Check out the new USENIX Web site.
2002 USENIX Annual Technical Conference, June 10-15, 2002, Monterey Conference Center, Monterey, CA
Conf Home  | Register/Hotel  | Tutorials  | Tech Sessions  | FREENIX  | Exhibition  | Activities/BoFs  | At a Glance
Register Now! Tutorials: Overview | By Day (Monday, Tuesday, Wednesday) | By Instructor | All in One File

Monday, June 10, 2002    
Full-Day Tutorials
M1 Advanced Solaris System Administration Topics
Peter Baer Galvin, Corporate Technologies

M2 An Introduction to Computer Security NEW
Avi Rubin, AT&T Labs­Research

M3 Inside the Linux Kernel
Ted Ts'o, IBM Linux Technology Center

M4 System and Network Monitoring NEW
John Sellens, Certainty Solutions

M5 Sendmail Configuration and Operation (Updated for Sendmail 8.12)
Eric Allman, Sendmail, Inc.

M6 Socket Programming NEW
George V. Neville-Neil, Neville-Neil Consulting

M7 UNIX Security Threats and Solutions NEW
Matt Bishop, University of California, Davis

M8 FreeBSD Kernel Internals: Data Structures, Algorithms, and Networking—Part 1
Marshall Kirk McKusick, Author and Consultant


M1 Advanced Solaris System Administration Topics
Peter Baer Galvin, Corporate Technologies

Who should attend: UNIX administrators who need more knowledge of Solaris administration.

We will discuss the major new features of recent Solaris releases, including which to use (and how) and which to avoid. This in-depth course will provide the information you need to run a Solaris installation effectively. Updated to include Solaris 8 and several other new topics.

Topics include:

  • Installing and upgrading
  • Architecting your facility
  • Choosing appropriate hardware
  • Planning your installation, filesystem layout, post-installation
  • Installing (and removing) patches and packages
  • Advanced features of Solaris
  • File systems and their uses
  • The /proc file system and commands
  • Useful tips and techniques
  • Networking and the kernel
  • Virtual IP: configuration and uses
  • Kernel and performance tuning: new features, adding devices, tuning, debugging commands
  • Devices: naming conventions, drivers, gotchas
  • Enhancing Solaris

Peter Baer Galvin, (M1) is the chief technologist for Peter Galvin Corporate Technologies, Inc., and was the systems manager for Brown University's Computer Science Department. He has written articles for Byte and other magazines, is a columnist for SunWorld, and is co-author of the Operating Systems Concepts and the Applied Operating Systems Concepts textbooks. Peter has taught tutorials on security and systems administration and has given talks at many conferences and institutions.


M2 An Introduction to Computer Security NEW
Avi Rubin, AT&T Labs­Research

Who should attend: Anyone with a computer science degree or the equivalent experience who is not an expert in computer security. IT managers who need to understand how to evaluate risk, what the dangers are, and what countermeasures are available. We will emphasize issues of importance to system administrators.

As more and more of our lives move online, we are exposing more of ourselves to often untraceable, malicious, and automated attack: credit card numbers, data, a group of machines that we manage, our time, our privacy. This tutorial seeks to sweep a broad brush across the field of computer security, addressing in particular the practical aspects of the field.

Topics include:

  • Assessing risk
  • Viruses and worms
  • Cryptography
  • Secure data storage and backup
  • Secure data transfer, including SSL and IPsec
  • Public Key Infrastructure (PKI)
  • Firewalls
  • Intrusion detection
  • Network sniffing and sniff detection
  • Denial-of-service attacks
  • E-commerce and privacy
Attendees should leave with a general understanding of the field and a direction for learning more about each topic covered.

Avi Rubin (M2) is Principal Researcher at avi_rubin AT&T Labs and a member of the Board of Directors of USENIX. He has been researching issues in computer security since 1991. Rubin is the author of two books on computer security: White-Hat Security Arsenal (Addison Wesley, 2001) and Web Security Sourcebook (with Dan Geer and Marcus Ranum, John Wiley &Sons, 1997). He is the author of dozens of refereed conference and journal papers, and co-authored two chapters of Peer-to-Peer (O'Reilly,2001). Rubin is also an Associate Editor of Electronic Commerce Research Journal. His latest research project, Publius, a system for circumventing censorship on the Internet, won the Index on Censorship's Freedom of Expression Award.

M3 Inside the Linux Kernel
Ted Ts'o, IBM Linux Technology Center

Who should attend: Application programmers and kernel developers. You should be reasonably familiar with C programming in the UNIX environment, but no prior experience with the UNIX or Linux kernel code is assumed.

This tutorial will give you an introduction to the structure of the Linux kernel, the basic features it provides, and the most important algorithms it employs.

The Linux kernel aims to achieve conformance with existing standards and compatibility with existing operating systems; however, it is not a reworking of existing UNIX kernel code. The Linux kernel was written from scratch to provide both standard and novel features, and takes advantage of the best practice of existing UNIX kernel designs.

Although the material will focus on the release version of the Linux kernel, it will also address aspects of the development kernel codebase where its substance differs. It will not contain any detailed examination of the source code but will, rather, offer an overview and roadmap of the kernel's design and functionality.

Topics include:

  • How the Linux kernel is organized: scheduler, virtual memory system, filesystem layers, device driver layers, and networking stacks
  • The interface between each module and the rest of the kernel, and the functionality provided by that interface
  • The common kernel support functions and algorithms used by that module
  • How modules provide for multiple implementations of similar functionality (network protocols, filesystem types, device drivers, and architecture-specific machine interfaces)
  • Basic ground rules of kernel programming (dealing with issues such as races and deadlock conditions)
  • Implementation of the most important kernel algorithms and their general properties (aspects of portability, performance, and functionality)
  • The main similarities and differences between Linux and traditional UNIX kernels, with attention to places where Linux implements significantly different algorithms
  • Details of the Linux scheduler, its VM system, and the ext2fs file system
  • The strict requirements for ensuring that kernel code is portable

Theodore Ts'o (M3) has been a Linux ts'o_theodore kernel developer since almost the very beginnings of Linux--he implemented POSIX job control in the 0.10 Linux kernel. He is the maintainer and author for the Linux COM serial port driver and the Comtrol Rocketport driver. He architected and implemented Linux's tty layer. Outside of the kernel, he is the maintainer of the e2fsck filesystem consistency checker. Ted is a Senior Technical Staff Member of IBM's Linux Technology Center.



M4 System and Network Monitoring NEW
John Sellens, Certainty Solutions

Who should attend: Network and system administrators interested in real-life, practical, host- and network-based monitoring of their systems and networks. Participants should have an understanding of the fundamentals of networking, basic familiarity with computing and network components, and some familiarity with UNIX and scripting languages.

This tutorial will introduce the concepts and functions of monitoring systems and will describe the Simple Network Management Protocol (SNMP). It will review some of the most popular monitoring tools and will cover the installation and configuration of a number of freely available monitoring packages. The emphasis will be on the practical, and the tutorial will provide examples of easy-to-implement monitoring techniques.

Topics include:

  • Monitoring—goals, techniques, reporting
  • SNMP—the protocol, reference materials, relevant RFCs
  • Introduction to SNMP MIBs (Management Information Bases)
  • SNMP tools and libraries
  • Other non-SNMP tools
  • Security concerns when using SNMP and other tools on the network
  • Monitoring applications—introductions, use, benefits and complications, installation and configuration (Big Brother, NetSaint, SNIPS, MRTG, Cricket, etc.)
  • Special situations—remote locations, firewalls, etc.
  • Monitoring implementation roadmap—policies, practices, notifications, escalations, reporting
Participants should expect to leave the tutorial with the information needed to immediately start using a number of monitoring systems and techniques to improve their ability to manage and maintain their systems and networks.

John Sellens (M4) has been sellens_john involved in system and network administration since 1986 and is the author of several related USENIX papers and a number of ;login: articles, including the "On Reliability"series and SAGE booklet. He has a Master's degree in computer science from the University of Waterloo and is a chartered accountant. He is currently the General Manager for Certainty Solutions (formerly known as GNAC) in Toronto. Prior to joining Certainty, John was the Director of Network Engineering at UUNET Canada, and he was a staff member in computing and information technology at the University of Waterloo for 11 years.

M5 Sendmail Configuration and Operation (Updated for Sendmail 8.12)
Eric Allman, Sendmail, Inc.

Who should attend: System administrators who want to learn more about the sendmail program, particularly details of configuration and operational issues (this tutorial will not cover mail front ends). This intense, fast-paced tutorial is aimed at people who have already been exposed to sendmail. It describes the latest release of sendmail from Berkeley, version 8.12.

Topics include:

  • The basic concepts of configuration: mailers, options, macros, classes, keyed files (databases), and rewriting rules and rulesets
  • Configuring sendmail using the M4 macro package
  • Day-to-day management issues, including alias and forward files, "special" recipients (files, programs, and include files), mailing lists, command line flags, tuning, and security
  • How sendmail interacts with DNS
Eric Allman (M5) is the original author eric_allman of sendmail. He is the author of syslog, tset, the -me troff macros, and trek. He was the chief programmer on the INGRES database management project, designed database user and application interfaces at Britton Lee (later Sharebase), and contributed to the Ring Array Processor project at the International Computer Science Institute. He is a former member of the USENIX Board of Directors.



M6 Socket Programming NEW
George V. Neville-Neil, Neville-Neil Consulting

Who should attend: Anyone whose responsibility it is to write or maintain code that uses the sockets API. The ability to read C code is required. A basic understanding of computer networks is a plus.

The sockets API is the most widely used and accepted set of interfaces for implementing client/server network applications. It is implemented on all flavors of UNIX, the Windows platform, and many embedded operating systems (VxWorks, PSOS, etc.). Familiarity with this API set is a must for anyone who writes or maintains network applications.

This course uses working examples to teach software engineers and programmers how to use the sockets API to create their own client and server applications. The differences between the TCP and UDP transport protocols for network applications are highlighted throughout so that the student comes away with a clear understanding of when it is appropriate to use which technology.

Topics include:

  • Overview of the TCP/IP protocols
  • Implementing a network client
  • Implementing a network server
  • Debugging network applications
  • Common pitfalls in network application programming
George Neville-Neil (M6) has worked neville-neil_georgeon networking and embedded operating system software for the last five years, most recently as a Senior Member of Technical Staff and TCP/IP Architect at Wind River Systems. He presents seminars on advanced networking subjects regularly at the PerNet colloquia series at San Francisco State University. Currently he has a consulting company working on advanced frameworks for network protocol implementation.



M7 UNIX Security Threats and Solutions NEW
Matt Bishop, University of California, Davis

Who should attend: Anyone interested in threats to UNIX security and how to deal with them.

This tutorial uses case histories to show what vulnerabilities the attackers exploited, how the system administrators might have closed those loopholes, and how the intruders were discovered. Concepts and mechanisms, as well as publicly available tools, are discussed. This course focuses on non-network problems.

  • Security policies vs. security mechanisms
  • Password security and cracking
  • Files and auditing
  • Access control mechanisms
  • Management of privileges
  • Malicious logic and the UNIX system
  • Basic vulnerabilities analysis
  • Basic incident management
  • Security holes past and current
  • Managing the humans
  • Where to get help
Matt Bishop (M7) began working on bishop_matt.gifproblems of computer security, including the security of the UNIX operating system, at Purdue, where he earned his doctorate in 1984. He worked in industry and at NASA before becoming a professor, teaching courses in computer security, cryptography, operating systems, and software engineering at both Dartmouth College and the University of California at Davis, where he teaches now. Matt's current research interests are analyzing vulnerabilities in operating systems, protocols, and software in general; denial of service; intrusion detection; and formal models of access control.


M8 FreeBSD Kernel Internals: Data Structures, Algorithms, and Networking—Part 1
Marshall Kirk McKusick, Author and Consultant

Who should attend: This two-day course provides a broad overview of how the FreeBSD kernel implements its basic services. It will be most useful to those who need to learn how these services are provided. Individuals involved in technical and sales support can learn the capabilities and limitations of the system; applications developers can learn how to effectively and efficiently interface to the system; systems programmers without direct experience with the FreeBSD kernel can learn how to maintain, tune, and interface to such systems. This course is directed to users who have had at least a year of experience using a UNIX-like system and the C programming language. They should have an understanding of fundamental algorithms (searching, sorting, and hashing) and data structures (lists, queues, and arrays). Students will not need to prove relationship with a source license holder, as source code examples will be taken from the freely distributable FreeBSD system.

This course will provide a firm background in the FreeBSD kernel. The POSIX kernel interfaces will be used as examples where they are defined. Where they are not defined, the FreeBSD interfaces will be described. The course will cover basic kernel services, process structure, virtual and physical memory management, scheduling, paging and swapping. The kernel I/O structure will be described showing how I/O is multiplexed, special devices are handled, character processing is done, and the buffer pool is managed. The implementation of the filesystem and its capabilities including updates will be described. The filesystem interface will then be generalized to show how to support multiple filesystem types such as Sun Microsystem's Network File System (NFS). The course will also cover the FreeBSD socket-based network architecture, layering, and implementation. The socket communications primitives and internal layering will be discussed, with emphasis on the interfaces between the layers; the TCP/IP implementation will be used as an example. A discussion of routing issues will be included. The presentations will emphasize code organization, data structure navigation, and algorithms. It will not cover the machine specific parts of the system such as device drivers.

Topics include:

  • Day 1 morning: Kernel Resource Management
    • Basic kernel services
    • Process structure
    • Scheduling
    • Signals
    • Virtual memory management
  • Day 1 afternoon: Kernel I/O structure
    • Special files
    • Terminal handling
    • Multiplexing I/O
    • Autoconfiguration strategy
    • Structure of a disk device driver
  • Day 2 morning: Filesystems
    • Filesystem services
    • Block I/O system (buffer cache)
    • Filesystem implementation
    • Soft Updates and Snapshots
    • Support for multiple filesystems
    • Network File System (NFS)
  • Day 2 afternoon: Networking Implementation
    • Concepts and terminology
    • Basic IPC services
    • System layers and interfaces
    • Routing issues
    • Internet protocols (TCP/IP)
Course text: Marshall Kirk McKusick, Keith Bostic, Michael J Karels, and John S. Quarterman, The Design and Implementation of the 4.4BSD Operating System (Addison-Wesley, 1996).

Marshall Kirk McKusick (M8, T8) writes books and mckusick_kirk articles, consults, and teaches classes on UNIX- and BSD-related subjects. While at the University of California at Berkeley, he implemented the 4.2BSD fast filesystem and oversaw the development and release of 4.3BSD and 4.4BSD. His particular areas of interest are the virtual-memory system and the filesystem. He earned a B.S. in Electrical Engineering from Cornell University. At the University of California at Berkeley, he received Master's degrees in computer science and business administration, and a doctoral degree in computer science. He is past president and a current member of the USENIX Board of Directors and is a member of AAAS, ACM, and IEEE.




?Need help? Use our Contacts page.
Last changed: 15 Mar. 2002 jr
USENIX '02 Home
Events calendar
USENIX home