Operating Systems 2015F Lecture 21
Video
The video for the lecture given on November 25, 2015 is now available.
Notes
Lecture 21 ---------- no last assignment What is research? * Asking questions and figuring out the answers * Questions are much more important than answers * Questions are much *harder* than answers What question you ask determines what answer you'll get The research literature - many many publications - hard to tell what is any good Reseachers know who to trust in their area, and, how in general to determine trust - do spot checks for obvious errors, based on what you do know - do they give full details about what they did? could you reproduce it? - surprising results require extraordinary evidence If you're outside the field, look at - publication reputation - citation counts and quality to learn more about operating systems research... what are the well-respected venues? Conferences, not journals USENIX OSDI ACM SOSP When should you *really* look at the research literature? You're trying to solve a hard problem and aren't sure what approach to take. * look to see what other people have done in response to similar problems! What about computer security? * even more publications But there's a truth to research... - most of it isn't any good Why? - a lot of research doesn't work in practice - a lot of conclusions are premature Computer security research is mostly bad Cryptography is mostly bad. And dangerous. * easy to implement * hard to implement well If you make a mistake, your crypto is worse than useless * security cannot be specified or completely defined * attacks exploit details that you didn't think about Timing attacks Game in encryption: encrypt and decrypt without disclosing the plaintext or the key For many encryption algorithms, execution time is a function of the plaintext and/or key Watch how long a computer takes to encrypt something, and you can figure out the key 1970's, Data Encryption Standard (DES) - first developed by IBM - "fixed" by the NSA - halved the key (much easier to break) - fiddled with the constants in the algorithm Any security technology may improve and reduce your security at the same time security is confidentiality, availability, and integrity Example: encrypting a hard disk Why not use biometrics - fingerprints - facial recognition It is all about your threat model - any technology helps with certain risks and harms versus others - what do you care about? Tradeoffs are inherent to technology