CSC2007 Software Technologies Theme

Coordinators:

Patricia MacBride, FNAL
Alberto Pace, CERN

This theme presents a selection of advanced software-related topics particularly relevant in the context of scientific computing.

The first series topics presents modern techniques for software design and modern tools and technologies for understanding and improving existing software. The emphasis is placed on the large software projects and large executables that are common in HEP. The series consist of lectures and exercises. These lectures include topics such software engineering, design, methodology and testing.

The second series of lectures focuses on Web services, which constitutes the underlying techniques supporting a number of higher level services such as those offered by Grid Technologies.

In addition to pure software design and development issues, the track is complemented by two special yet essential topics: methods and techniques for improving computer security, and Internet quality of service and network performance. The former addresses two specific security aspects: cryptography, authentication and security infrastructures on the one hand, and the creation of secure software on the other hand.

Glossary of the different acronyms: http://www.gridpp.ac.uk/gas/

Overview

Series	Type	Lecture	Description	Lecturer

Tools and Techniques	Lectures		Introduction to the Track To start, we discuss some of the characteristics of software projects for high energy physics, and some of the issues that arise when people want to contribute to them. This forms the framework for the Software Technologies Track. We then continue with a brief introduction to software engineering from the perspective of the individual contributor, both as a formal process and how it actually effects what you do.	Bob Jacobsen
		Lecture 1	Tools You Can Use This lecture discusses several categories of tools & techniques you can use to make yourself more productive and effective. Continuous testing and documentation has proven to be important in producing high quality work, but it's often difficult to do; we discuss some available approaches. Many problems require specific tools and techniques to solve them effectively: We discuss the examples of performance tuning and memory access problems.
		Lecture 2	Tools for Collaboration HEP software is built by huge teams. How can this be done effectively, while still giving people satisfying tasks to perform? This lecture discusses some of the technical approaches used. Source control (e.g. CVS) is becoming common, so we just skim over it's advantages and disadvantages to get to the larger area of release control (e.g. CMT) and release testing & distribution. We'll focus on why is this considered a hard problem, and what are the current techniques for dealing with it.
		Lecture 3	Software Engineering Across the Project Now that we've covered both individual and group work, we go back to the software engineering topics of the first lecture to see how these fit together. How does our individual work effect the ability of the entire project to proceed? What are tools and techniques that will improve both our individual work, and out contributions to the whole? We close with a summary of observations.
	Exercises	Exercise 1 and Exercise 2	Exercises 1 and 2 The first two exercises provide some direct experience with the tools and techniques described in Lectures 1 and 2. In particular, pairs of students will work together to update existing applications, working through examples designed to show the strengths and weaknesses of several approaches.	Bob Jacobsen
		Exercise 3 and Exercise 4	Exercises 3 and 4 After the two-person teams acquire some experience with the CMT release system, and CVS if needed, we will have groups of 5 teams work together to create a functional release from individual sub-projects at various stages of completion. Although a limited exercise, this is intended to demonstrate some of the real issues discussed in the lecture.
		Exercise 5	Exercises 5 Wrap-up session.

Web services	Lectures	Lecture 1	Introduction to HTTP and XML The HTTP protocol, used by the World Wide Web has rapidly become one of the major protocols used for inter-computer communications on the internet and the messages exchanges are encoded in XML to facilitate the data manipulation. The presentation will give an overview of the technology, introduce the standards and the tools available.	Alberto Pace
	Lectures	Lecture 2	Introduction to Web Services, XMLRPC, SOAP Web Services are “computer-to-computer services” that are made available using Web technology. The two major standards for offering Web services (XMLRPC and SOAP) will be introduced and described, with few examples.	Alberto Pace
	Prerequisite Knowledge	Desirable prerequisite and references to further information	Lecture 1: Introduction to HTTP and XML Basic understanding of TCP/IP and Internet Networking References: Hypertext Transfer Protocol -- HTTP/1.1 RFC XML Organization http://www.xml.org/ W3C Consortium
	Prerequisite Knowledge		Lecture 2: Introduction to HTTP and XML Basic understanding of HTTP and XML (Previous course) References: XML-RPC.com SOAP pages at W3C

Computer Security	Lectures	Lecture 1	An Introduction to Cryptography Computer security relies on a number of complementary technologies. Cryptography is one of them. Unlike what is sometimes believed, cryptography's role is not only to ensure the confidentiality of exchanges. It also serves to protect the integrity of transmitted information, and more importantly in Grid environments to authenticate individuals and systems. The lecture describes he fundamentals of asymmetric encryption, and explain how it is implemented in the real world.	Alberto Pace
		Lecture 2	An Introduction to PKI Cryptography is not sufficient to ensure that secret information is safely shared. In particular, distributing cryptographic keys requires an infrastructure of logically connected systems. This is called Public Key Infrastructure and is the subject of this lecture.	Alberto Pace
		Lecture 3	An Introduction to Kerberos Kerberos is an alternative to PKI fro authentication. This third lecture explains the respective positioning and the differences. It also explains how the two technologies can be integrated. This is illustrated by practical examples drawn from web and mail services.	Alberto Pace

Networking QoS and Performance	Lectures	Lecture 1	Internet QoS options Improving Quality of Service guarantees and performances in data network is a key requirement of Grid computing. Indeed, fast transfers require high-bit rate connections, and grid operation requires network predictability and high availability. On the other hand, the Internet historical technology is not naturally best suited to deterministic behaviour. This lecture explains the technical challenges and the range of options available to improve QoS guarantees in Internet-based networks.	François Fluckiger
		Lecture 2	TCP and Congestion Control Not only the underlying network has to be highly performing, but the network software running within the end-systems must have an optimal behaviour. This lecture recalls the basics of TCP and discusses the relationships between TCP and the risks of congestions over Internet-based connections.	François Fluckiger
		Lecture 3	Multimedia over the Internet The Grid is not only a network of computer resources but also a network of people cooperating to use these resources. Part of the collaborative tools scientists are increasingly using include audio and video systems. They place new challenging requirements on the networking systems. The class discusses these requirements and their consequences on the end-systems as well as within the underlying network.	François Fluckiger
	Prerequisite Knowledge	Mandatory prerequisite	For this series of lectures, there is no mandatory pre-requisite knowledge, as long as the participants are professional computer scientists.
		Desirable prerequisite and references to further information	The participants will draw maximum benefits from the lectures if they have a fair knowledge of computer network principles, in particular the concepts of Networking layering Internet transport infrastructure (e.g. mesh topology, routers, links) Internet layers (e.g. differences between PPP, IP, UDP, TCP)
			Books Computer Networks, Ed. 4 Andrew Tannenbaum, Prentice Hall, ISBN 0-130-661023 Internetworking with TCP/IP, vol 1 Douglas E. Commer, Prentice Hall, ISBN 0-130-183806 Understanding Networked Multimedia Francois Fluckiger, Prentice Hall, ISBN 0-131-90992-4 Vikipedia Computer Networking (http://en.wikipedia.org/wiki/Computer_networks) Other Links Linux-Networking Concepts

Creating secure software	Lectures	Lecture 1	Introduction to computer security First lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. The lecture highlights the importance of proper threat modeling and risk assessment. It then presents three complementary methods of mitigating threats: protection, detection, reaction; and tries to prove that security through obscurity is not a good choice.	Sebastian Lopienski
	Lectures	Lecture 2	Security in different phases of software development The second lecture addresses the following question: how to create secure software? It introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development.	Sebastian Lopienski
	Exercises	Exercises1 Exercise 2	Avoiding, detecting and removing software security vulnerabilities In the practice session, a range of typical security vulnerabilities will be presented. The goal is to learn how they are exploited (for privilege escalation, data confidentiality compromise etc.), how to correct them, and how to avoid them in the first place! Students will be given source code of a simple program, and will be asked to find vulnerabilities and fix them. On-line course documentation consists of several parts (made available in steps, one after another), each tackles different vulnerability type. For a given security bug planted in the code, the documentation first shows how this bug/vulnerability can be attacked. Then students are given time to find the bug and work on a fix. And after some time, a possible solution is made available.	Sebastian Lopienski
	Prerequisite Knowledge	Mandatory prerequisite	tbw
		Desirable prerequisite and references to further information	Basic knowledge of PHP or Python o PHP tutorial: http://php.net/tut.php o Python tutorial: http://docs.python.org/tut/ Basic understanding of HTTP protocol (see first lecture on Web services by Alberto Pace) Basic knowledge of SQL
			Books Secrets and Lies: Digital Security in a Networked World by Bruce Schneier Security Engineering: A Guide to Building Dependable Distributed Systems by Ross Anderson Writing Secure Code by Michael Howard, David LeBlanc Secure Coding: Principles and Practices by Mark G. Graff, Kenneth R. van Wyk