Saturday 11 February 2005

09:00 12:25

Rüdiger Berlich

FZK

Fundamentals of Grid Technologies

Overview

Grid is at the onset of mainstream adoption in science and industry. Having originated from the need to process huge amounts of data in distributed compute centres, with the need to provide seamless and transparent access to thousands of people in different geographical locations, the meaning of the term "Grid computing" is changing. This series describes the roots and discusses different meanings of "The Grid", introduces technical components, standards and international Grid initiatives and takes a look at various Grid applications and use cases. A life demonstration of Grid techniques, based around the middleware gLite of the EGEE initiative, will be shown provided network connectivity is available.

Outline

Definition of Grid computing and middleware components

·          Definitions of Grid Computing: 

·          Key Question: "What is it ?"

·          Particular emphasis on Grids of the "Wide Area" type

·          Grid Components found in middleware of the "Wide area" type

·          Key Question: "What are the building blocks ?"

·          UI, CE, WN, local batch submission systems, RB  SE, …

Standards and Technologies

·          Key Question: "Which implementations exist?”

·          The Globus Toolkit, with special emphasis on security

·          Grid Middlewares

-          Globus 2+4

-          LCG-2 + gLite

-          Unicore

-          AliEn

Applications and Grid Organization

·          Key Question: "What can you do with it ?"

·          Domain of applications

·          Illustration with existing scientific infrastructures (EGEE, others)

Saturday 11 February 2005

13:30 16:55

Alberto Pace

CERN

Computer Security 1:  Introduction to cryptography

Overview

The series of lectures addresses the fundamental principles of Cryptography and Public Key Infrastructure and its alternative Kerberos, which from the basis of modern security mechanisms for confidentially, data protection and integrity, authentication of people and systems, The   lectures will present asymmetric encryption, and  will describe its various fields of application. It will then discuss the need for an infrastructure to distribute keys, and the possible architectural models to construct such infrastructure. It will describe compare contract the PKI solution and compare and contrast it to the Kerberos approach.

Outline

An Introduction to Cryptography

Computer security relies on a number of complementary technologies.  Cryptography is one of them. Unlike what is sometimes believed, cryptography's role is not only to ensure the confidentiality of exchanges. It also serves to protect the integrity of transmitted information, and more importantly in Grid environments to authenticate individuals and systems. The lecture describes the fundamentals of asymmetric encryption, and explain how it is implemented in the real world.

An Introduction to PKI

Cryptography is not sufficient to ensure that secret information is safely shared. In particular, distributing cryptographic keys requires an infrastructure of logically connected systems. This is called Pubic Key Infrastructure and is the subject of this lecture.

An Introduction to Kerberos

Kerberos is an alternative to PKI fro authentication. This third lecture explains the respective positioning and the differences. It also explains how the two technologies can be integrated. This is illustrated by practical examples drawn from web and mail services.

Sunday 12 February 2005

09:00 12:25

François Flückiger

CERN

Fundamentals of Networking QoS

Overview

Improving Quality of Service guarantees and performances in data network is a key requirement of Grid computing. Indeed, fast transfers require high-bit rate connections, and grid operation requires network predictability and high availability. On the other hand, the Internet historical technology is not naturally best suited to deterministic behaviour. In this part, we will explain the technical challenges and the range of options available to improve QoS guarantees in Internet-based networks.

Not only the underlying network has to be highly performing, but the network software running within the end-systems must have an optimal behaviour. This part recalls the basics of TCP and discusses the relationships between TCP and the risks of congestions over Internet-based connections.

The Grid is not only a network of computer resources but also a network of people cooperating to use these resources. Part of the collaborative tools scientists are increasingly using include audio and video systems. They place new challenging requirements on the networking systems. We will discuss in this part these requirements and their consequences on the underlying network.

Outline

Internet QoS options

·          Why is QoS networking important in Grid environments?

·          Options to improve Internet QoS: reservations by signalling vs. aggregate-marking techniques

·          The NSIS and Diffserv protocols: status, prospects; are they complementary of competing technologies?

·          The role of MPLS in QoS issues

·          Are these technologies really necessary?

TCP and congestion control

·          Fundamentals of TCP mechanisms for flow and congestion control

·          The challenges of long distance / high bit rate Grid networking

·          Congestion notification principles in the Internet

·          Congestion avoidance and management: RED, ECN

·          Overall comparison of QoS and congestion management techniques

Supporting real-time steaming traffic over the Internet

·          Qualitative Requirements of real-time applications

·          Why is TCP inappropriate? The need of RTP, its functionalities

·          Quantitative requirements of audio and video streaming

·          Limiting the overheads; header compression

·          Conclusion: Which QoS technologies are suitable for real-time applications?

Sunday 12 February 2005

09:00 12:25

Sebastian Lopienski

CERN

Computer Security 2: From Theory to Implementation

Overview

Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this situation. This series of lecture aims at explaining what computer security is, and how secure systems should be designed and developed.

The series will start with a definition of computer security and introduction of concepts like threat modeling and risk assessment, as well as protection, detection and reaction strategies. It then presents real-life examples of vulnerabilities and attacks, and describe the role of cryptography: where it can help, and where this needs to be complemented by other mechanisms. One of the focuses of the series is security of software applications. This part targets software developers, drawing their attention to the main pitfalls and providing guidelines for best practices.

Outline

Introduction to Computer Security

First lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. The lecture highlights the importance of proper threat modelling and risk assessment. It then presents three complementary methods of mitigating threats: protection, detection, reaction; and tries to prove that security thru obscurity is not a good choice.

Real-life threats, vulnerabilities, exploits and attacks

Second lecture discusses different vectors of attacks and motives behind them, various types of attackers and ways they exploit vulnerabilities. It includes studies of real-life cases and scenarios. The conclusion drawn here is that while many problems can be solved with cryptography, some lie outside the scope of cryptographic solutions. Several miscellaneous issues like social engineering threats are also covered in this part.

Security in different phases of software development

Last lecture addresses the following question: how to create secure software? It introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development.

Sunday 12 February 2005

13:30 16:55

Brice Copy

CERN

Pragmatic Software EngineeringH

Overview

What is Pragmatic Software Engineering? The adjective “pragmatic” here is not a qualifier chosen by chance for the title, but a emerging term used in the software profession.

The approach of Pragmatic Software Engineering aims at extracting the best of existing practices (ranging from project management to software patterns), and then to integrate them in a simple and practical manner.

After an introduction to the principle of Pragmatic Software Engineering, the lecture Series will cover Software Project Management, explaining the idea of “agile” projects, and reviewing tools such as Change Management and Defect Tracking. The lecture will then move on to Software Quality, something that everyone wants, but which is difficult to achieve in practice -this will include Functional Testing for Web applications, and Continuous Integration Testing. The lecture will finally address Enterprise Software Architectures, an area that academic circles are sometimes hesitant to use in practice, often because of its perceived complexity and steep learning curve. The lecture will try and demystify it and will show how to apply in a simplified way these theoretical principles to concrete cases.

Outline

Introduction to Pragmatic Software Engineering

·          How to manage software

·          How to enforce quality

·          How to benefits from software patterns in your architecture

… All of this with readily available tools (open source or commercial)

Lecture Series Overview

·          Pragmatic Software Projects

·          Pragmatic Software Quality

·          Pragmatic Enterprise Patterns

Pragmatic Software Projects

Recently  coined “agile” projects

·          Iterative development

·          “Extreme Programming”

·          Project Management Tools:

o         SCM (Change Management)

o         DDR (Defect Detection and Recovery)

o         Build Tools

Pragmatic Software Quality

·          How to measure code quality today

·          Focus on Testing and Building tools

o         Unit Testing

o         Functional Testing for web based applications

o         Testing Coverage

o         Continuous Integration

o         Soft approaches:

§          Peer reviews

§          Code reviews

Pragmatic Enterprise Patterns

·          Software Patterns Introduction

·          Enterprise Environment (EE) Software Introduction

·          EE Patterns Introduction

o         Directory Naming

o         Object Pooling

o         Object Caching

o         Object Relational Mapping

o         Web MVC

·          Pragmatic EE Patterns with the Spring Framework

·          Competitors

Sunday 12 February 2005

13:30 16:55

Zornitsa Zaharieva

CERN

Working with databases and database-centric interfaces H

Overview

Database systems form the primary means for storing data and representing information, therefore a thorough understanding of the capabilities of database systems is crucial for the professional development of any software system.

The lectures will focus on several important aspects concerning the use of databases. In order to gain the best performance from a database system, it is important to understand the optimisation concepts (such as indexes, materialized views, partitioning, database optimizers) as well as the relevant best practices. The lecture series will also address logging and auditing of databases as well as usage of XML with databases.

Another issue that data management faces is the design and development of database-centric interfaces.

The class will compare and contrast several technologies, some of them being used for rapid application development (Java – ADF Framework, HTMLDB, PL/SQL web-cartridge, Oracle Forms). A brief practical example will be shown of using HTMLDB to develop a simple interface

Outline

• Features to improve the performance of your database (indexes, materialized views, partitioning, hints, optimizers, etc.)

• Using XML with your database
• Implementing a database logging and auditing - practical examples
• Best Practices in database design and development
• Building database-centric interfaces
  • overview of different technologies (Java, HTMLDB, PL/SQL web-cartridge, Oracle Forms)
  • practical example of building an interface with HTMLDB