MSIT-IS 2nd Semester Retrospective

As promised in my 1st semester retrospective, here is a retrospective of the 2nd semester (Spring Semester).

The second semester was consisted of three courses, two core courses and one free elective. I picked the following courses:

  • Distributed Systems
  • Network Security
  • Secure Software Systems

You can take a look at the syllabus for each course here. I can’t tell for sure which semester was tougher, the 1st or this one. I guess this 2nd semester involved more work, but you are more used to it, so you can handle things better.

Distributed Systems is a free elective. We had the option to choose either Distributed Systems or Intrusion Tolerance. I picked Distributed Systems. This is a pure Distributed Systems course. We covered RPC, High Availability, Clock Synchronization, Replication, Mutual Exclusion and Groups, Transactions, Corba, J2EE, Distributed Filesystems, Distributed Shared Memory, Distributed Mutual Exclusion, Load Balancing, Security, Naming, Peer-to-Peer Systems and the Google File System. I have never had a distributed systems course before, the closest that I had was parallel computing during my undergrad. It was interesting to study these topics, specially because I work with distributed systems for over 10 years. For this course, we only had one big project for the duration of the semester. In the beginning of the semester you had to pick up a team and a project and throughout the semester build it. At the end, you had to present it to the class. My project was dumpFS, a distributed storage solution written in Erlang. This class was a remote class, taught from Carnegie Mellon.

Network Security was also a fun course. I had the pleasure to attend this class taught by one of the best professors I have ever had in my entire life. In my opinion, it was the most difficult course of this semester, but professor Perrig really teaches you how to think in terms of Security. You can memorize the entire textbook and get an F on the exam. To get a good grade you need to analyze and think (very fast). We covered a lot of recent topics, such as the the MD5-collision attack from earlier this year, or the Pakistani Youtube BGP attack from last year. We had two mini-projects and one research project. The first miniproject was very fun, it consisted in writing a blind TCP reset attack and a DNS poisoning attack (in C). The second miniproject was not so fun, it consisted in implementing an Ad Hoc Routing Attack (DSR & Ariadne) using the simulator ns-2 (in C++). The problem is that we spent more time finding out the dark details of ns-2 than thinking about the attack itself. We complained about this in the course feedback and next year professor Perrig is going to skip this miniproject. See? feedback is useful sometimes. The research project was supposed to aim high, the best project would be submitted to a conference. Mine was about secure DNS and you can check it out by clicking here. This class was a remote class, taught from Carnegie Mellon.

Secure Software Systems was an interesting class. We covered a lot of fun things, such as Buffer Overflows, Input validation (SGDB, Web race conditions), Randomness and determinism, Client side security, DoS, Auditing Tools, Buffer Overflow Defenses, Static Analysis, Attack Injection, Assurance & Certification, Virtualization and Security. We had 3 projects. The first one consisted in finding Buffer Overflows in one SMTP server software and exploit one of its vulnerabilities, and to find and fix some SQL injections and XSS in a Web app. The second project involved Fuzzing and the third one involved using Static Analysis tools. This class was a local class, taught by a professor from FCUL.

Even though that I am now more used to the pace and I don’t stress out so easily, it is still not possible to have a social life. I guess I was more relaxed in the first half of the semester but the second half was crazy, specially the last couple of weeks.

In my third semester, i.e. the Summer semester, I am supposed to write my Thesis. I am going to spend this semester in Pittsburgh since my Thesis Advisor is Greg Ganger, the director of PDL. My Thesis is about Storage. When I return, I will write something about it.

Enjoy the Summer!