Breaking the Mold: Unconventional Strategies for Accelerating Your Career Path

In traditional thinking, the job search process appears to be a clearly defined, strictly regulated path. You are expected to follow a set series of steps: write a resume, submit applications, wait for interview invitations, attend interviews, and finally, await the outcome. However, as competition in the workplace intensifies, especially in the rapidly evolving IT industry, merely following the traditional path may no longer suffice to make you stand out.

The Insight from Utah’s Film Festival

Utah hosts an annual film festival that attracts stars and social elites, and students from Stanford’s MBA program also love to join in the fun. Their professor challenged them: could they find a way to meet these VIPs at the festival? The best way to meet these big names was to attend their private dinners, which required special invitations.

One student managed to do this by emailing the dinner organizers, claiming to be a writer for Forbes magazine and expressing interest in their dinner. Hearing that she represented the media, the organizers immediately replied with an invitation link. At the dinner entrance, she brought a friend along. When the organizers pointed out she hadn’t mentioned bringing an extra person, she simply stated they had both already arrived, leaving the organizers with no choice but to let them both in.

In reality, we’ve all encountered such people. I bet you don’t like these people and certainly don’t want to become one. If that’s the case, you need to update your understanding of breaking the rules.

The Special Benefits of Breaking the Rules

A significant characteristic of civilized society is that most people overly adhere to rules. From a young age, we’re trained to be honest, behave well, not to trouble others, and avoid conflict. Most people don’t know how to handle conflicts with leaders or colleagues, so they tend to avoid conflicts and even arguments, preferring to keep the peace at any cost.

If you’re willing to confront, and the other party isn’t, they might fulfill your request to avoid conflict. As the American saying goes, “It’s easier to ask for forgiveness than permission.” In some cases, breaking the norm and adopting non-traditional methods may be key to workplace success.

Breaking Rules Can Enhance Your Image

The reality is that impolite people, those who disregard others, invade others’ territories, or flout the law are often perceived as more capable.

Breaking Rules is Necessary Because Rules Limit You

One important reason we need to break rules is that sometimes you can’t win without doing so. The underdog needs to engage in “unrestricted warfare.” Many rules are designed to protect the special interests of those in power, essentially limiting your development. Abiding by the rules benefits them. Every revolution is a redistribution of resources. If you wish to share in the benefits, you must change the existing rules.

An Example from a CMU Student

A CMU student, who had not yet graduated and was interning at a company, learned that a senior executive was interested in lecturing at CMU, likely for the prestige. This task was relatively easy for the student, who knew a professor eager to invite the executive to give a lecture.

The student half-jokingly told the executive that if he could secure a lecture opportunity at the university, would the executive help him secure a full-time position with access to the CEO? The executive agreed on the spot. The student easily convinced the professor to offer the lecture opportunity, and he secured the position.

Contact me, and I will teach you how to break the rules and fast-track your success.

NG 面试 System Design,汗流浃背了

以往System Design是社招必考的项目,现在New Grad和Intern的面试也会出现系统设计了。



💥问题来了:应当如何准备System Design

对NG来说考核难度不高,没必要看论文,不过业界经典的文章介绍需要看的!每天刷1-2个小时大公司的engineer blog!还有一些youtube的频道。

具体操作:找到onsite公司近两年的面经,刷完所有的System Design题目,找到其工业界实现的blog,读到烂熟,预设面试官会问到的题目,做针对性的mock演练。

✅从基础铺垫“数据结构和算法学习”,到进阶型面试技能提升,包括:复杂数据结构、Medium-Hard算法面试应用、OOD、System Design及常见基础知识讲解,系统高效熟悉面试题型!

✅大厂在职面试官带你进行Mock Interview实战演练,熟悉不同公司System Design的考核重点、面试流程、面试风格、答题思路!



Accepting bookings, ensure AC.

We can assist you online with any online assessment, and we can bypass any cheating detection mechanisms, including those that require the use of a camera

硅谷国外科技公司FLAG,HRT,Bloomberg 代码笔试OA代写, 面试代面, 支持各种语言,python,java,c++算法, SQL数据分析等. 通过语音转达,音频转接等技术, 助力您拿梦想OFFER 代码笔试代考, 面试代面直接代面, 帮你收货国内外大厂名企offer 帮你走进Google, Apple, Facebook, Twitter等一线大厂.

笔试OA包通过, HackerRank OA代考,Leetcode代码辅导.



CS代考 Assignment 2: Parser and Transpiler

Assignment 2: Parser and Transpiler
Please do not change the names of the functions defined in the Assignment.hs file. Each Part of the assignment has corresponding parseExerciseX and prettyPrintExerciseX that will parse and pretty print the input as per the requirements in that part.
You may (and are highly encouraged) to implement your parsers alongside these pre-defined functions. Running the Code
1 $stacktest

This will generate the transpiled JS files using the sample input JS files, by running your pretty printing
function for each exercise.
Running the Javascript Tests
In the javascript folder run:
All example scripts are stored within javascript/inputs and the output of your parser will be saved in javascript/output .
The tests on the page test:
The generated code is valid JS (i.e. it runs without errors, including non-termination error)
The generated code has certain properties of the original code (e.g. immutable variables are still immutable)
The output is “prettified” from the input based on visual, side-by-side inspection
2 $npmrundev

最近学生PROGRAMHELP抄袭我们网址 请大家擦亮眼睛,谨防诈骗

尊敬的各位用户,我们最近发现一个名为PROGRAMHELP的诈骗网站,无视法律与道德的约束,抄袭cscodehelp的网站内容。这种行为严重侵犯了的版权,同时也对大家的权益构成了直接威胁,(目前已经收集到他们诈骗 用户的15项证据)






警惕 powcoder 诈骗 胡乱开价 挂科 恶性竞争 p图


powcoder网站使用爬虫完全抄袭我网站内容. 并且爬取相关资料。以为他只是抄袭。




没想到powcoder自己完全没有软件编程经历,完全是个诈骗犯. 看到大家被骗, 非常痛心.

付款账号到qiushiwenmeng 程雁 大家小心!!!如果你也被他欺骗或者挂科不退款, 请联系我, 可以拉到群里和其它受害者一起维权。实名制社会,咱们总能找到争取回利益。

考试COMP 9007 被诈骗23000RMB

警惕 powcoder 诈骗 胡乱开价 挂科 恶性竞争 p图插图


警惕 powcoder 诈骗 胡乱开价 挂科 恶性竞争 p图插图1


警惕 powcoder 诈骗 胡乱开价 挂科 恶性竞争 p图插图2

CODEHELP博士 面试代面 OA代做 远程面试 直接代面 代面试

硅谷国外科技公司FLAG,HRT,Bloomberg 代码笔试OA代写, 面试代面, 支持各种语言,python,java,c++算法, SQL数据分析等. 通过语音转达,音频转接等技术, 助力您拿梦想OFFER 代码笔试代考, 面试代面直接代面, 帮你收货国内外大厂名企offer 帮你走进Google, Apple, Facebook, Twitter等一线大厂.

笔试OA包通过, HackerRank OA代考,Leetcode代码辅导.



CODEHELP博士 面试代面 OA代做 远程面试 直接代面 代面试插图
CODEHELP博士 面试代面 OA代做 远程面试 直接代面 代面试插图1

CS考试辅导 FIT3080 Semester 2, 2022 Informed Search – codehelp代写

FIT3080 Semester 2, 2022 Informed Search
Monash University Faculty of Information Technology FIT3080 Week 4 Lab 3: Informed Search
Exercise 1: Algorithm A
Consider the (full) state space below. Indicate (1) the order in which nodes are expanded, and (2) the nodes remaining in memory after finding the goal, for the following search strategies (assume typical left-to-right operator tie breaking):

Copyright By cscodehelp代写 加微信 aplg6666

(a) Depth-First Iterative Deepening
(b) Greedy Best-First Search
Let’s consider a new strategy called Algorithm A. This algorithm can be described as a best-first search which uses the following expansion priority for a node 𝑛:
𝐟 (𝐧) = 𝐠(𝐧) + 𝐡(𝐧)
As usual, 𝑔(𝑛) denotes the cost-so-far (i.e., from the start node to node 𝑛) and h(𝑛) is an estimate of the cost-to-go (i.e., from node n to the goal node). We can instantiate Algorithm A as using the Graph-search or Tree-search framework, provided the following invariant properties for the 𝑔− and h−value function are true:
𝑔(𝑛) >= 𝑔∗(𝑛) h(𝑛) >= 0
(c) Instantiate Algorithm A (as Graph or Tree- search) to solve the above problem.
(d) Is algorithm A the same algorithm as A*?
(e) How can we modify things (or what can we modify) so that Algorithm A behaves like A*?
(f) After the modification, what nodes are expanded by A*?
Exercise 2: Algorithm 𝐴(∗) – Traveling Salesman Problem
A salesperson must visit each of 𝑛 cities exactly once. Assume that there is a road between
each pair of cities. Starting at city 𝐴, find the route of minimal distance that visits each of the cities only once and returns to city 𝐴.

(a) Propose a state space and action space for this problem, explaining clearly under what state conditions certain actions are allowed.
(b) Propose two (non-zero) h functions for this problem. Is either of these h functions admissible (a lower bound of h∗)?
(c) Apply algorithm A with one of these h functions to the following 5 city problem:
Exercise 3: Algorithm 𝐼𝐷𝐴(∗) – 5-puzzle problem
Consider a problem called the 8-puzzle. The problem has the start and goal state as follows. Throughout the question, when doing a search, give value of 𝑓(𝑛), 𝑔(𝑛) and h(𝑛) at each node 𝑛. The estimated cost function 𝑔(𝑛) is the number of steps from the initial node.
(a) Construct two non-trivial heuristic functions, h1 and h2, that you think may help the algorithm to quickly find a solution. Are these functions admissible? Explain why?
(b) Which heuristic function is more efficient? Explain why?
(c) Useh1todoanIDA*searchtogetfromthestartstatetothegoalstateintheminimum number of steps. Make sure to show all working including value of 𝑓, h, 𝑔 functions in each steps.
(d) (optional/homework) Use h2 to do an IDA* search to get from the start state to the goal state in the minimum number of steps. Make sure to show all working including value of 𝑓, h, 𝑔 functions in each steps.

程序代写 CS代考 加微信: aplg6666 QQ: 2235208643 Email:

CS代写 CS 111 Summer 2022 – cscodehelp代写

CS 111 Summer 2022
Lecture 17 Page 1
Operating System Principles: Distributed Systems
Operating Systems

Copyright By cscodehelp代写 加微信 cscodehelp

• Introduction
• Distributed system paradigms
• Remote procedure calls
• Distributed synchronization and consensus
• Distributed system security
• Accessing remote data
CS 111 Summer 2022
Lecture 17 Page 2

Why do we care about distributed systems?
– Because that’s how most modern computing is done
Why is this an OS topic?
– Because it’s definitely a systems issue
– And even the OS on a single computer needs to worry about distributed issues
If you don’t know a bit about distributed
systems, you’re not a modern computer
scientist Summer 2022
Lecture 17 Page 3

Why Distributed Systems?
• Betterscalabilityandperformance
– Apps require more resources than one computer has
– Can we grow system capacity/bandwidth to meet demand?
• Improvedreliabilityandavailability
– 24×7 service despite disk/computer/software failures
• Easeofuse,withreducedoperatingexpenses
– Centralized management of all services and systems – Buy (better) services rather than computer equipment
• Enablingnewcollaborationandbusinessmodels
– Collaborations that span system (or national) boundaries
CS 111 – A global free market for a wide range of new services Summer 2022
Lecture 17 Page 4

A Few Little Problems
Different machines don’t share memory
– Or any peripheral devices
– So one machine can’t easily know the state of
Might this cause synchronization problems?
The only way to interact remotely is to use a
So how can we know what’s going on remotely?
– Usually asynchronous, slow, and error prone
– Usually not controlled by any single machine
Failures of one machine aren’t visible to other
machines Summer 2022
How can our computation be
reliable if pieces fail? Lecture 17 Page 5

• Ideally, a distributed system would be just like a single machine system
• But better
– More resources – More reliable – Faster
• Transparent distributed systems look as much like single machine systems as possible
CS 111 Summer 2022
Lecture 17 Page 6

Deutsch’s “Seven Fallacies of Network Computing”
1. The network is reliable
2. There is no latency (instant response time)
3. The available bandwidth is infinite
4. The network is secure
5. The topology of the network does not change
6. There is one administrator for the whole network 7. The cost of transporting additional data is zero Bottom Line: true transparency is not achievable
CS 111 Summer 2022
Lecture 17 Page 7
Here’s an eight: all locations on the network are equivalent.

Distributed System Paradigms
• Parallel processing
– Relying on tightly coupled special hardware
Not widely used, we won’t discuss them.
• Single system images
– Make all the nodes look like one big computer – Somewhere between hard and impossible
• Loosely coupled systems
– Work with difficulties as best as you can
– Typical modern approach to distributed systems
• Cloud computing
CS 111 – A recent variant Summer 2022
Lecture 17 Page 8
So these are also not popular, and we won’t discuss them.

Loosely Coupled Systems
• Characterization:
– A parallel group of independent computers
– Connected by a high speed LAN
– Serving similar but independent requests
– Minimal coordination and cooperation required
• Motivation:
– Scalability and price performance
– Availability – if protocol permits stateless servers – Ease of management, reconfigurable capacity
• Examples:
– Web servers, app servers, cloud computing
CS 111 Summer 2022
Lecture 17 Page 9

Horizontal Scalability
• Each node largely independent
• So you can add capacity just by adding a node “on the side”
• Scalability can be limited by network, instead of hardware or algorithms
– Or, perhaps, by a load balancer • Reliability is high
– Failure of one of N nodes just reduces capacity
CS 111 Summer 2022
Lecture 17 Page 10

Horizontal Scalability Architecture
If I need more web server capacity,
WAN to clients
load balancing switch with fail-over
web server
app server
app server
app server
app server
app server
HA database server
CS 111 Summer 2022
Lecture 17 Page 11
web server
web server
web server
web server
content distribution server

Elements of Loosely Coupled Architecture
• Farmofindependentservers
– Servers run same software, serve different requests – May share a common back-end database
• Front-endswitch
– Distributes incoming requests among available servers
– Can do both load balancing and fail-over
• Serviceprotocol
– Stateless servers and idempotent operations
– Successive requests may be sent to different servers
CS 111 Summer 2022
Lecture 17 Page 12
Same result if you do it once, twice, three times, . . ., n times

Horizontally Scaled Performance • Individualserversareveryinexpensive
– Blade servers may be only $100-$200 each • Scalabilityisexcellent
– 100 servers deliver approximately 100x performance
• Serviceavailabilityisexcellent
– Front-end automatically bypasses failed servers – Stateless servers and client retries fail-over easily
• Thechallengeismanagingthousandsofservers
– Automated installation, global configuration services
– Self monitoring, self-healing systems
– Scaling limited by management, not HW or algorithms
CS 111 Summer 2022
Lecture 17 Page 13

Cloud Computing
• The most recent twist on distributed computing
• Set up a large number of machines all identically configured
• Connect them to a high speed LAN – And to the Internet
• Accept arbitrary jobs from remote users
• Run each job on one or more nodes
• Entire facility probably running mix of single machine and distributed jobs, simultaneously
CS 111 Summer 2022
Lecture 17 Page 14

What Runs in a Cloud? In principle, anything
– But general distributed computing is hard
So much of the work is run using special tools
These tools support particular kinds of parallel/distributed processing
– Either embarrassingly parallel jobs
– Or those using a method like map-reduce or
horizontal scaling
Things where the user need not be a distributed
systems expert Summer 2022
Lecture 17 Page 15

Embarrassingly Parallel Jobs
• Problems where it’s really, really easy to parallelize them
• Probably because the data sets are easily divisible
• And exactly the same things are done on each piece
• So you just parcel them out among the nodes and let each go independently
• Everyone finishes at more or less same time
CS 111 Summer 2022
Lecture 17 Page 16

• Perhaps the most common cloud computing software tool/technique
• A method of dividing large problems into compartmentalized pieces
• Each of which can be performed on a separate node
• With an eventual combined set of results
CS 111 Summer 2022
Lecture 17 Page 17

The Idea Behind MapReduce
• There is a single function you want to perform on a lot of data
– Such as searching it for a particular string
• Divide the data into disjoint pieces
• Perform the function on each piece on a
separate node (map)
• Combine the results to obtain output
CS 111 Summer 2022
Lecture 17 Page 18

An Example
• We have 64 megabytes of text data
• Count how many times each word occurs in the text
• Divide it into 4 chunks of 16 Mbytes
• Assign each chunk to one processor
• Perform the map function of “count words” on each
CS 111 Summer 2022
Lecture 17 Page 19

The Example Continued
Foo Zoo Foo Zoo Foo Zoo Foo Zoo 16712249
CS 111 Summer 2022
Lecture 17 Page 20
Bar 4 Baz 3
Yes 12 Too 5
Bar 3 Baz 9
Yes 17 Too 8
Bar 6 Baz 2
Yes Bar 7 10 Baz 5 Too 4
Yes 3 Too 7
That’s the map stage

On To Reduce
• We might have two more nodes assigned to doing the reduce operation
• They will each receive a share of data from a map node
• The reduce node performs a reduce operation to “combine” the shares
• Outputting its own result
CS 111 Summer 2022
Lecture 17 Page 21

Continuing the Example
Foo Zoo Foo Zoo Foo Zoo Foo Zoo 16712249
Bar 4 Baz 3
Yes 12 Too 5
Bar 3 Baz 9
Yes 17 Too 8
Bar 6 Baz 2
Yes Bar 7 10 Baz 5 Too 4
Yes 3 Too 7
CS 111 Summer 2022
Lecture 17 Page 22

The Reduce Nodes Do Their Job
Write out the results to files And MapReduce is done!
Foo Zoo 14 16 Bar 20 Yes Baz 42 19 Too
CS 111 Summer 2022
Lecture 17 Page 23

But I Wanted A Combined List
• No problem
• Run another (slightly different) MapReduce on the outputs
• Have one reduce node that combines everything
CS 111 Summer 2022
Lecture 17 Page 24

CS 111 Summer 2022
Lecture 17 Page 25
Synchronization in MapReduce
• Each map node produces an output file for each reduce node
• It is produced atomically
• The reduce node can’t work on this data
until the whole file is written
• Forcing a synchronization point between the map and reduce phases

Map Reduce vs. Embarrassing Parallelism
• Embarrassing parallelism is enough if it’s easy to divide a job into pieces
– Of the same size
• And if you don’t worry about failures
• And if you don’t need to combine the results in a non-trivial way
• Map reduce is needed if those things aren’t true
CS 111 Summer 2022
Lecture 17 Page 26

Cloud Computing and Horizontal Scaling
• An excellent match
• Rent some cloud nodes to be your web servers
• If load gets heavy, ask the cloud for another web server node
• As load lightens, release unneeded nodes
• No need to buy new machines
• No need to administer your own machines
CS 111 Summer 2022
Lecture 17 Page 27

Cloud Computing and Sysadmin
• Not quite as painless as it sounds
• The cloud provider will take care of lots of the problem
– Running the hardware
– Fixing broken hardware
– Loading your software onto machines
• But they won’t take care of internal administration
– E.g., updating the version of the web server you’re
running CS 111
Summer 2022
Lecture 17 Page 28
Actually, they will take care of that, too, but at an extra price and with a loss of control.

Remote Procedure Calls
• RPC, for short
• One way of building a distributed program
• Procedure calls are a fundamental paradigm
– Primary unit of computation in most languages
– Unit of information hiding in most methodologies – Primary level of interface specification
• A natural boundary between client and server – Turn procedure calls into message send/receives
• A few limitations
– No implicit parameters/returns (e.g., global variables)
– No call-by-reference parameters
– Much slower than procedure calls (TANSTAAFL)
CS 111 Summer 2022
Lecture 17 Page 29

Remote Procedure Call Concepts • Interface Specification
– Methods, parameter types, return types
• eXternal Data Representation (XDR)
– Machine independent data-type representations – May have optimizations for similar client/server
• Client stub
– Client-side proxy for a method in the API
• Server stub (or skeleton)
– Server-side recipient for API invocations
CS 111 Summer 2022
Lecture 17 Page 30

Key Features of RPC
• Client application links against local procedures
– Calls local procedures, gets results
• All RPC implementation inside those procedures
• Client application does not know about RPC – Does not know about formats of messages
– Does not worry about sends, timeouts, resends
– Does not know about external data representation
• All of this is generated automatically by RPC tools
• The key to the tools is the interface specification
CS 111 Summer 2022
Lecture 17 Page 31

RPC At Work, Step 1
… list[0] = 10;
list[1] = 20; list[2] = 17;
max = list_max(list);
CS 111 Summer 2022
list_max() is a remote procedure call!
Lecture 17 Page 32

RPC At Work, Step 2
local_max = list_max(list);
. . . list[0] = 10;
list[1] = 20; list[2] = 17;
max = list_max(list);
Format RPC message
Send the message
CS 111 Summer 2022
Extract RPC info
Call local procedure
Lecture 17 Page 33
RPC message: list_max(), parameter list

RPC At Work, Step 3
… list[0] = 10;
list[1] = 20;
list[2] = 17;
local_max = list_max(list);
Format RPC response
Send the message
Lecture 17 Page 34
CS 111 Summer 2022
max = list_max(list);
If (max > 10) {
Extract the return value Resume the local program
RPC response: list_max(), return value 20

RPC Is Not a Complete Solution
• Requires client/server binding model
– Expects to be given a live connection
• Threading model implementation
– A single thread services requests one at a time
– So use numerous one-per-request worker threads
• Limited consistency support
– Only between calling client and called server
– What if there are multiple clients and servers working together?
• Limited failure handling
– Client must arrange for timeout and recovery
• Higher level abstractions improve RPC
– e.g. Microsoft DCOM, Java RMI, DRb, Pyro
CS 111 Summer 2022
Lecture 17 Page 35

Distributed Synchronization
• Why is it hard to synchronize distributed systems?
• What tools do we use to synchronize them?
CS 111 Summer 2022
Lecture 17 Page 36

What’s Hard About Distributed Synchronization?
• Spatial separation
– Different processes run on different systems
– No shared memory for (atomic instruction) locks – They are controlled by different operating systems
• Temporal separation
– Can’t “totally order” spatially separated events – Before/simultaneous/after lose their meaning
• Independent modes of failure
CS 111 – One partner can die, while others continue
Summer 2022
Lecture 17 Page 37

Leases – More Robust Locks
• Obtained from resource manager
– Gives client exclusive right to update the file
– Lease “cookie” must be passed to server on update – Lease can be released at end of critical section
• Only valid for a limited period of time – After which the lease cookie expires
• Updates with stale cookies are not permitted – After which new leases can be granted
• Handles a wide range of failures
– Process, client node, server node, network
CS 111 Summer 2022
Lecture 17 Page 38

Lock Breaking and Recovery • Revoking an expired lease is fairly easy
– Lease cookie includes a “good until” time • Based on server’s clock
– Any operation involving a “stale cookie” fails
• This makes it safe to issue a new lease
– Old lease-holder can no longer access object – But was object left in a “reasonable” state?
• Object must be restored to last “good” state – Roll back to state prior to the aborted lease
CS 111 – Implement all-or-none transactions Summer 2022
Lecture 17 Page 39

Distributed Consensus
• Achievingsimultaneous,unanimousagreement
– Even in the presence of node & network failures
– Required: agreement, termination, validity, integrity
– Desired: bounded time
– Provably impossible in fully general case
– But can be done in useful special cases, or if some
requirements are relaxed
• Consensusalgorithmstendtobecomplex
– And may take a long time to converge
• Theytendtobeusedsparingly
– E.g., use consensus to elect a leader
– Who makes all subsequent decisions by fiat
CS 111 Summer 2022
Lecture 17 Page 40

Typical Consensus Algorithm
1. Each interested member broadcasts his nomination.
2. All parties evaluate the received proposals according to a fixed and well known rule.
3. After allowing a reasonable time for proposals, each voter acknowledges the best proposal it has seen.
4. If a proposal has a majority of the votes, the proposing member broadcasts a claim that the question has been resolved.
5. Each party that agrees with the winner’s claim acknowledges the announced resolution.
6. Election is over when a quorum acknowledges the result.
What’s going to happen if someone lies . . . ?
CS 111 Summer 2022
Lecture 17 Page 41

Security for Distributed Systems
• Security is hard in single machines
• It’s even harder in distributed systems • Why?
CS 111 Summer 2022
Lecture 17 Page 42

Why Is Distributed Security Harder?
• Your OS cannot guarantee privacy and integrity – Network activities happen outside of the OS – Should you trust where they happen?
• Authentication is harder
– All possible agents may not be in local password file
• The wire connecting the user to the system is insecure – Eavesdropping, replays, man-in-the-middle attacks
• Even with honest partners, hard to coordinate distributed security
• The Internet is an open network for all
– Many sites on the Internet try to serve all comers
– Core Internet makes no judgments on what’s acceptable
– Even supposedly private systems may be on Internet
CS 111 Summer 2022
Lecture 17 Page 43

Goals of Network Security
• Secure conversations
– Privacy: only you and your partner know what is said – Integrity: nobody can tamper with your messages
• Positive identification of both parties
– Authentication of the identity of message sender
– Assurance that a message is not a replay or forgery – Non-repudiation: he cannot claim “I didn’t say that”
• Availability
– The network and other nodes must be reachable when
they need to be Summer 2022
Lecture 17 Page 44

Elements of Network Security • Cryptography
– Symmetric cryptography for protecting bulk transport of data
– Public key cryptography primarily for authentication
– Cryptographic hashes to detect message alterations
• Digital signatures and public key certificates – Powerful tools to authenticate a message’s sender
• Filtering technologies
– Firewalls and the like
– To keep bad stuff from reaching our machines
CS 111 Summer 2022
Lecture 17 Page 45

Tamper Detection: Cryptographic Hashes
• Check-sums often used to detect data corruption – Add up all bytes in a block, send sum along with data
– Recipient adds up all the received bytes
– If check-sums agree, the data is probably OK
– Check-sum (parity, CRC, ECC) algorithms are weak
• Cryptographic hashes are very strong check-sums
– Unique –two messages vanishingly unlikely to
produce same hash
• Particularly hard to find two messages with the same hash
– One way – cannot infer original input from output
– Well distributed – any change to input changes output
CS 111 Summer 2022
Lecture 17 Page 46

Using Cryptographic Hashes
• Startwithamessageyouwanttoprotect
• Computeacryptographichashforthatmessage
– E.g., using the Secure Hash Algorithm 3 (SHA-3) • Transmitthehashsecurely
• Recipientdoessamecomputationonreceivedtext
– If both hash results agree, the message is intact
– If not, the message has been corrupted/compromised
CS 111 Summer 2022
Lecture 17 Page 47

Secure Hash Transport • Whymustthehashbetransmittedsecurely?
– Cryptographic hashes aren’t keyed, so anyone can produce them (including a bad guy)
• Howtotransmithashsecurely?
– Encrypt it
– Unless secrecy required, cheaper than encrypting entire message
– If you have a secure channel, could transmit it that way
CS 111 Summer 2022
• But if you have secure channel, why not use it for everything?
Lecture 17 Page 48

A Principle of Key Use
• BothsymmetricandPKcryptographyrelyonasecret key for their properties
• Themoreyouuseonekey,thelesssecure – The key stays around in various places longer
– There are more opportunities for an attacker to get it – There is more incentive for attacker to get it
– Brute force attacks may eventually succeed
• Therefore:
– Use a given key as little as possible
– Change them often
– Within the limits of practicality and required performance
CS 111 Summer 2022
Lecture 17 Page 49

Putting It Together: Secure Socket Layer (SSL)
• A general solution for securing network communication
• Built on top of existing socket IPC
• Establishes secure link between two parties
– Privacy – nobody can snoop on conversation – Integrity – nobody can generate fake messages
• Certificate-based authentication of server – Typically, but not necessarily
– Client knows what server he is talking to
• Optional certificate-based authentication of client – If server requires authentication and non-repudiation
• PK used to distribute a symmetric session key – New key for each new socket
• Rest of data transport switches to s

程序代写 CS代考 加微信: cscodehelp QQ: 2235208643 Email: