High performance computing increasingly involves the development and deployment of network and cloud services to access resources for computation, communication, data, instruments, and analytics. Unique to the HPC field is the large amount of software that we develop to drive these services. These services must assure data integrity and availability, while providing access to a global scientific and engineering community. Securing your network is not enough. Every service that you deploy is a window into your data center from the outside world, and a window that could be exploited by an attacker.
This tutorial is relevant to anyone wanting to learn about minimizing security flaws in the software they develop or manage. We share our experiences gained from performing vulnerability assessments of critical middleware. You will learn skills critical for software developers and analysts concerned with security. Software assurance tools – tools that scan the source or binary code of a program to find weaknesses – are the first line of defense in assessing the security of a software project. These tools can catch flaws in a program that affect both the correctness and safety of the code. This tutorial is also relevant to anyone wanting to learn how to use these automated assessment tools to minimize security flaws in the software they develop or manage.
Content level: 50% beginner, 25% intermediate, 25% advanced. The target audience for this tutorial is anyone involved with the development, deployment, assessment, or management of critical software.
Prerequisites: To gain maximum benefit from this tutorial, attendees should be familiar with the process of developing software and at least one of the C, C++ Java or scripting programming languages. This tutorial does not assume any prior knowledge of security assessment or vulnerabilities. The hands-on exercise will be packed in a VirtualBox image, which will be available to attendees before the tutorial session (and available on the web and memory sticks at the tutorial). The VirtualBox image will be pre-configured and ready to run (on Linux, Windows, and MacOS) with example code and step-by-step instructions.
To attend this tutorial, you will need to: 1. Bring your own laptop. 2. Have VirtualBox installed on your machine. a. Go to https://www.virtualbox.org/wiki/Downloads and download VirtualBox 5.2.30 for your platform. If you already have VirtualBox installed, if the version is lower than the very new 6.0 you should be fine. Note that the binary for 5.2.30 is in https://www.virtualbox.org/wiki/Download_Old_Builds_5_2 (3rd bullet). b. Execute the program downloaded. c. Check that you are able to run VirtualBox.
3. For the class exercises, we will use a virtual machine image.
Please download it from: http://www.cs.wisc.edu/mist/trusted-ci-ubuntu-mini-2019.ova (2.4 GB) Save it on the local disk of the machine you will be using for the tutorial. If you have problems downloading this image, we will have copies at the class. If you have any questions before the tutorial, please contact elisa@cs.wisc.edu
