Creating Secure Software
Session	Description	Lecturer
Lecture 1	Introduction to computer security First lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. The lecture highlights the importance of proper threat modelling and risk assessment. It then presents three complementary methods of mitigating threats: protection, detection, reaction; and tries to prove that security through obscurity is not a good choice.	Sebastian Lopienski
Lecture 2	Security in different phases of software development The second lecture addresses the following question: how to create secure software? It introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development.	Sebastian Lopienski
Lecture 3	Web application security, exercise debriefing This third hour consists of a debriefing of the exercises, and in particular those web-related. Various vulnerabilities typical to web applications (such as Cross-site scripting, SQL injection, cross-site request forgery etc.) are introduced and discussed.	Sebastian Lopienski
Exercise 1 Exercise 2 Exercise 3	Avoiding, detecting and removing software security vulnerabilities In the practice session, a range of typical security vulnerabilities will be presented. The goal is to learn how they can be exploited (for privilege escalation, data confidentiality compromise etc.), how to correct them, and how to avoid them in the first place! Students will be given small pieces of source code in different programming languages, and will be asked to find vulnerabilities and fix them. The online course documentation will gradually reveal more and more information to help students in this task. Additionally, students will have a chance to try several source code analysis tools, and see how such tools can help them find functionality bugs and security vulnerabilities.	Sebastian Lopienski Giuseppe Lo Presti
Prerequisite and References	Desirable Prerequisite Basic knowledge of C and/or PHP PHP tutorial: http://php.net/tut.php Basic understanding of HTTP protocol Basic knowledge of SQL Books Secrets and Lies: Digital Security in a Networked World by Bruce Schneier Security Engineering: A Guide to Building Dependable Distributed Systems by Ross Anderson Writing Secure Code by Michael Howard, David LeBlanc Secure Coding: Principles and Practices by Mark G. Graff, Kenneth R. van Wyk

Computer Architecture and Performance Tuning
Session	Description	Lecturer
Lecture 1	Understanding scalable hardware The first part of this double lecture describes the hardware architecture of a modern PC server with processors based on the Intel Core micro-architecture. Other processor architectures, such as ARM, will also be mentioned. Acceleration opportunities (but also bottlenecks) in the architecture will be covered in detail, not just inside the processor, but also related to the memory hierarchy. The aim is to give each student a good understanding of what resources are available from a hardware viewpoint.	Sverre Jarp
Lecture 2	Software that scales with the hardware In the second part of this double lecture we will discuss several strategies which can allow software to scale to the maximum resource potential in a given architecture. These strategies are based on both data and task parallelism. We will stress the importance of a Data Oriented Design and also mention the issue of “performance portability” across platforms. Some important factors related to programming styles will be reviewed. To back up everything with evidence, several scalable examples from physics will be portrayed.	Sverre Jarp
Lecture 3	Performance Optimization Considering the rise of many-core processors, performance tuning has become an even more important step in software development. Modern processor architectures often give us the benefit of being able to look inside the application from various angles, however drawing high-level conclusions is not always straightforward. The objective of this lecture is to familiarize the attendees with the topic of performance optimization “where it matters” and with common techniques used to define and improve application efficiency. Language independent performance tools for Linux will be demonstrated, in order to obtain information about program characteristics and bottlenecks.	Andrzej Nowak
Exercise 1 Exercise 2 Exercise 3	Exercises 1, 2 and 3 The aim of the exercises in this series is to give the attendees a practical introduction to performance oriented programming on Linux. Advanced tools will be used during the course, enabling the participants to discover how the interaction of the code and the hardware influences performance. The participants will also be given the task of correlating performance figures with certain programming decisions. In addition, the participants will understand the limits of performance optimization and the ways to establish at which point inside those limits their workload is placed. The exercises will be supported by demonstrating real world problems in production environments, including multi-threaded examples.	Sverre Jarp Andrzej Nowak
Prerequisite and References	Desirable Prerequisite Basics of modern computer architecture Basic knowledge about compilers Familiarity with Linux and the C/C++ programming languages

Software Design in the Many-Cores Era
Session	Description	Lecturer
Lecture 1	Physics and Computing Challenges to Experiment Software Even though the miniaturization of transistors on chips continues like predicted by Moore's law, computer hardware starts to face scaling issues, so-called performance 'walls'. Probably, the best known is the 'power wall', which limits clock frequencies. Amongst others, a way of increasing processor performance remains now to integrate many cores in the same chip. At the same time, the upcoming LHC upgrade will increase the required CPU power drastically. Both problems challenge the current way of software design in high energy physics (HEP). Developers in high energy physics are forced to re-think their ways of software design and need to move to massively parallel applications. This lecture will explain the current HEP software design, the hardware and physics issues that need to be tackled, and possible approaches to achieve the required level of parallelization.	B.Hegner D.Piparo
Lecture 2	Concurrent Programming in Action I This and the following lecture will explain the concepts behind various parallelization methodologies. First, a theoretical introduction into threads, thread-safety and concurrent data access will be given. As the new C++ standard (C++11) now provides build-in support for parallel programming, the new features of this standard will be shown. Finally, concrete solutions for the theoretical problems will be discussed.	B.Hegner D.Piparo
Lecture 3	Concurrent Programming in Action II The focus of this lecture lies in concurrent programming based on the 'task model', using TBB as implementation library. There will be a deeper look into concurrent data access and lock and lock-free data formats. Using the learned concepts, we will look again at the data challenges from lecture 1 and see, how a future-proof software design might look like.	B.Hegner D.Piparo
Exercise 1 Exercise 2	Exercise 1 & 2 The exercises will cover the topics of lectures 1 and 2 at a hands on basis, based on C++11 and TBB. It covers examples for the new C++11 functionality related to threads and thread safety. In addition there will be examples for concurrent access to data, lock and lock-free data structures, and task based programming.	B.Hegner D.Piparo
Prerequisite and References	References C++ Concurrency in Action Practical Multithreading Anthony Williams February, 2012 \| 528 pages ISBN: 9781933988771 Intel Threading Building Blocks: Outfitting C++ for Multi-Core Processor Parallelism, O'Reilly

Networking
Session	Description	Lecturer
Lecture 1	Internet QoS options Improving Quality of Service guarantees and performances in data network is a key requirement of Grid computing. Indeed, fast transfers require high-bit rate connections, and grid operation requires network predictability and high availability. On the other hand, the Internet historical technology is not naturally best suited to deterministic behaviour. This lecture explains the technical challenges and the range of options available to improve QoS guarantees in Internet-based networks.	François Fluckiger
Lecture 2	Multimedia over the Internet The Grid is not only a network of computer resources but also a network of people cooperating to use these resources. Part of the collaborative tools scientists are increasingly using include audio and video systems. They place new challenging requirements on the networking systems. The class discusses these requirements and their consequences on the end-systems as well as within the underlying network.	François Fluckiger
Prerequisite and References	Desirable Prerequisite Participants will draw maximum benefits from the lectures if they have a fair knowledge of computer network principles, in particular the concepts of Networking layering Internet transport infrastructure (e.g. mesh topology, routers, links) Internet layers (e.g. differences between PPP, IP, UDP, TCP) Books Computer Networks, Ed. 4 Andrew Tannenbaum, Prentice Hall, ISBN 0-130-661023 Internetworking with TCP/IP, vol 1 Douglas E. Commer, Prentice Hall, ISBN 0-130-183806 Understanding Networked Multimedia Francois Fluckiger, Prentice Hall, ISBN 0-131-90992-4 Vikipedia Computer Networking (http://en.wikipedia.org/wiki/Computer_networks) Other Links Linux-Networking Concepts