for the lecture given on November 25, 2015 [http://homeostasis.scs.carleton.ca/~soma/os-2015f/lectures/comp3000-2015f-lec21-25Nov2015.mp4 is now available..."
 
Replaced content with "==Notes== * Explain generating, format of patches for reports"
Line 1: Line 1:
==Video==
The video for the lecture given on November 25, 2015 [http://homeostasis.scs.carleton.ca/~soma/os-2015f/lectures/comp3000-2015f-lec21-25Nov2015.mp4 is now available].
==Notes==
==Notes==


<pre>
* Explain generating, format of patches for reports
Lecture 21
----------
 
no last assignment
 
What is research?
* Asking questions and figuring out the answers
* Questions are much more important than answers
* Questions are much *harder* than answers
 
What question you ask determines what answer you'll get
 
The research literature
- many many publications
- hard to tell what is any good
 
Reseachers know who to trust in their area, and, how in general to determine trust
- do spot checks for obvious errors, based on what you do know
- do they give full details about what they did? could you reproduce it?
- surprising results require extraordinary evidence
 
 
If you're outside the field, look at
- publication reputation
- citation counts and quality
 
to learn more about operating systems research...
what are the well-respected venues?
 
Conferences, not journals
 
USENIX OSDI
ACM SOSP
 
When should you *really* look at the research literature?
 
You're trying to solve a hard problem and aren't sure what approach to take.
* look to see what other people have done in response to similar problems!
 
What about computer security?
* even more publications
 
But there's a truth to research...
- most of it isn't any good
 
Why?
- a lot of research doesn't work in practice
- a lot of conclusions are premature
 
Computer security research is mostly bad
 
Cryptography is mostly bad.  And dangerous.
* easy to implement
* hard to implement well
 
If you make a mistake, your crypto is worse than useless
* security cannot be specified or completely defined
* attacks exploit details that you didn't think about
 
Timing attacks
 
Game in encryption: encrypt and decrypt without disclosing the plaintext or the key
 
For many encryption algorithms, execution time is a function of the plaintext and/or key
 
Watch how long a computer takes to encrypt something, and you can figure out the key
 
1970's, Data Encryption Standard (DES)
- first developed by IBM
- "fixed" by the NSA
  - halved the key (much easier to break)
  - fiddled with the constants in the algorithm
 
Any security technology may improve and reduce your security at the same time
 
security is confidentiality, availability, and integrity
Example: encrypting a hard disk
 
Why not use biometrics
- fingerprints
- facial recognition
 
It is all about your threat model
- any technology helps with certain risks and harms versus others
- what do you care about?
 
Tradeoffs are inherent to technology
</pre>

Revision as of 21:31, 25 November 2015

Notes

  • Explain generating, format of patches for reports