~misterio/IC

39a976b16f4b18c1be1775ee7f07e8e22cf3663f — Gabriel Fontes 1 year, 8 months ago f13bb6a
muita muita melhoria
1 files changed, 63 insertions(+), 44 deletions(-)

M project/project.md
M project/project.md => project/project.md +63 -44
@@ 1,4 1,4 @@
# Building a zero-trust computer science laboratory
# A safe, flexible computer science laboratory powered by free software

Student: Gabriel Silva Fontes



@@ 12,68 12,87 @@ learning environments

## 1. Introduction and motivation

### 1.1 Computer labs and software choice

Computer laboratories are an essential piece of public infrastructure, even
more so for high education institutes focused on computing fields. Having
access to working computers in a social environment, during classes or
extracurricular activities, plays an important role in computer sciences
learning[1], particularly for students who can't afford to purchase a personal
laptop.
more so for high education institutions focused on computing fields. Having
access to working computers in a social environment, be it during classes or
for extracurricular activities, plays an important role in computer sciences
learning[1], particularly for students who can't afford a computer of their
own.

Building these environments are not simple tasks, however. Laboratories, like
most public-ish IT systems, can't be treated as trusted environments. These
public computers can't have as flexible of a usage as personal ones can. This
requires administrators to strike a balance between security and flexibility.

Specially in the institutions we mentioned, flexibility is even more important:
each student might prefer to use different software tooling, and each subject
might require completely different software stacks.

Security usually involves (at least) denying superuser privileges to users.
Most computer operating systems do not support unprivileged software
management, forcing IT administrators to install a specific subset of packages.
This minimizes the amount of tooling choices users have, and maximizes
maintenance burden with constant installation requests.
most shared IT systems, can't be treated as trusted environments; thus must
have a high degree of protection and isolation, as to prevent users' actions
from compromising their peers safety and privacy.

With this work, we hope to research and create a computer lab system that:
increases user software freedom, enforces security for the institutions, and
decreases IT burden.
It is visible that administrators thus have to strike a careful balance between
user security and flexibility.

### 1.2 Existing solutions
Specially in the aforementioned computer-related institutions, flexibility is
even more important: each student might prefer to use different software
tooling, and each class or subject might require completely different software
stacks.

All solutions boil down to some sort of isolation between users: be it enforced
by the running system, or full wipes between uses.
Security usually requires denying superuser privileges to be denied to users.
Most computer operating systems do not natively support unprivileged software
management, forcing IT administrators to install and maintain a specific subset
of packages.

**TODO**: Existing solutions (together with last paragraph)
- AD is most used
All solutions boil down to some sort of isolation between different users'
state: be it enforced by the running system, or full wipes between uses.

**TODO**: Real world problems
These issues minimize the amount of tooling choices users have, and maximize
maintenance burden with constant installation requests.

## 2. Objective

With this work, we aim to research, build, and evaluate a computer lab system
that: increases user software freedom, enforces security for the institutions,
and decreases IT management burden (even when compared to locked down systems).

## 3. Methodology

This project plans on building and evaluating the laboratory in smaller scale,
backed by infrastructure provided by ICMC's Open Source Competence Center
(steered by the work's advisors), associated with the Free and Open Source
Extension Group (whom the author is the current student lead of).
This project will be worked on with a smaller scale, backed by existing
infrastructure provided by ICMC's Open Source Competence Center (CCOS), steered
by the work's advisors; with contributions from the Free and Open Source
Extension Group (GELOS), whom the author is the current student lead of.

The author hopes to develop this work in tandem with other members of the group,
improving design and implementation choices, mentoring the newer members' system
configuration knowledge, while helping develop the group's newly acquired
physical space.
Desirable side-effects from the partnership include: more exhaustive knowledge
of technological options, exposing newer members to system configuration
processes, as well as helping develop the group's newly acquired physical
space.

**TODO: Measurement and evaluation criteria**
Results will be measured by three different aspects the solution must provide
to its users: software and workflow flexibility, safety, and ease of use.

## 4. Work plan and schedule
**TODO**: Do first, helps build other sections: 1 year (SICUSP, november)
Two main evaluation methods will be employed, as to correctly measure all
criteria: acceptance testing with different user groups, to evaluate workflows
and ease of use; as well as penetration testing to evaluate the security.

## 5. Expected results
**TODO**
## 4. Case study and expected outcomes

## 6. Executing Institution
**TODO**
University of São Paulo's Institute of Math and Computer Sciences (ICMC/USP),
the executing institution, is facing a prime example of the problem.

Recently, due to ever higher maintenance burden, the IT team had to decrease
the choice of software offered even further: currently only Microsoft Windows
is available to students, who previously had the choice between it and Ubuntu
Linux.

This situation affects classes that are better ministrated with Unix-like
systems, as well as students with a software preference. Making this a case
where software flexibility is severely limited.

This project aims to research, design, and implement a solution that is both
more secure and flexible than any of the previous implemented at ICMC. The
results might be presented to the IT team and can potentially help improve the
institution's computer laboratories.

## 5. Work plan and schedule
**TODO**: 1 year (SICUSP, november)

## References
1. Newby, M & Fisher, D. _A Model of the Relationship between University Computer Laboratory Environment and Student Outcomes_. Learning Environments Research, 2000.
1. Newby, M & Fisher, D. _A Model of the Relationship between University
   Computer Laboratory Environment and Student Outcomes_. Learning Environments
   Research, 2000.