General
About CSC
Organisation

People
Process for CSC hosting
School Models
Role of Local Organisers
Other Roles

Participants
Past Schools

2004 2005 2006 2007 2008 2009 2010 2011

Diploma at CSC
Sport at CSC
Inverted CSCs

iCSC05 iCSC06 iCSC08 iCSC10 iCSC11

Special schools

School@chep06

 

CSC 2007

CSC2007 Overview

Practical Information

Programme

Schedule

Lecturers

Participants

Organisers

 
Examination results
 
Grants from EU -FP6

Eligibility Conditions

Level of grant support

How to apply
 

CSC-Live

CERN School of Computing 2007 20-31 August 2007 - Dubrovnik, Croatia

Programme Overview

Grid Theme

Software Theme

Physics Comp. Theme

Schedule

Lecturers

Lecturer Bios

CSC-Live

 Printable Version  

CSC2007 Software Technologies Theme

Coordinators:

Patricia MacBride, FNAL
Alberto Pace,
CERN
 
 

This theme presents a selection of advanced software-related topics particularly relevant in the context of scientific computing. 

 

The first series  topics presents modern techniques for software design and modern tools and technologies for understanding and improving existing software.  The emphasis is placed on the large software projects and large executables that are common in HEP. The series  consist of lectures and exercises. These lectures include topics such software engineering, design, methodology and testing. 

 

The second series of lectures focuses on Web services, which constitutes the underlying techniques supporting a number of higher level services such as those offered by Grid Technologies.

 

In addition to pure software design and development issues, the track is complemented by two special yet essential topics: methods and techniques for improving computer security, and Internet quality of service and network performance. The former addresses two specific security aspects: cryptography, authentication  and security infrastructures on the one hand, and the creation of secure software on the other hand.

 

Glossary of the different acronyms: http://www.gridpp.ac.uk/gas/

Overview

Series

Type

Lecture

Description

Lecturer

     

 

 

Tools and Techniques

Lectures

 

Introduction to the Track

To start, we discuss some of the characteristics of software projects for high energy physics, and some of the issues that arise when people want to contribute to them. This forms the framework for the Software Technologies Track. We then continue with a brief introduction to software engineering from the perspective of the individual contributor, both as a formal process and how it actually effects what you do.

Bob Jacobsen

Lecture 1

Tools You Can Use

This lecture discusses several categories of tools & techniques you can use to make yourself more productive and effective. Continuous testing and documentation has proven to be important in producing high quality work, but it's often difficult to do; we discuss some available approaches. Many problems require specific tools and techniques to solve them effectively: We discuss the examples of performance tuning and memory access problems.

 

Lecture 2

Tools for Collaboration

HEP software is built by huge teams. How can this be done effectively, while still giving people satisfying tasks to perform?
This lecture discusses some of the technical approaches used. Source control (e.g. CVS) is becoming common, so we just skim over it's advantages and disadvantages to get to the larger area of release control (e.g. CMT) and release testing & distribution. We'll focus on why is this considered a hard problem, and what are the current techniques for dealing with it.

 

Lecture 3

Software Engineering Across the Project

Now that we've covered both individual and group work, we go back to the software engineering topics of the first lecture to see how these fit together. How does our individual work effect the ability of the entire project to proceed? What are tools and techniques that will improve both our individual work, and out contributions to the whole?
We close with a summary of observations.

 

Exercises

Exercise 1 and
Exercise 2

 

Exercises 1 and 2
The first two exercises provide some direct experience with the tools and techniques described in Lectures 1 and 2. In particular, pairs of students will work together to update existing applications, working through examples designed to show the strengths and weaknesses of several approaches.

Bob Jacobsen

Exercise 3 and
Exercise 4

Exercises 3 and 4
After the two-person teams acquire some experience with the CMT release system, and CVS if needed, we will have groups of 5 teams work together to create a functional release from individual sub-projects at various stages of completion. Although a limited exercise, this is intended to demonstrate some of the real issues discussed in the lecture.

 

Exercise 5

Exercises 5
Wrap-up session.

 

 

 

 

 

 

Web services

 

Lectures

Lecture 1

Introduction to HTTP and XML

 The HTTP protocol, used by the World Wide Web has rapidly become one of the major protocols used for inter-computer communications on the internet and the messages exchanges are encoded in XML to facilitate the data manipulation. The presentation will give an overview of the technology, introduce the standards and the tools available.

Alberto Pace

Lecture 2

Introduction to Web Services, XMLRPC, SOAP

 Web Services are “computer-to-computer services” that are made available using Web technology. The two major standards for offering Web services (XMLRPC and SOAP) will be introduced and described, with few examples.

Alberto Pace

Prerequisite Knowledge

Desirable prerequisite

 

and

 references to further information

Lecture 1: Introduction to HTTP and XML

Basic understanding of TCP/IP and Internet Networking

References:

 

Lecture 2: Introduction to HTTP and XML

Basic understanding of HTTP and XML (Previous course)

References:

 

 

 

 

 

Computer Security

 

Lectures

Lecture 1

An Introduction to Cryptography

Computer security relies on a number of complementary technologies.  Cryptography is one of them. Unlike what is sometimes believed, cryptography's role is not only to ensure the confidentiality of exchanges. It also serves to protect the integrity of transmitted information, and more importantly in Grid environments to authenticate individuals and systems. The lecture describes he fundamentals of asymmetric encryption, and explain how it is implemented in the real world.

Alberto Pace

Lecture 2

An Introduction to PKI

Cryptography is not sufficient to ensure that secret information is safely shared. In particular, distributing cryptographic keys requires an infrastructure of logically connected systems. This is called Public Key Infrastructure and is the subject of this lecture.

Alberto Pace

Lecture 3

An Introduction to Kerberos

Kerberos is an alternative to PKI fro authentication. This third lecture explains the respective positioning and the differences. It also explains how the two technologies can be integrated. This is illustrated by practical examples drawn from web and mail services.

Alberto Pace

 

 

 

 

 

Networking QoS and   Performance

Lectures

Lecture 1

Internet QoS options

Improving Quality of Service guarantees and performances in data network is a key requirement of Grid computing. Indeed, fast transfers require high-bit rate connections, and grid operation requires network predictability and high availability. On the other hand, the Internet historical technology is not naturally best suited to deterministic behaviour. This lecture explains the technical challenges and the range of options available to improve QoS guarantees in Internet-based networks.

François Fluckiger

Lecture 2

TCP and Congestion Control

Not only the underlying network has to be highly performing, but the network software running within the end-systems must have an optimal behaviour. This lecture recalls the basics of TCP and discusses the relationships between TCP and the risks of congestions over Internet-based connections.

François Fluckiger

Lecture 3

Multimedia over the Internet

The Grid is not only a network of computer resources but also a network of people cooperating to use these resources. Part of the collaborative tools scientists are increasingly using include audio and video systems. They place new challenging requirements on the networking systems. The class discusses these requirements and their consequences on the end-systems as well as within the underlying network.

François Fluckiger

Prerequisite Knowledge

 

Mandatory prerequisite

For this series of lectures, there is no mandatory pre-requisite knowledge, as long as the participants are professional computer scientists.

 

Desirable prerequisite

 

and

 references to further information

The participants will draw maximum benefits from the lectures if they have a fair knowledge of computer network principles, in particular the concepts of

  • Networking layering

  • Internet transport infrastructure (e.g. mesh topology, routers, links)

  • Internet layers (e.g. differences between PPP, IP, UDP, TCP)

 

Books

  • Computer Networks, Ed. 4
    Andrew Tannenbaum, Prentice Hall, ISBN 0-130-661023

  • Internetworking with TCP/IP, vol 1
    Douglas E. Commer, Prentice Hall, ISBN 0-130-183806

  • Understanding Networked Multimedia
    Francois Fluckiger, Prentice Hall, ISBN 0-131-90992-4

Vikipedia

Computer Networking (http://en.wikipedia.org/wiki/Computer_networks)

Other Links

Linux-Networking Concepts

 

 

 

 

 

 

Creating secure software

Lectures

 

Lecture 1

Introduction to computer security

First lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. The lecture highlights the importance of proper threat modeling and risk assessment. It then presents three complementary methods of mitigating threats: protection, detection, reaction; and tries to prove that security through obscurity is not a good choice.

Sebastian Lopienski

Lecture 2

Security in different phases of software development

The second lecture addresses the following question: how to create secure software? It introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development.

Sebastian Lopienski

Exercises

Exercises1
Exercise 2

Avoiding, detecting and removing software security vulnerabilities

In the practice session, a range of typical security vulnerabilities will be presented. The goal is to learn how they are exploited (for privilege escalation, data confidentiality compromise etc.), how to correct them, and how to avoid them in the first place!

Students will be given source code of a simple program, and will be asked to find vulnerabilities and fix them. On-line course documentation consists of several parts (made available in steps, one after another), each tackles different vulnerability type. For a given security bug planted in the code, the documentation first shows how this bug/vulnerability can be attacked. Then students are given time to find the bug and work on a fix. And after some time, a possible solution is made available.

Sebastian Lopienski

Prerequisite Knowledge

 

Mandatory prerequisite

tbw

 

Desirable prerequisite

 

and

 references to further information

  • Basic knowledge of PHP or Python

o         PHP tutorial: http://php.net/tut.php

o         Python tutorial: http://docs.python.org/tut/

  •  Basic understanding of HTTP protocol (see first lecture on Web services by Alberto Pace)

  •  Basic knowledge of SQL

 

Books

  • Secrets and Lies: Digital Security in a Networked World by Bruce Schneier

  • Security Engineering: A Guide to Building Dependable Distributed Systems by Ross Anderson

  • Writing Secure Code by Michael Howard, David LeBlanc

  • Secure Coding: Principles and Practices by Mark G. Graff, Kenneth R. van Wyk

 

 

 

 

 

 

 

     

 

 
Feedback: Computing (dot) School (at) cern (dot) ch
Last update: Thursday, 14. November 2013 11:50

Copyright CERN