Series |
Type |
Lecture |
Description |
Lecturer |
|
|
|
|
|
Tools and Techniques
|
Lectures |
|
Introduction to the Track
To start, we discuss some of the characteristics of software
projects for high energy physics, and some of the issues
that arise when people want to contribute to them. This
forms the framework for the Software Technologies Track. We
then continue with a brief introduction to software
engineering from the perspective of the individual
contributor, both as a formal process and how it actually
effects what you do. |
Bob Jacobsen
|
Lecture 1 |
Tools You Can Use
This lecture discusses several categories of tools &
techniques you can use to make yourself more productive and
effective. Continuous testing and documentation has proven
to be important in producing high quality work, but it's
often difficult to do; we discuss some available approaches.
Many problems require specific tools and techniques to solve
them effectively: We discuss the examples of performance
tuning and memory access problems. |
|
Lecture 2 |
Tools for Collaboration
HEP software is built by huge teams. How can this be done
effectively, while still giving people satisfying tasks to
perform?
This lecture discusses some of the technical approaches
used. Source control (e.g. CVS) is becoming common, so we
just skim over it's advantages and disadvantages to get to
the larger area of release control (e.g. CMT) and release
testing & distribution. We'll focus on why is this
considered a hard problem, and what are the current
techniques for dealing with it. |
|
Lecture 3 |
Software
Engineering Across the Project
Now that we've covered both individual and group work, we go
back to the software engineering topics of the first lecture
to see how these fit together. How does our individual work
effect the ability of the entire project to proceed? What
are tools and techniques that will improve both our
individual work, and out contributions to the whole?
We close with a summary of observations. |
|
Exercises |
Exercise 1
and
Exercise 2
|
Exercises
1 and 2
The first two exercises provide some direct experience with
the tools and techniques described in Lectures 1 and 2. In
particular, pairs of students will work together to update
existing applications, working through examples designed to
show the strengths and weaknesses of several approaches.
|
Bob Jacobsen |
Exercise 3
and
Exercise 4 |
Exercises
3 and 4
After the two-person teams acquire some experience with the
CMT release system, and CVS if needed, we will have groups
of 5 teams work together to create a functional release from
individual sub-projects at various stages of completion.
Although a limited exercise, this is intended to demonstrate
some of the real issues discussed in the lecture. |
|
Exercise 5 |
Exercises 5
Wrap-up session. |
|
|
|
|
|
|
Web services
|
Lectures |
Lecture 1 |
Introduction
to HTTP and XML
The HTTP
protocol, used by the World Wide Web has rapidly become one
of the major protocols used for inter-computer
communications on the internet and the messages exchanges
are encoded in XML to facilitate the data manipulation. The
presentation will give an overview of the technology,
introduce the standards and the tools available. |
Alberto Pace |
Lecture 2 |
Introduction to Web Services, XMLRPC, SOAP
Web
Services are “computer-to-computer services” that are made
available using Web technology. The two major standards for
offering Web services (XMLRPC and SOAP) will be introduced
and described, with few examples. |
Alberto Pace |
Prerequisite
Knowledge
|
Desirable prerequisite
and references to further
information |
Lecture
1: Introduction
to HTTP and XML
Basic
understanding of TCP/IP and Internet Networking
References:
|
|
Lecture 2: Introduction
to HTTP and XML
Basic
understanding of HTTP and XML (Previous course)
References:
|
|
|
|
|
|
Computer Security
|
Lectures |
Lecture 1 |
An
Introduction to Cryptography
Computer security relies on a number of complementary
technologies. Cryptography is one of them. Unlike what
is sometimes believed, cryptography's role is not only to
ensure the confidentiality of exchanges. It also serves to
protect the integrity of transmitted information, and more
importantly in Grid environments to authenticate individuals
and systems. The lecture describes he fundamentals of
asymmetric encryption, and explain how it is implemented in
the real world. |
Alberto Pace |
Lecture 2 |
An
Introduction to PKI
Cryptography is not sufficient to ensure that secret
information is safely shared. In particular, distributing
cryptographic keys requires an infrastructure of logically
connected systems. This is called Public Key Infrastructure
and is the subject of this lecture. |
Alberto Pace |
Lecture 3 |
An
Introduction to Kerberos
Kerberos is an alternative to PKI fro authentication. This
third lecture explains the respective positioning and the
differences. It also explains how the two technologies can
be integrated. This is illustrated by practical examples
drawn from web and mail services. |
Alberto Pace |
|
|
|
|
|
Networking QoS and Performance
|
Lectures |
Lecture 1 |
Internet
QoS options
Improving Quality of Service guarantees and performances in
data network is a key requirement of Grid computing. Indeed,
fast transfers require high-bit rate connections, and grid
operation requires network predictability and high
availability. On the other hand, the Internet historical
technology is not naturally best suited to deterministic
behaviour. This lecture explains the technical challenges and
the range of options available to improve QoS guarantees in
Internet-based networks. |
François Fluckiger |
Lecture 2 |
TCP and
Congestion Control
Not only the underlying network has to be highly performing,
but the network software running within the end-systems must
have an optimal behaviour. This lecture recalls the basics of
TCP and discusses the relationships between TCP and the
risks of congestions over Internet-based connections. |
François Fluckiger |
Lecture 3 |
Multimedia
over the Internet
The Grid is not only a network of computer resources but
also a network of people cooperating to use these resources.
Part of the collaborative tools scientists are increasingly
using include audio and video systems. They place new
challenging requirements on the networking systems. The
class discusses these requirements and their consequences on
the end-systems as well as within the underlying network. |
François Fluckiger |
Prerequisite Knowledge |
Mandatory
prerequisite |
For this series of
lectures, there is no mandatory pre-requisite knowledge, as
long as the participants are professional computer
scientists. |
|
Desirable prerequisite
and
references to further
information
|
The participants will draw
maximum benefits from the lectures if they have a fair
knowledge of computer network principles, in particular the
concepts of
-
Networking layering
-
Internet transport
infrastructure (e.g. mesh topology, routers, links)
-
Internet layers (e.g.
differences between PPP, IP, UDP, TCP)
|
|
Books
-
Computer Networks, Ed. 4
Andrew Tannenbaum, Prentice Hall, ISBN
0-130-661023
-
Internetworking with TCP/IP, vol 1
Douglas E. Commer, Prentice Hall, ISBN
0-130-183806
-
Understanding Networked
Multimedia
Francois Fluckiger, Prentice Hall, ISBN
0-131-90992-4
Vikipedia
Computer Networking (http://en.wikipedia.org/wiki/Computer_networks)
Other Links
Linux-Networking Concepts |
|
|
|
|
|
|
Creating
secure software |
Lectures
|
Lecture 1 |
Introduction
to computer security
First
lecture starts with a definition of computer security and an
explanation of why it is so difficult to achieve. The
lecture highlights the importance of proper threat modeling
and risk assessment. It then presents three complementary
methods of mitigating threats: protection, detection,
reaction; and tries to prove that security through obscurity
is not a good choice. |
Sebastian Lopienski |
Lecture 2 |
Security
in different phases of software development
The second
lecture addresses the following question: how to create
secure software? It introduces the main security principles
(like least-privilege, or defense-in-depth) and discusses
security in different phases of the software development
cycle. The emphasis is put on the implementation part: most
common pitfalls and security bugs are listed, followed by
advice on best practice for security development. |
Sebastian Lopienski |
Exercises |
Exercises1
Exercise 2 |
Avoiding,
detecting and removing software security vulnerabilities
In the
practice session, a range of typical security
vulnerabilities will be presented. The goal is to learn how
they are exploited (for privilege escalation, data
confidentiality compromise etc.), how to correct them, and
how to avoid them in the first place!
Students
will be given source code of a simple program, and will be
asked to find vulnerabilities and fix them. On-line course
documentation consists of several parts (made available in
steps, one after another), each tackles different
vulnerability type. For a given security bug planted in the
code, the documentation first shows how this
bug/vulnerability can be attacked. Then students are given
time to find the bug and work on a fix. And after some time,
a possible solution is made available. |
Sebastian Lopienski |
Prerequisite Knowledge
|
Mandatory
prerequisite |
tbw |
|
Desirable prerequisite
and
references to further
information
|
o
PHP tutorial:
http://php.net/tut.php
o
Python tutorial:
http://docs.python.org/tut/
|
|
Books
-
Secrets and Lies: Digital Security in a Networked World
by Bruce Schneier
-
Security Engineering: A Guide to Building Dependable
Distributed Systems by Ross Anderson
-
Writing Secure Code
by Michael Howard, David LeBlanc
-
Secure Coding: Principles and Practices
by Mark G. Graff, Kenneth R. van Wyk
|
|
|
|
|
|
|
|
|
|
|
|