DOCSLIB.ORG

Building Secure and Reliable Systems

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Building Secure & Reliable Systems Best Practices for Designing, Implementing and Maintaining Systems Compliments of Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea & Adam Stubblefi eld Praise for Building Secure and Reliable Systems It is very hard to get practical advice on how to build and operate trustworthy infrastructure at the scale of billions of users. This book is the first to really capture the knowledge of some of the best security and reliability teams in the world, and while very few companies will need to operate at Google’s scale many engineers and operators can benefit from some of the hard-earned lessons on securing wide-flung distributed systems. This book is full of useful insights from cover to cover, and each example and anecdote is heavy with authenticity and the wisdom that comes from experimenting, failing and measuring real outcomes at scale. It is a must for anybody looking to build their systems the correct way from day one. —Alex Stamos, Director of the Stanford Internet Observatory and former CISO of Facebook and Yahoo This book is a rare treat for industry veterans and novices alike: instead of teaching information security as a discipline of its own, the authors offer hard-wrought and richly illustrated advice for building software and operations that actually stood the test of time. In doing so, they make a compelling case for reliability, usability, and security going hand-in-hand as the entirely inseparable underpinnings of good system design. —Michał Zalewski, VP of Security Engineering at Snap, Inc. and author of The Tangled Web and Silence on the Wire This is the “real world” that researchers talk about in their papers. —JP Aumasson, CEO at Teserakt and author of Serious Cryptography Google faces some of the toughest security challenges of any company, and they’re revealing their guiding security principles in this book. If you’re in SRE or security and curious as to how a hyperscaler builds security into their systems from design through operation, this book is worth studying. —Kelly Shortridge, VP of Product Strategy at Capsule8 If you’re responsible for operating or securing an internet service: caution! Google and others have made it look too easy. It’s not. I had the privilege of working with these book authors for many years and was constantly amazed at what they uncovered and their extreme measures to protect our users’ data. If you have such responsibilities yourself, or if you’re just trying to understand what it takes to protect services at scale in the modern world, study this book. Nothing is covered in detail—there are other references for that—but I don’t know anywhere else that you’ll find the breadth of pragmatic tips and frank discussion of tradeoffs. —Eric Grosse, former VP of Security Engineering at Google Building Secure and Reliable Systems Best Practices for Designing, Implementing, and Maintaining Systems Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, and Adam Stubblefield Beijing Boston Farnham Sebastopol Tokyo Building Secure and Reliable Systems by Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, and Adam Stubblefield Copyright © 2020 Google LLC. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (https://oreilly.com). For more information, contact our corporate/institu‐ tional sales department: 800-998-9938 or [email protected]. Acquisitions Editor: John Devins Indexer: WordCo, Inc. Development Editor: Virginia Wilson Interior Designer: David Futato Production Editor: Kristen Brown Cover Designer: Karen Montgomery Copyeditor: Rachel Head Illustrators: Jenny Bergman and Rebecca Demarest Proofreader: Sharon Wilkey March 2020: First Edition Revision History for the First Edition 2020-03-11: First Release See https://oreilly.com/catalog/errata.csp?isbn=9781492083122 for release details. The O’Reilly logo is a registered trademark of O’Reilly Media, Inc. Building Secure and Reliable Systems, the cover image, and related trade dress are trademarks of O’Reilly Media, Inc. The views expressed in this work are those of the authors, and do not represent the publisher’s views or the views of the authors’ employer (Google). While the publisher and the authors have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher, the authors, and Google disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights. This work is part of a collaboration between O’Reilly and Google. See our statement of editorial inde‐ pendence. 978-1-492-08313-9 [LSI] To Susanne, whose strategic project management and passion for reliability and security kept this book on track! Table of Contents Foreword by Royal Hansen. xix Foreword by Michael Wildpaner. xxiii Preface. xxv Part I. Introductory Material 1. The Intersection of Security and Reliability. 3 On Passwords and Power Drills 3 Reliability Versus Security: Design Considerations 4 Confidentiality, Integrity, Availability 5 Confidentiality 6 Integrity 6 Availability 6 Reliability and Security: Commonalities 7 Invisibility 7 Assessment 8 Simplicity 8 Evolution 9 Resilience 9 From Design to Production 10 Investigating Systems and Logging 11 Crisis Response 11 Recovery 12 Conclusion 13 vii 2. Understanding Adversaries. 15 Attacker Motivations 16 Attacker Profiles 18 Hobbyists 18 Vulnerability Researchers 18 Governments and Law Enforcement 19 Activists 21 Criminal Actors 22 Automation and Artificial Intelligence 24 Insiders 24 Attacker Methods 30 Threat Intelligence 30 Cyber Kill Chains™ 31 Tactics, Techniques, and Procedures 32 Risk Assessment Considerations 32 Conclusion 34 Part II. Designing Systems 3. Case Study: Safe Proxies. 37 Safe Proxies in Production Environments 37 Google Tool Proxy 40 Conclusion 42 4. Design Tradeoffs. 43 Design Objectives and Requirements 44 Feature Requirements 44 Nonfunctional Requirements 45 Features Versus Emergent Properties 45 Example: Google Design Document 47 Balancing Requirements 49 Example: Payment Processing 50 Managing Tensions and Aligning Goals 54 Example: Microservices and the Google Web Application Framework 54 Aligning Emergent-Property Requirements 55 Initial Velocity Versus Sustained Velocity 56 Conclusion 59 5. Design for Least Privilege. 61 Concepts and Terminology 62 Least Privilege 62 viii | Table of Contents Zero Trust Networking 62 Zero Touch 63 Classifying Access Based on Risk 63 Best Practices 65 Small Functional APIs 65 Breakglass 67 Auditing 68 Testing and Least Privilege 71 Diagnosing Access Denials 73 Graceful Failure and Breakglass Mechanisms 74 Worked Example: Configuration Distribution 74 POSIX API via OpenSSH 75 Software Update API 76 Custom OpenSSH ForceCommand 76 Custom HTTP Receiver (Sidecar) 77 Custom HTTP Receiver (In-Process) 77 Tradeoffs 77 A Policy Framework for Authentication and Authorization Decisions 78 Using Advanced Authorization Controls 79 Investing in a Widely Used Authorization Framework 80 Avoiding Potential Pitfalls 80 Advanced Controls 81 Multi-Party Authorization (MPA) 81 Three-Factor Authorization (3FA) 82 Business Justifications 84 Temporary Access 85 Proxies 85 Tradeoffs and Tensions 86 Increased Security Complexity 86 Impact on Collaboration and Company Culture 86 Quality Data and Systems That Impact Security 87 Impact on User Productivity 87 Impact on Developer Complexity 87 Conclusion 87 6. Design for Understandability. 89 Why Is Understandability Important? 90 System Invariants 91 Analyzing Invariants 92 Mental Models 93 Designing Understandable Systems 94 Complexity Versus Understandability 94 Table of Contents | ix Breaking Down Complexity 95 Centralized Responsibility for Security and Reliability Requirements 96 System Architecture 97 Understandable Interface Specifications 98 Understandable Identities, Authentication, and Access Control 100 Security Boundaries 105 Software Design 111 Using Application Frameworks for Service-Wide Requirements 112 Understanding Complex Data Flows 113 Considering API Usability 116 Conclusion 119 7. Design for a Changing Landscape. 121 Types of Security Changes 122 Designing Your Change 122 Architecture Decisions to Make Changes Easier 123 Keep Dependencies Up to Date and Rebuild Frequently 123 Release Frequently Using Automated Testing 124 Use Containers 124 Use Microservices 125 Different Changes: Different Speeds, Different Timelines 127 Short-Term Change: Zero-Day Vulnerability 129 Medium-Term Change: Improvement to Security Posture 132 Long-Term Change: External Demand 136 Complications: When Plans Change 138 Example: Growing Scope—Heartbleed 140 Conclusion 141 8. Design for Resilience. 143 Design Principles for Resilience 144 Defense in Depth 145 The Trojan Horse 145 Google App Engine Analysis 147 Controlling Degradation 150 Differentiate Costs of Failures 152 Deploy Response Mechanisms 154 Automate
Recommended publications

  • The Sad State of Web Development Random Thoughts on Web Development

    The Sad State of Web Development Random thoughts on web development Going to shit 2015 is when web development went to shit. Web development used to be nice. You could fire up a text editor and start creating JS and CSS files. You can absolutely still do this. That has not changed. So yes, everything I’m about to say can be invalidated by saying that. The web (specifically the Javascript/Node community) has created some of the most complicated, convoluted, over engineered tools ever conceived. Node.js/NPM At times, I think where web development is at this point is some cruel joke played on us by Ryan Dahl. You see, to get into why web development is so terrible, you have to start at Node. By definition I was a magpie developer, so undoubtedly I used Node, just as everyone should. At universities they should make every developer write an app with Node.js, deploy it to production, then try to update the dependencies 3 months later. The only downside is we would have zero new developers coming out of computer science programs. You see the Node.js philosophy is to take the worst fucking language ever designed and put it on the server. Combine that with all the magpies that were using Ruby at the time, and you have the perfect fucking storm. Lets take everything that was great in Ruby and re write it in Javascript, I think was the official motto. Most of the smart magpies have moved on to Go at this point, but the people who have stayed in the Node community have undoubtedly created the most over engineered eco system that has ever appeared.
  • 1 Thinking Methodically About Performance

    1 Thinking Methodically About Performance

    PERFORMANCE Thinking Methodically about Performance The USE method addresses shortcomings in other commonly used methodologies Brendan Gregg, Joyent Performance issues can be complex and mysterious, providing little or no clue to their origin. In the absence of a starting point—or a methodology to provide one—performance issues are often analyzed randomly: guessing where the problem may be and then changing things until it goes away. While this can deliver results—if you guess correctly—it can also be time-consuming, disruptive, and may ultimately overlook certain issues. This article describes system-performance issues and the methodologies in use today for analyzing them, and it proposes a new methodology for approaching and solving a class of issues. Systems-performance analysis is complex because of the number of components in a typical system and their interactions. An environment may be composed of databases, Web servers, load balancers, and custom applications, all running upon operating systems—either bare-metal or virtual. And that’s just the software. Hardware and firmware, including external storage systems and network infrastructure, add many more components to the environment, any of which is a potential source of issues. Each of these components may require its own field of expertise, and a company may not have staff knowledgeable about all the components in its environment. Performance issues may also arise from complex interactions between components that work well in isolation. Solving this type of problem may require multiple domains of expertise to work together. As an example of such complexity within an environment, consider a mysterious performance issue we encountered at Joyent for a cloud-computing customer: the problem appeared to be a memory leak, but from an unknown location.
  • 16 Inspiring Women Engineers to Watch

    16 Inspiring Women Engineers to Watch

    Hackbright Academy Hackbright Academy is the leading software engineering school for women founded in San Francisco in 2012. The academy graduates more female engineers than UC Berkeley and Stanford each year. https://hackbrightacademy.com 16 Inspiring Women Engineers To Watch Women's engineering school Hackbright Academy is excited to share some updates from graduates of the software engineering fellowship. Check out what these 16 women are doing now at their companies - and what languages, frameworks, databases and other technologies these engineers use on the job! Software Engineer, Aclima Tiffany Williams is a software engineer at Aclima, where she builds software tools to ingest, process and manage city-scale environmental data sets enabled by Aclima’s sensor networks. Follow her on Twitter at @twilliamsphd. Technologies: Python, SQL, Cassandra, MariaDB, Docker, Kubernetes, Google Cloud Software Engineer, Eventbrite 1 / 16 Hackbright Academy Hackbright Academy is the leading software engineering school for women founded in San Francisco in 2012. The academy graduates more female engineers than UC Berkeley and Stanford each year. https://hackbrightacademy.com Maggie Shine works on backend and frontend application development to make buying a ticket on Eventbrite a great experience. In 2014, she helped build a WiFi-enabled basal body temperature fertility tracking device at a hardware hackathon. Follow her on Twitter at @magksh. Technologies: Python, Django, Celery, MySQL, Redis, Backbone, Marionette, React, Sass User Experience Engineer, GoDaddy 2 / 16 Hackbright Academy Hackbright Academy is the leading software engineering school for women founded in San Francisco in 2012. The academy graduates more female engineers than UC Berkeley and Stanford each year.
  • Open Source Used in Influx1.8 Influx 1.9

    Open Source Used in Influx1.8 Influx 1.9

    Open Source Used In Influx1.8 Influx 1.9 Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices. Text Part Number: 78EE117C99-1178791953 Open Source Used In Influx1.8 Influx 1.9 1 This document contains licenses and notices for open source software used in this product. With respect to the free/open source software listed in this document, if you have any questions or wish to receive a copy of any source code to which you may be entitled under the applicable free/open source license(s) (such as the GNU Lesser/General Public License), please contact us at [email protected]. In your requests please include the following reference number 78EE117C99-1178791953 Contents 1.1 golang-protobuf-extensions v1.0.1 1.1.1 Available under license 1.2 prometheus-client v0.2.0 1.2.1 Available under license 1.3 gopkg.in-asn1-ber v1.0.0-20170511165959-379148ca0225 1.3.1 Available under license 1.4 influxdata-raft-boltdb v0.0.0-20210323121340-465fcd3eb4d8 1.4.1 Available under license 1.5 fwd v1.1.1 1.5.1 Available under license 1.6 jaeger-client-go v2.23.0+incompatible 1.6.1 Available under license 1.7 golang-genproto v0.0.0-20210122163508-8081c04a3579 1.7.1 Available under license 1.8 influxdata-roaring v0.4.13-0.20180809181101-fc520f41fab6 1.8.1 Available under license 1.9 influxdata-flux v0.113.0 1.9.1 Available under license 1.10 apache-arrow-go-arrow v0.0.0-20200923215132-ac86123a3f01 1.10.1 Available under
  • Buildbot Documentation Release 1.6.0

    Buildbot Documentation Release 1.6.0

    Buildbot Documentation Release 1.6.0 Brian Warner Nov 17, 2018 Contents 1 Buildbot Tutorial 3 1.1 First Run.................................................3 1.2 First Buildbot run with Docker......................................6 1.3 A Quick Tour...............................................9 1.4 Further Reading............................................. 17 2 Buildbot Manual 23 2.1 Introduction............................................... 23 2.2 Installation................................................ 29 2.3 Concepts................................................. 41 2.4 Secret Management........................................... 50 2.5 Configuration............................................... 53 2.6 Customization.............................................. 251 2.7 Command-line Tool........................................... 278 2.8 Resources................................................. 289 2.9 Optimization............................................... 289 2.10 Plugin Infrastructure in Buildbot..................................... 289 2.11 Deployment............................................... 290 2.12 Upgrading................................................ 292 3 Buildbot Development 305 3.1 Development Quick-start......................................... 305 3.2 General Documents........................................... 307 3.3 APIs................................................... 391 3.4 Python3 compatibility.......................................... 484 3.5 Classes.................................................
  • Google Cloud Issue Summary Multiple Products - 2020-08-19 All Dates/Times Relative to US/Pacific

    Google Cloud Issue Summary Multiple Products - 2020-08-19 All Dates/Times Relative to US/Pacific

    Google Cloud Issue Summary Multiple Products - 2020-08-19 All dates/times relative to US/Pacific Starting on August 19, 2020, from 20:55 to 03:30, multiple G Suite and Google Cloud Platform products experienced errors, unavailability, and delivery delays. Most of these issues involved creating, uploading, copying, or delivering content. The total incident duration was 6 hours and 35 minutes, though the impact period differed between products, and impact was mitigated earlier for most users and services. We understand that this issue has impacted our valued customers and users, and we apologize to those who were affected. DETAILED DESCRIPTION OF IMPACT Starting on August 19, 2020, from 20:55 to 03:30, Google Cloud services exhibited the following issues: ● Gmail: The Gmail service was unavailable for some users, and email delivery was delayed. About ​ 0.73% of Gmail users (both consumer and G Suite) active within the preceding seven days experienced 3 or more availability errors during the outage period. G Suite customers accounted for 27% of affected Gmail users. Additionally, some users experienced errors when adding attachments to messages. Impact on Gmail was mitigated by 03:30, and all messages delayed by this incident have been delivered. ● Drive: Some Google Drive users experienced errors and elevated latency. Approximately 1.5% of Drive ​ users (both consumer and G Suite) active within the preceding 24 hours experienced 3 or more errors during the outage period. ● Docs and Editors: Some Google Docs users experienced issues with image creation actions (for ​ example, uploading an image, copying a document with an image, or using a template with images).
  • Juniors Pick Prom Queen; Call Lanin, Devron to Play

    Juniors Pick Prom Queen; Call Lanin, Devron to Play

    Vol. XLI, No. 15 GEORGETOWN UNIVERSITY, WASHINGTON, D, C. Thursday, February 18, 1960 Parents &. Profs History Fraternity Set Get-Together Names 4 Seniors Juniors Pick Prom Queen; For Next Sunday For Membership Next Sunday, February 21, Call Lanin, Devron To Play will witness the Washington The Georgetown Beta-Phi Club's Fifth Annual Recep­ chapter of Phi Alpha Theta, Coughlin Promises tion for the Faculty of the national honor history fra­ Hawaiian Weekend College and the parents of the ternity, founded in 1921, has non-resident students. recently elected four new The Junior Prom, a yearly A full afternoon has been members from the College. tradition here at the Hilltop, planned, beginning in Gaston Hall They are seniors John Cole­ will enliven the weekend of at 2 p.m. with a short concert by the Chimes and a greeting to the man, Bob Di Maio, Arnold February 26. The events are parents by Rev. Joseph A. Sellin­ Donahue, and Al Staebler. open to all students in the ger, Dean of the College. Under the auspices of Dr. Tibor . University, not just the junior Kerekes, the Georgetown chapter class. Chairman of the fete is im­ has grown, since its inception in presario Paul J. Coughlin. Cough­ 1948, to three hundred members lin is an AB (Classical) economics and is one of the most active in the fraternity. major and a member of the Class The first admitted among Catho­ of '61. He was on the Spring Week­ lic universities, it comprises mem­ end Committee last year and is bers from the College, Foreign present.ly a membe1.· of the N.
  • Download File

    Download File

    Annex 2: List of tested and analyzed data sharing tools (non-exhaustive) Below are the specifications of the tools surveyed, as to February 2015, with some updates from April 2016. The tools selected in the context of EU BON are available in the main text of the publication and are described in more details. This list is also available on the EU BON Helpdesk website, where it will be regularly updated as needed. Additional lists are available through the GBIF resources page, the DataONE software tools catalogue, the BioVel BiodiversityCatalogue and the BDTracker A.1 GBIF Integrated Publishing Toolkit (IPT) Main usage, purpose, selected examples The Integrated Publishing Toolkit is a free open source software tool written in Java which is used to publish and share biodiversity data sets and metadata through the GBIF network. Designed for interoperability, it enables the publishing of content in databases or text files using open standards, namely, the Darwin Core and the Ecological Metadata Language. It also provides a 'one-click' service to convert data set metadata into a draft data paper manuscript for submission to a peer-reviewed journal. Currently, the IPT supports three core types of data: checklists, occurrence datasets and sample based data (plus datasets at metadata level only). The IPT is a community-driven tool. Core development happens at the GBIF Secretariat but the coding, documentation, and internationalization are a community effort. New versions incorporate the feedback from the people who actually use the IPT. In this way, users can help get the features they want by becoming involved. The user interface of the IPT has so far been translated into six languages: English, French, Spanish, Traditional Chinese, Brazilian Portuguese, Japanese (Robertson et al, 2014).
  • System and Organization Controls (SOC) 3 Report Over the Google Cloud Platform System Relevant to Security, Availability, and Confidentiality

    System and Organization Controls (SOC) 3 Report Over the Google Cloud Platform System Relevant to Security, Availability, and Confidentiality

    System and Organization Controls (SOC) 3 Report over the Google Cloud Platform System Relevant to Security, Availability, and Confidentiality For the Period 1 May 2020 to 30 April 2021 Google LLC 1600 Amphitheatre Parkway Mountain View, CA, 94043 650 253-0000 main Google.com Management’s Report of Its Assertions on the Effectiveness of Its Controls Over the Google Cloud Platform System Based on the Trust Services Criteria for Security, Availability, and Confidentiality We, as management of Google LLC ("Google" or "the Company") are responsible for: • Identifying the Google Cloud Platform System (System) and describing the boundaries of the System, which are presented in Attachment A • Identifying our service commitments and system requirements • Identifying the risks that would threaten the achievement of its service commitments and system requirements that are the objectives of our System, which are presented in Attachment B • Identifying, designing, implementing, operating, and monitoring effective controls over the Google Cloud Platform System (System) to mitigate risks that threaten the achievement of the service commitments and system requirements • Selecting the trust services categories that are the basis of our assertion We assert that the controls over the System were effective throughout the period 1 May 2020 to 30 April 2021, to provide reasonable assurance that the service commitments and system requirements were achieved based on the criteria relevant to security, availability, and confidentiality set forth in the AICPA’s
  • La Sécurité Informatique Edition Livres Pour Tous (

    La Sécurité Informatique Edition Livres Pour Tous (

    La sécurité informatique Edition Livres pour tous (www.livrespourtous.com) PDF générés en utilisant l’atelier en source ouvert « mwlib ». Voir http://code.pediapress.com/ pour plus d’informations. PDF generated at: Sat, 13 Jul 2013 18:26:11 UTC Contenus Articles 1-Principes généraux 1 Sécurité de l'information 1 Sécurité des systèmes d'information 2 Insécurité du système d'information 12 Politique de sécurité du système d'information 17 Vulnérabilité (informatique) 21 Identité numérique (Internet) 24 2-Attaque, fraude, analyse et cryptanalyse 31 2.1-Application 32 Exploit (informatique) 32 Dépassement de tampon 34 Rétroingénierie 40 Shellcode 44 2.2-Réseau 47 Attaque de l'homme du milieu 47 Attaque de Mitnick 50 Attaque par rebond 54 Balayage de port 55 Attaque par déni de service 57 Empoisonnement du cache DNS 66 Pharming 69 Prise d'empreinte de la pile TCP/IP 70 Usurpation d'adresse IP 71 Wardriving 73 2.3-Système 74 Écran bleu de la mort 74 Fork bomb 82 2.4-Mot de passe 85 Attaque par dictionnaire 85 Attaque par force brute 87 2.5-Site web 90 Cross-site scripting 90 Défacement 93 2.6-Spam/Fishing 95 Bombardement Google 95 Fraude 4-1-9 99 Hameçonnage 102 2.7-Cloud Computing 106 Sécurité du cloud 106 3-Logiciel malveillant 114 Logiciel malveillant 114 Virus informatique 120 Ver informatique 125 Cheval de Troie (informatique) 129 Hacktool 131 Logiciel espion 132 Rootkit 134 Porte dérobée 145 Composeur (logiciel) 149 Charge utile 150 Fichier de test Eicar 151 Virus de boot 152 4-Concepts et mécanismes de sécurité 153 Authentification forte
  • TIBCO Jasperreports® Server Administrator Guide

    TIBCO Jasperreports® Server Administrator Guide

    TIBCO JasperReports® Server Administrator Guide Software Release 7.8 Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE. USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN THE LICENSE FILE) OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE “LICENSE” FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME. ANY SOFTWARE ITEM IDENTIFIED AS THIRD PARTY LIBRARY IS AVAILABLE UNDER SEPARATE SOFTWARE LICENSE TERMS AND IS NOT PART OF A TIBCO PRODUCT. AS SUCH, THESE SOFTWARE ITEMS ARE NOT COVERED BY THE TERMS OF YOUR AGREEMENT WITH TIBCO, INCLUDING ANY TERMS CONCERNING SUPPORT, MAINTENANCE, WARRANTIES, AND INDEMNITIES. DOWNLOAD AND USE OF THESE ITEMS IS SOLELY AT YOUR OWN DISCRETION AND SUBJECT TO THE LICENSE TERMS APPLICABLE TO THEM. BY PROCEEDING TO DOWNLOAD, INSTALL OR USE ANY OF THESE ITEMS, YOU ACKNOWLEDGE THE FOREGOING DISTINCTIONS BETWEEN THESE ITEMS AND TIBCO PRODUCTS.
  • UCLA Electronic Theses and Dissertations

    UCLA Electronic Theses and Dissertations

    UCLA UCLA Electronic Theses and Dissertations Title Doing the Time Warp: Queer Temporalities and Musical Theater Permalink https://escholarship.org/uc/item/1k1860wx Author Ellis, Sarah Taylor Publication Date 2013 Peer reviewed|Thesis/dissertation eScholarship.org Powered by the California Digital Library University of California UNIVERSITY OF CALIFORNIA Los Angeles Doing the Time Warp: Queer Temporalities and Musical Theater A dissertation submitted in partial satisfaction of the requirements for the degree Doctor of Philosophy in Theater and Performance Studies by Sarah Taylor Ellis 2013 ABSTRACT OF THE DISSERTATION Doing the Time Warp: Queer Temporalities and Musical Theater by Sarah Taylor Ellis Doctor of Philosophy in Theater and Performance Studies University of California, Los Angeles, 2013 Professor Sue-Ellen Case, Co-chair Professor Raymond Knapp, Co-chair This dissertation explores queer processes of identification with the genre of musical theater. I examine how song and dance – sites of aesthetic difference within the musical – can warp time and enable marginalized and semi-marginalized fans to imagine different ways of being in the world. Musical numbers can complicate a linear, developmental plot by accelerating and decelerating time, foregrounding repetition and circularity, bringing the past to life and projecting into the future, and physicalizing dreams in a narratively open present. These excesses have the potential to contest naturalized constructions of historical, progressive time, as well as concordant constructions of gender, sexual, and racial identities. While the musical has historically been a rich source of identification for the stereotypical white gay male show queen, this project validates a broad and flexible range of non-normative readings.