1 / 19

Ken Cureton August 2014 cureton@usc

SAE 599: Resilient, Cyber Secure Systems & System-of-Systems University of Southern California Viterbi School of Engineering Systems Architecture & Engineering (SAE). Ken Cureton August 2014 cureton@usc.edu. SAE 599 General Objective. Part of Systems Architecting & Engineering (SAE) Series

landon
Télécharger la présentation

Ken Cureton August 2014 cureton@usc

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SAE 599:Resilient, Cyber SecureSystems & System-of-Systems University of Southern CaliforniaViterbi School of EngineeringSystems Architecture & Engineering (SAE) Ken Cureton August 2014 cureton@usc.edu

  2. SAE 599 General Objective • Part of Systems Architecting & Engineering (SAE) Series • Objective:“Provide System Engineers and Architects with Methods and Tools for the Design and Analysis of Current and Future Complex Systems and System-of-Systems, with Emphasis on Cloud Computing, Cyber Security, and Resiliency.” • Elective Course in University of Southern California’s Masters Program in Systems Architecting & Engineering • New Class Starting in Fall 2014 • Will be re-numbered and added to the Course Catalog when formally approved by the University • Supplants SAE 574: Net-Centric Systems Architecting & Engineering SAE_599_Proposal.ppt

  3. SAE 599 Detailed Learning Objectives • To provide students with the ability to develop & understand requirements and apply the right analytical methods when architecting complex System-of-Systems • To improve the students’ understanding of the role of system architects and their relationship to systems engineering of complex System-of-Systems • To introduce the students to new and advanced topics relevant to complex System-of-Systems architecting and modeling • Emphasis on the Systems Architecting & Systems Engineering of Cloud Computing, Cyber Security, and Resiliency • To improve the students’ ability to generate a professional-level research paper, suitable for presentation at a systems engineering conference or publication in a professional journal SAE_599_Proposal.ppt

  4. SAE 599 Class Format • Semester Class, 16 Weeks, One night/week • 13 Weekly Lectures, 2 hours 40 minutes each • 2 days off (Holiday or Break, Study Days) • 1 Final Exam week (scheduled but not used) • Distance Learning Format • Few (if any) students in the TV Studio, majority of students attending remotely via Distance Learning • Class content webcasted for online/offline viewing • Webex for real-time interaction; E-mail, Telephone, and Office Hours for backup interaction • Class content talking points and illustrations in PowerPoint format, hosted on Blackboard Software for student preview • Blackboard Software used for repository of class lecture content, assignment submission & grade recording, andoff-line discussion Boards SAE_599_Proposal.ppt

  5. SAE 599 Class Grading • One Research Paper required of each student • In place of a Final Exam, 2/3 of class grade • Papers are typically 25 single-spaced pages, suitably formatted for publication in a technical journal • Student materials on “How to Write a Research Paper” • Students are encouraged to e-mail Instructor with questions, outlines, drafts, etc. • Students choose research topic • Submit abstract for approval by Instructor • Bi-Weekly Homework • In place of a Mid-Term Exam, 1/3 of class grade • Structured analysis required for paper, homework • Specific analyses required in each case to demonstrate student’s ability to apply the class fundamentals SAE_599_Proposal.ppt

  6. SAE 599 Lecture #1 • Syllabus • Definitions & Characteristics • Systems Architecting & Systems Engineering • Resilient Systems • System-of-Systems & System-of-Systems Engineering • Evolution of Service-Oriented Architectures(leading up to Cloud Computing) • Networked System Characteristics(fixed/mobile networks, fixed/mobile nodes) • Cyber Security • Net-Enabled Ecosystem, Emergent Behavior • Complexity Theory applied to Complex Networked Systems (such as Cloud Computing) SAE_599_Proposal.ppt

  7. SAE 599 Lecture #2 • Characteristics of Cloud Computing Architectures(from a Systems Architecting/ Systems Engineering Perspective) • Fundamentals of Service-Oriented Architectures (SOA) • Data-as-a-Service (DaaS) • Infrastructure-as-a-Service (IaaS) • Platform-as-a-Service (PaaS) • Software-as-a-Service (SaaS) • Into the Future: Everything-as-a-Service? • Public/Private (or Hybrid) Clouds • Mobile (or Tactical) Clouds • Open/Standard & Proprietary/Closed Cloud Interfaces SAE_599_Proposal.ppt

  8. SAE 599 Lecture #3 • Benefits & Drawbacks of Cloud Computing • The Business Case: • Reduced Cost & Development Time • Commonality & Open Applications • Software Development Support Environment • Agility to Meet Changing Environment • The Risks & Drawbacks: • System Complexity • Shared Multi-tenant Environment • Internet-facing Services • Loss of Some Control • Visibility of Governance & Policy Adherence • Security & Trust SAE_599_Proposal.ppt

  9. SAE 599 Lecture #4 • Sample Application of Cloud Computing • Response to a Major Complex Humanitarian Disaster • Haiti Earthquake: 12 Jan 2010, M7 Earthquake • Multi-National Incident Response • Dissimilarity of Organizations • Military & Other Government Organizations,Non-Governmental Organizations, Private Entities • Lack of Surviving Infrastructure • Use of Cloud-Based Services to Coordinate activities for: • Search-And-Rescue, Medical Transportation, Logistics of Supply Pickup/Storage/Delivery, Peace-Keeping (e.g. looting control), Asset Tracking (personnel & equipment locations), Situational Awareness (e.g. weather, road conditions) SAE_599_Proposal.ppt

  10. SAE 599 Lecture #5 • Resilient Architecture in Cloud Computing • BEFORE: Phase I of Disruption in Cloud-Based Services • Allows Anticipation, Design Margins & Corrective Action to be Considered in an Incident Response Plan for Typical Disruptions of Cloud-Based Services • DURING: Phase II of Disruption in Cloud-Based Services • How the System Survives the Impact of Disruptions • Implement Incident Response Plan, Ranging from Fail-Operational Down to Manual Methods • AFTER: Phase III of Disruption in Cloud-Based Services • How the System Recovers from Disruptions • Incident Analysis and Resolution • Incident Response Plan Optimization • Note that a “disruption” may be Accidental or Deliberate SAE_599_Proposal.ppt

  11. SAE 599 Lecture #6 • Cyber Security for Cloud Computing (Part I)Assuring Availability: Fault Tolerance • Fundamentals of Fault Tolerance for Resiliency:Assured Operation, Inadvertent Operation, Intermittent Operation, Generic Failures, Fault Containment • Impacts on Reliability, Maintainability, Training • Typical Hardware & Software Steps to Assure: • Network Availability • Data Availability • Processing Capability • Advantages & Disadvantages of Cross-Strapping of Redundant Capability SAE_599_Proposal.ppt

  12. SAE 599 Lecture #7 • Cyber Security for Cloud Computing (Part II)Assuring Integrity & Trust • Fundamentals of Trust for Critical & Safety-Of-Life Applications • Trusted System Concepts (Hardware, People, Processes) • Trusted Software Concepts & Methodologies(including Formal Methods) • Data Integrity (Checksums, CRC, Hash codes, etc.) • Data in Storage (Local & in the Cloud) • Data in Transit • Data in Computation (Local & in the Cloud) SAE_599_Proposal.ppt

  13. SAE 599 Lecture #8 • Cyber Security for Cloud Computing (Part III)Handling Accidental & Deliberate Threats • Identity Management & Assured Authentication • Methods of Strong Authentication, Biometrics, Trusted Third Parties/Certificate Authorities, etc. • Assured Confidentiality & Authorization • Encryption: PKI, PGP, IPSEC/VPN, Digital Certificates • Identity-Based Access Control vs. various types ofRole-Based Access Control, “Least Privileges”, etc. • Assured Non-Repudiation & Methods of Digitally-Signed Audit Trails • Networked Security Management • Enclave Security, Defense-In-Depth, Firewalls, IDS, etc. • Defense against Virus, Worms, DOS/DDOS, Polymorphic, Eavesdropping, Trap Doors, Trojans, Insider Attack, etc. SAE_599_Proposal.ppt

  14. SAE 599 Lecture #9 • Risk Management in Cloud Computing • Failure Modes & Effects with Criticality Analysis (FMECA)of Complex Networked Systems • Risk Management Framework & the Security Life Cycle • Categorize the Information Systems and the Information Processed, Stored, and Transmitted • Select an Initial Set of Baseline Security Controls • Implement the Security Controls • Assess the security controls using appropriate procedures to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome • Authorize Information System Operation • Monitor and Assess Selected Security Controls • Recommended Process for Applying Risk Management in Cloud Computing SAE_599_Proposal.ppt

  15. SAE 599 Lecture #10 • Interoperability Challenges in Cloud Computing(System-of-Systems) • Interaction of Processes, People, & Technology • Layers of Interoperability • Network Transport • Information Services • Applications, Processes, and People • Application Program Interfaces (APIs) • Multiple, Conflicting Standards • Provider-Specific Proprietary Interfaces • Differences (Inconsistency) in: • Security Implementation & Policies • Privacy Implementation & Policies • Architecture of Cloud Service Consumers & Providers SAE_599_Proposal.ppt

  16. SAE 599 Lecture #11 • Architecture Modeling for Cloud Computing • Goals & Objectives of Architecture Modeling • Enterprise Architecture Models (Zachman, TOGAF, etc.) • Brief Introduction to System-of-Systems Analysis & Modeling Tools: • Unified Modeling Language (UML) • System Modeling Language (SysML) • Model-Driven Architecture (MDA) & Development • Model-Based Systems Engineering (MBSE) • Use of Executable Models: Visualization of Scenarios, Validation of Requirements, Verifiability of Requirements • Domain-Driven Architecture • Recommended Process for Applying Architecture Modeling in Cloud Computing SAE_599_Proposal.ppt

  17. SAE 599 Lecture #12 • Complexity Theory Applied to Cloud Computing • Characterization Of Network Types • Ranging from Uniform to Highly Heterogeneous • Robustness on Node or Link Insertion or Removal • Characterize Structure of Networks in Terms of Correlation Measures: • Heterogeneity, Randomness, Modularity • Mutual Information, Noise & Joint Entropies • Network Clustering in Domain of Entropy/Noise Space • Entropy: Measure of Uncertainty • Noise Level: Measure of Assortativeness • Typical Constraints on the Possible Universe of Complex Networks SAE_599_Proposal.ppt

  18. SAE 599 Lecture #13 • Guest Lecture • Topics Pertinent to Systems Architecting and Systems Engineering of Complex System and System-of-Systems • Cloud Computing, Cyber Security, and Resiliency • Ranging from Practical Experience to State-of-the-Art • Emphasis on Tools, Methods, Lessons-Learned SAE_599_Proposal.ppt

  19. SAE 599 Summary • Students Exposed to a Broad Range of Cloud Computing Architecture Fundamentals & Implementation Details • Students Required to Demonstrate (for their chosen topic): • Cloud Computing Architecture Characteristics • Expected Benefits & Drawbacks of the Architecture • Resiliency Before, During, and After Disruption of Service • Assured Availability/Fault Tolerance of the Architecture • Assured Integrity & Trust of the Architecture • Handling of Accidental & Deliberate Threats • Risk Management Assessment of the Architecture • Interoperability Characteristics of the Architecture • Architecture Model • Complexity Theory Assessment of the Architecture • Objective: Train Systems Architects & Systems Engineers in the application of methods and tools for the design and analysis of current and future complex systems and system-of-systems, with emphasis on Cloud Computing, Cyber Security, and Resiliency SAE_599_Proposal.ppt

More Related