This is a course in the specialization block of the Master Coutrser in Computer Science and Informatics curricula in FCT/UNL. The course is targeted for the specialized knowledge of foundations, techniques, mechanisms and solutions in the design of dependable distributed systems, including programming of algorithms, protocols and technology for dependable components. The course also addresses bas components and services, as well as for programming techniques for fault-toleramce and intusion tolerance guarantees, as well as, how to design trustworthy components based on trustd executition environmente with isolation provided at hardware level, using the more relevant technologies fo condidential and trusted computing.

The main goal of this course is to specialize the knowledge of the students in the area of Dependable Distributed Systems. This knowledge is addressed by gaining a better understanding on foundations and proposals from the recent research on dependable computing systems, advanced techniques, algorithms and mechanisms involved in the design of large-scale and complex distributed systems, with fault-tolerance, security, privacy and intrusion tolerance services.

The course addresses the study of foundations and formalisms on algorithms, mechanisms and services used in the design of distributed dependable systems for critical applications, in which the above properties must be conjugated in the identified requirements.This knowledge is strongly supported by the domain of practical implementation tools and techniques, experimental evaluation criteria and critical analysis form design foundations and experimental observation of practical dependable distributed systems.

Skills as objectives:

Knowledge

• Concepts, principles, paradigms to the analysis and synthesis of dependable distributed systems, namely their mechanisms and services for design goals and operation support;
• Foundations and abstractions for the design and construction of mechanisms and services for dependable distributed systems;
• Techniques to combine security, privacy, reliability, fault-tolerance and intrusion tolerance for dependable distributed systems and their software components;
• Domain of technqiues and solutions for trusted execution environments and related support at hardware-level.

Application

• Designing mechanisms and services, including their components and algorithms to build critical distributed systems;
• Analysis and experimental assessement of dependable properties in a dependable distributed system;
• Programming and development of dependable distributed systems to support critical applications and services, incolving blockchain platforms, dependable services for cloud computing and cloud-storage platforms, trusted mobile computing and trustworthy solutions for IoT platfroms and applications

Program topics:

• Introduction
• Reliable and secure communication channels
• Techniques, mechanisms and services for dpendable distributed systems
• Byzantine Fault-Tolerance (BFT) and Intrusion Tolerance
• Intrusion prevention, detection, recovery and tolerance
• Blockchain Platforms
• Privacy-preservation
• Trusted execution environments (TEE) and confidential computing

Program (topics in detail):

1. Introduction

• Concepts, properties, attributes and metrics for dependable systems
• Characterization of dependable distributed ystems and relevant facets:
• • Security, reliability and privacy-perservation
  • Safety and liveness guarantees
• Failure models and adversary model definition
• Mechanisms for dependable distributed systems
• Modeling and representation of dependable distributed systems

2. Reliable and secure communication channels

• Unicast (PtP), multicast and brodcast communication channels
• • Security base services: 802.1x, 802.11i, IPSec. VPNs, TLS and HTTPS
  • DNSSEC and secure routing
• Tunneled end-to-end secure communication
• Reliable and secure broadcast channels
• Primities and abstractions for reliable communication channels

3. Techniques. mechanisms and tools for dependable distributed systems

• Loggingand checkpointing
• State recovery using rollback and rollforward techniques
• Read/Writte Registers
• Quorums and quorum protocols
• Replication models and state-machine replication
• Isolation or confinment and trusted computing environments

4.Byzantine fault tolerance and intrusiontolerance solutions

• Quorums and Byzantine Quorums
• Consensus, FLP impossibility and FLP circumvention techniques
• Synchonous consensus
• Assinchronous consensus
• Consensus with fault tolerance guarantees
• Protocols: Paxos, Multipaxos, Paxos Variants and PBFT
• Probabilistic, randomized and diversity-enhanced consensus solutions
• Case studies

5.Intrusion prevention, detection, auditing, and recovery

• Perimeter defenses
• Intrusion prevention systems
• Intrusion detection systems (HIDS, NIDS, HIDS, Honeypots and Honeynets)
• Intrusion recovery: reactive recovery and pro-active recovery
• Availabiliy and Inrusion Tolerance

6. Blockchains

• Origins, Blockchains typology and applications
• Service planes in Blockchain platforms and their architectures
• Blockchain programming and programming with smart contracts
• From byzantine consensus to Blockchain-enabled consensus solutions
• Prformance and operation metrics
• Finality concept and finality latency
• Consensus models: PoW, PoS, PBFT, PoET and other solutions
• • Case studies
• Case studies
• Challenges and issues in Large-Scale Permissionless Blockchains
• • Scale, performance and consistency
  • Security and adversary model
  • Fairness and sustainability
  • Privacy and anonymity preservation
  • Full trust-decentralization
  • Scale and architectural models: sharding, parallel chains, sidechains and hybrid models
  • Independence of application-support, consensus and P2P data dissemination planes
• Case studies

7. Privacy Preservation

• Advanced techniques for privacy-enhanced data management and computation
• Operations with encrypted data:security-at-the-resttechniques and homomorphic encryption
• Searchable Encryption
• Other techniques:
• • Data anonymyzation and obfuscation
  • Differential privacy
  • Secret sharing
  • Oblivious transfers and oblivious storage
• Techniques for privacy-enhaced and anonymized communication:
• • ToR network case study

8.Trusted Computing and Confidential Computing

• Cryptographic HW, HSMs and TPMs
• Trusted computing with software attestation
• Trusted execution environments (TEEs)
• Reference technologies: IntelSGX, TrustZone and AMD-SEV
• Virtualization with Trusted Computing Platforms
• Programming environments for TEE platforms
• Confidential computing

• W. Zhao, Building Dependable Distributed Systems, Wiley, 2014
• C. Cachin, R. Guerraoui, L. Rodrigues, Introduction to Reliable and Secure Distributed Programming 2nd Ed., Springer, 2011.
• Michel Raynal. Fault-Tolerant Message-Passing Distributed Systems: An Algorithmic Approach. Springer. 2018.

More References

• W. Stallings, Cryptography and Network Security 8th Ed. Pearson, 2020
• W. Stallngs, Computer Security Principles ad Practice, 4h Ed., 2018
• M. Correia, P. Sousa, Segurança no Software, FCA Ed. 2017
• W. Stallings, Information Privacy Engineeirng and Privacy by Design, Pearson, 2020

Obs) Suggested readings and selected research papers will be recommended in class-lectures. Materials and guidelines for practical/lab activities and work-assignments will be available as lab materials.

The MIEI course dont have a formal precedence regime with mandatory requirements, beyond the normal sequence and adequacy of knowldge bases and practical skills, as addressed by previous related courses in the study plan of the MIEI curricula (Mestrado em Engenharia Informática). However, the following aspects must be considered as relevant base knowledge by the students interested in following the course, for the achievment of the proposed objectives.

• Completion of the Distributed Systems course (as a consolidation course). Recommended skills on Operating Systems Fondations and Computer and Networks System Security. Backgound on Distributed Systems Algorithms and Distributed Systems Programming can be very useful for the CSD course.
• Strong knowldge on Computer Networks and TCP/IP stack protocols (including HTTP, DNS, TCP, UDP, IP, IEEE802.1/802.11, as well as proramming skills for applications using the TCP/IP Stack (Sockets and Rest/HTTP in Java, C# or C++)
• A solid knowledge on principles and practice on distributed systems programming tools and paradigms (ex., Sockets, Webservices, Rest). Some practice in web-programming enviroments or programming with cloud-platforms ican be also interesting as well as initial practice in the design, implementation and debungging of distributed systems'''' algorithms.
• Very important to have backgorund in applied cryptography and programming with cryptographic methods and algorithms (ex., Java/JCE and CryptoProviders, Programming with TLS channels - Java JSSE and REST/HTTPS)
• Strong skills in programming with Java language, as well practive with programming environments and tools (ex., Eclipse IDE) and related tools for project management with maintenance repositories (ex., GitHub, Git Plufings in IDE or git command line)
• Is strongly recommended a previous knowldege and practical experience on Operating Systems Foundations and practical skills for UNIX (ex., Linux distributions or Mac OS X), practice in using shell-environment and command-line consoles, and in using virtualized OS or application-support environments (ex., VMWare, Virtual Box, or initial practice with Docker-based Containerization - Docker and Docker deployment with Docker Compose)