11-12 February 2006, T.I.F.R., Mumbai, India


chep06 pre-conference School organized in collaboration with

Fundamentals Series

1 Fundamentals of Grid Technologies

2 Computer Security 1:
Cryptography and
Security Protocol

3 Fundamentals of
Networking QoS

In-depth Series

4 Computer Security 2:
From Theory to Implementation

5 Pragmatic Software Engineering

6 Working with databases and database-centric interfaces

All lecture series
Practical Information
Chep06 conference

Printable Version

All Lecture Series


Lecture Series 1

Fundamentals of Grid Technologies

Saturday 11 February 2005

09:00 12:25

Rüdiger Berlich


Fundamentals of Grid Technologies


Grid is at the onset of mainstream adoption in science and industry. Having originated from the need to process huge amounts of data in distributed compute centres, with the need to provide seamless and transparent access to thousands of people in different geographical locations, the meaning of the term "Grid computing" is changing. This series describes the roots and discusses different meanings of "The Grid", introduces technical components, standards and international Grid initiatives and takes a look at various Grid applications and use cases. A life demonstration of Grid techniques, based around the middleware gLite of the EGEE initiative, will be shown provided network connectivity is available.


Definition of Grid computing and middleware components

·          Definitions of Grid Computing: 

·          Key Question: "What is it ?"

·          Particular emphasis on Grids of the "Wide Area" type


·          Grid Components found in middleware of the "Wide area" type

·          Key Question: "What are the building blocks ?"

·          UI, CE, WN, local batch submission systems, RB  SE, …

Standards and Technologies

·          Key Question: "Which implementations exist?

·          The Globus Toolkit, with special emphasis on security


·          Grid Middlewares

-          Globus 2+4

-          LCG-2 + gLite

-          Unicore

-          AliEn

Applications and Grid Organization

·          Key Question: "What can you do with it ?"

·          Domain of applications

·          Illustration with existing scientific infrastructures (EGEE, others)


Lecture Series 2

Computer Security 1:  Introduction to cryptography


A few questions

  • Do you know what is a digital certificate and how certificate-based authentication works ?

  • Do you know how Kerberos-based authentication works and why time synchronization services are important in a Kerberos-based infrastructure?

All the answers at School@chep06

Saturday 11 February 2005

13:30 16:55

Alberto Pace


Computer Security 1:  Introduction to cryptography


The series of lectures addresses the fundamental principles of Cryptography and Public Key Infrastructure and its alternative Kerberos, which from the basis of modern security mechanisms for confidentially, data protection and integrity, authentication of people and systems, The   lectures will present asymmetric encryption, and  will describe its various fields of application. It will then discuss the need for an infrastructure to distribute keys, and the possible architectural models to construct such infrastructure. It will describe compare contract the PKI solution and compare and contrast it to the Kerberos approach.


An Introduction to Cryptography

Computer security relies on a number of complementary technologies.  Cryptography is one of them. Unlike what is sometimes believed, cryptography's role is not only to ensure the confidentiality of exchanges. It also serves to protect the integrity of transmitted information, and more importantly in Grid environments to authenticate individuals and systems. The lecture describes the fundamentals of asymmetric encryption, and explain how it is implemented in the real world.

An Introduction to PKI

Cryptography is not sufficient to ensure that secret information is safely shared. In particular, distributing cryptographic keys requires an infrastructure of logically connected systems. This is called Pubic Key Infrastructure and is the subject of this lecture.

An Introduction to Kerberos

Kerberos is an alternative to PKI fro authentication. This third lecture explains the respective positioning and the differences. It also explains how the two technologies can be integrated. This is illustrated by practical examples drawn from web and mail services.


Lecture Series 3

Fundamentals of Networking QoS


A few questions

  • Have you ever heard of Difserv or NIS?

  • Do you know what MPLS is and how it can help guaranteeing service quality?

  • Do you know how network congestion can be avoided in the Internet?

  • Do you know how TCP is designed to limit congestions and how it should be tuned for better performance?

  • Do you know what Random Early Detection or Explicit Congestion Notification means?

  • Do you know which specific protocols are required to support Audio and Video over the Internet, and why?

All the answers at School@chep06

Sunday 12 February 2005

09:00 12:25

François Flückiger


Fundamentals of Networking QoS


Improving Quality of Service guarantees and performances in data network is a key requirement of Grid computing. Indeed, fast transfers require high-bit rate connections, and grid operation requires network predictability and high availability. On the other hand, the Internet historical technology is not naturally best suited to deterministic behaviour. In this part, we will explain the technical challenges and the range of options available to improve QoS guarantees in Internet-based networks.

Not only the underlying network has to be highly performing, but the network software running within the end-systems must have an optimal behaviour. This part recalls the basics of TCP and discusses the relationships between TCP and the risks of congestions over Internet-based connections.

The Grid is not only a network of computer resources but also a network of people cooperating to use these resources. Part of the collaborative tools scientists are increasingly using include audio and video systems. They place new challenging requirements on the networking systems. We will discuss in this part these requirements and their consequences on the underlying network.


Internet QoS options

·          Why is QoS networking important in Grid environments?

·          Options to improve Internet QoS: reservations by signalling vs. aggregate-marking techniques

·          The NSIS and Diffserv protocols: status, prospects; are they complementary of competing technologies?

·          The role of MPLS in QoS issues

·          Are these technologies really necessary?

TCP and congestion control

·          Fundamentals of TCP mechanisms for flow and congestion control

·          The challenges of long distance / high bit rate Grid networking

·          Congestion notification principles in the Internet

·          Congestion avoidance and management: RED, ECN

·          Overall comparison of QoS and congestion management techniques

Supporting real-time steaming traffic over the Internet

·          Qualitative Requirements of real-time applications

·          Why is TCP inappropriate? The need of RTP, its functionalities

·          Quantitative requirements of audio and video streaming

·          Limiting the overheads; header compression

·          Conclusion: Which QoS technologies are suitable for real-time applications?


Lecture Series 4

Computer Security 2: From Theory to Implementation


A few questions

  • What are the top 10 attacks ever performed?

  • What are the common security pitfalls when developing software? How to avoid them?

  • How to balance between security and productivity?

  • Cryptography: where can it help, where must it  complemented by other mechanisms?

  • What are social engineering threats?

All the answers at School@chep06


Sunday 12 February 2005

09:00 12:25

Sebastian Lopienski


Computer Security 2: From Theory to Implementation


Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this situation. This series of lecture aims at explaining what computer security is, and how secure systems should be designed and developed.

The series will start with a definition of computer security and introduction of concepts like threat modeling and risk assessment, as well as protection, detection and reaction strategies. It then presents real-life examples of vulnerabilities and attacks, and describe the role of cryptography: where it can help, and where this needs to be complemented by other mechanisms. One of the focuses of the series is security of software applications. This part targets software developers, drawing their attention to the main pitfalls and providing guidelines for best practices.


Introduction to Computer Security

First lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. The lecture highlights the importance of proper threat modelling and risk assessment. It then presents three complementary methods of mitigating threats: protection, detection, reaction; and tries to prove that security thru obscurity is not a good choice.

Real-life threats, vulnerabilities, exploits and attacks

Second lecture discusses different vectors of attacks and motives behind them, various types of attackers and ways they exploit vulnerabilities. It includes studies of real-life cases and scenarios. The conclusion drawn here is that while many problems can be solved with cryptography, some lie outside the scope of cryptographic solutions. Several miscellaneous issues like social engineering threats are also covered in this part.

Security in different phases of software development

Last lecture addresses the following question: how to create secure software? It introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development.


Lecture Series 5

Pragmatic Software Engineering


A few questions

  • Have you ever heard of Pragmatic Software Engineering?

  • Do you know how you can benefit from using enterprise design patterns in your applications?

  • Are you fully satisfied with the tools and methods to manage your software projects?

  • Do you think you know enough on easily monitoring the code quality and robustness of your applications ?

All the answers at School@chep06

Sunday 12 February 2005

13:30 16:55

Brice Copy


Pragmatic Software EngineeringH


What is Pragmatic Software Engineering? The adjective “pragmatic” here is not a qualifier chosen by chance for the title, but a emerging term used in the software profession.

The approach of Pragmatic Software Engineering aims at extracting the best of existing practices (ranging from project management to software patterns), and then to integrate them in a simple and practical manner.

After an introduction to the principle of Pragmatic Software Engineering, the lecture Series will cover Software Project Management, explaining the idea of “agile” projects, and reviewing tools such as Change Management and Defect Tracking. The lecture will then move on to Software Quality, something that everyone wants, but which is difficult to achieve in practice -this will include Functional Testing for Web applications, and Continuous Integration Testing. The lecture will finally address Enterprise Software Architectures, an area that academic circles are sometimes hesitant to use in practice, often because of its perceived complexity and steep learning curve. The lecture will try and demystify it and will show how to apply in a simplified way these theoretical principles to concrete cases.


Introduction to Pragmatic Software Engineering

·          How to manage software

·          How to enforce quality

·          How to benefits from software patterns in your architecture

… All of this with readily available tools (open source or commercial)

Lecture Series Overview

·          Pragmatic Software Projects

·          Pragmatic Software Quality

·          Pragmatic Enterprise Patterns

Pragmatic Software Projects

Recently  coined “agile” projects

·          Iterative development

·          “Extreme Programming”

·          Project Management Tools:

o         SCM (Change Management)

o         DDR (Defect Detection and Recovery)

o         Build Tools

Pragmatic Software Quality

·          How to measure code quality today

·          Focus on Testing and Building tools

o         Unit Testing

o         Functional Testing for web based applications

o         Testing Coverage

o         Continuous Integration

o         Soft approaches:

§          Peer reviews

§          Code reviews

Pragmatic Enterprise Patterns

·          Software Patterns Introduction

·          Enterprise Environment (EE) Software Introduction

·          EE Patterns Introduction

o         Directory Naming

o         Object Pooling

o         Object Caching

o         Object Relational Mapping

o         Web MVC

·          Pragmatic EE Patterns with the Spring Framework

·          Competitors



Lecture Series 6

Working with databases and database-centric interfaces H


A few questions

  • What is database performance tuning is,  how to tame it?

  • Do you know how to read an execution plan?

  • Do you know how to create a materialized view or a function-based index?

  •  How can I work with XML and a relational database management system?

  • How can I store XML in my database, or generate XML from it?

  • How to add some auditing and logging to my database and improve the error handling?

  • What is HTMLDB and how can I develop my applications with it?

All the answers at School@chep06


Sunday 12 February 2005

13:30 16:55

Zornitsa Zaharieva


Working with databases and database-centric interfaces H


Database systems form the primary means for storing data and representing information, therefore a thorough understanding of the capabilities of database systems is crucial for the professional development of any software system.

The lectures will focus on several important aspects concerning the use of databases. In order to gain the best performance from a database system, it is important to understand the optimisation concepts (such as indexes, materialized views, partitioning, database optimizers) as well as the relevant best practices. The lecture series will also address logging and auditing of databases as well as usage of XML with databases.

Another issue that data management faces is the design and development of database-centric interfaces.

The class will compare and contrast several technologies, some of them being used for rapid application development (Java – ADF Framework, HTMLDB, PL/SQL web-cartridge, Oracle Forms). A brief practical example will be shown of using HTMLDB to develop a simple interface


  • Features to improve the performance of your database (indexes, materialized views, partitioning, hints, optimizers, etc.)
  • Using XML with your database
  • Implementing a database logging and auditing - practical examples
  • Best Practices in database design and development
  • Building database-centric interfaces
    • overview of different technologies (Java, HTMLDB, PL/SQL web-cartridge, Oracle Forms)
    • practical example of building an interface with HTMLDB


Feedback: school (at) chep06
Last update: Monday, 09. July 2007 16:42

Copyright CERN