hello world

1
ETM 555 Supplementary Lecture Notes Version 3.0
/ 2007 Contents Part 1 Hardware/Software
Systems, Grid Computing Part 2 Operating
Systems Part 3 Web Programming Part 4 Security
Part 5 Computer Networks, Telecommunications
2
Part 1 Hardware/Software Systems, Grid Computing
3
Hardware Parallel/Distributed Processing High
Performance ComputingTop 500 listGrid computing
ETM 555
picture of ASCI WHITE, the most
powerful computer in the world (2001)
4
Von Neumann Architecture
CPU
RAM
Device
Device
BUS

• sequential computer

5
History of Computer Architecture

• 4 Generations (identified by logic technology)
• Tubes
• Transistors
• Integrated Circuits
• VLSI (very large scale integration)

6
PERFORMANCE TRENDS
7
PERFORMANCE TRENDS

• Traditional mainframe/supercomputer performance
  25 increase per year
• But microprocessor performance 50 increase per
  year since mid 80s.

8
Moores Law

• Transistor density doubles every 18 months
• Moore is co-founder of Intel.
• 60 increase per year
• Exponential growth
• PC costs decline.
• PCs are building bricks of all future systems.

9
VLSI Generation
10
Bit Level Parallelism(upto mid 80s)

• 4 bit microprocessors replaced by 8 bit, 16 bit,
  32 bit etc.
• doubling the width of the datapath reduces the
  number of cycles required to perform a full
  32-bit operation
• mid 80s reap benefits of this kind of
  parallelism (full 32-bit word operations combined
  with the use of caches)

11
Instruction Level Parallelism(mid 80s to mid
90s)

• Basic steps in instruction processing
  (instruction decode, integer arithmetic, address
  calculations, could be performed in a single
  cycle)
• Pipelined instruction processing
• Reduced instruction set (RISC)
• Superscalar execution
• Branch prediction

12
Thread/Process Level Parallelism(mid 90s to
present)

• On average control transfers occur roughly once
  in five instructions, so exploiting instruction
  level parallelism at a larger scale is not
  possible
• Use multiple independent threads or processes
• Concurrently running threads, processes

13
Evolution of the Infrastructure

• Electronic Accounting Machine Era 1930-1950
• General Purpose Mainframe and Minicomputer Era
  1959-Present
• Personal Computer Era 1981 Present
• Client/Server Era 1983 Present
• Enterprise Internet Computing Era 1992- Present

14
Memory Hierarchy
Fast
Registers
Cache
Real Memory
Disk
Slow
CD
15
Sequential vs Parallel Processing

• physical limits reached
• easy to program
• expensive supercomputers

• raw power unlimited
• more memory, multiple cache
• made up of COTS, so cheap
• difficult to program

16
Amdahls Law

• The serial percentage of a program is fixed. So
  speed-up obtained by employing parallel
  processing is bounded.
• Lead to pessimism in in the parallel processing
  community and prevented development of parallel
  machines for a long time.

1
Speedup
1-s
s
P

• In the limit
• Spedup 1/s

s
17
Gustafsons Law

• Serial percentage is dependent on the number of
  processors/input.
• Broke/disproved Amdahls law.
• Demonstrated achieving more than 1000 fold
  speedup using 1024 processors.
• Justified parallel processing

18
Grand Challenge Applications

• Important scientific engineering problems
  identified by U.S. High Performance Computing
  Communications Program (92)

19
Flynns Taxonomy

• classifies computer architectures according to
• Number of instruction streams it can process at a
  time
• Number of data elements on which it can operate
  simultaneously

Data Streams
Single Multiple
Single
SIMD
SISD
Instruction Streams
Multiple
MISD
MIMD
20
SPMD Model (Single Program Multiple Data)

• Each processor executes the same program
  asynchronously
• Synchronization takes place only when processors
  need to exchange data
• SPMD is extension of SIMD (relax synchronized
  instruction execution)
• SPMD is restriction of MIMD (use only one
  source/object)

21
Parallel Processing Terminology

• Embarassingly Parallel
• applications which are trivial to parallelize
• large amounts of independent computation
• Little communication
• Data Parallelism
• model of parallel computing in which a single
  operation can be applied to all data elements
  simultaneously
• amenable to SIMD or SPMD style of computation
• Control Parallelism
• many different operations may be executed
  concurrently
• require MIMD/SPMD style of computation

22
Parallel Processing Terminology

• Scalability
• If the size of problem is increased, number of
  processors that can be effectively used can be
  increased (i.e. there is no limit on
  parallelism).
• Cost of scalable algorithm grows slowly as input
  size and the number of processors are increased.
• Data parallel algorithms are more scalable than
  control parallel alorithms
• Granularity
• fine grain machines employ massive number of
  weak processors each with small memory
• coarse grain machines smaller number of powerful
  processors each with large amounts of memory

23
Shared Memory Machines

• Memory is globally shared, therefore processes
  (threads) see single address
• space

• Coordination of accesses to locations done by use
  of locks provided by
• thread libraries

• Example Machines Sequent, Alliant, SUN Ultra,
  Dual/Quad Board Pentium PC

• Example Thread Libraries POSIX threads, Linux
  threads.

24
Shared Memory Machines

• can be classified as
• UMA uniform memory access
• NUMA nonuniform memory access
• based on the amount of time a processor takes to
  access local and global memory.

P M P M .. P M
Inter- connection network
P M P M .. P M
Inter- connection network
M M M .. M
P P .. P
M M .. M
Inter- connection network/ or BUS
(a)
(c)
(b)
25
Distributed Memory Machines

• Each processor has its own local memory (not
  directly accessible by others)

• Processors communicate by passing messages to
  each other

• Example Machines IBM SP2, Intel Paragon, COWs
  (cluster of workstations)

• Example Message Passing Libraries PVM, MPI

26
Beowulf Clusters

• Use COTS, ordinary PCs and networking equipment
• Has the best price/performance ratio

PC cluster
27
Multi-Core Computing

• A multi-core microprocessor is one which combines
  two or more independent processors into a single
  package, often a single integrated circuit.
• A dual-core device contains only two independent
  microprocessors.

28
Comparison of Different Architectures
Single Core Architecture
29
Comparison of Different Architectures
Multiprocessor
30
Comparison of Different Architectures
CPU State
CPU State
Execution unit
Cache
Hyper-Threading Technology
31
Comparison of Different Architectures
Multi-Core Architecture
32
Comparison of Different Architectures
CPU State
CPU State
Execution unit
Execution unit
Cache
Multi-Core Architecture with Shared Cache
33
Comparison of Different Architectures
Multi-Core with Hyper-Threading Technology
34
(No Transcript)
35
Top 10 Most Powerful Computers in the World (as
of 6/2006)
36
New Top 500 List

• http//www.top500.org/list/2007/06

37
Application Areas in Top 500 List
38
Top 500 Statistics

• http//www.top500.org/stats

39
Grid Computing

• provide access to computing power and various
  resources just like accessing electrical power
  from electrical grid
• Allows coupling of geographically distributed
  resources
• Provide inexpensive access to resources
  irrespective of their physical location or access
  point
• Internet dedicated networks can be used to
  interconnect distributed computational resources
  and present them as a single unified resource
• Resources supercomputers, clusters, storage
  systems, data resources, special devices

40
Grid Computing

• the GRID is, in effect, a set of software tools,
  which when combined with hardware, would let
  users tap processing power off the Internet as
  easily as the electrical power can be drawn from
  the electricty grid.
• Examples of Grids
• -TeraGrid (USA)
• -EGEE Grid (Europe)
• TR-Grid (Turkey)

41
Part 2 Operating Systems
42
What is an Operating System?

• A program that acts as an intermediary between a
  user of a computer and the computer hardware.
• Operating system goals
• Execute user programs and make solving user
  problems easier.
• Make the computer system convenient to use.
• Use the computer hardware in an efficient manner.

43
Computer System Components

• 1. Hardware provides basic computing resources
  (CPU, memory, I/O devices).
• 2. Operating system controls and coordinates
  the use of the hardware among the various
  application programs for the various users.
• 3. Applications programs define the ways in
  which the system resources are used to solve the
  computing problems of the users (compilers,
  database systems, video games, business
  programs).
• 4. Users (people, machines, other computers).

44
Abstract View of System Components
45
Operating System Definitions

• Resource allocator manages and allocates
  resources.
• Control program controls the execution of user
  programs and operations of I/O devices .
• Kernel the one program running at all times
  (all else being application programs).

46
Simple Batch Systems

• Hire an operator
• User ? operator
• Add a card reader
• Reduce setup time by batching similar jobs
• Automatic job sequencing automatically
  transfers control from one job to another. First
  rudimentary operating system.
• Resident monitor
• initial control in monitor
• control transfers to job
• when job completes control transfers back to
  monitor

47
Time-Sharing SystemsInteractive Computing

• The CPU is multiplexed among several jobs that
  are kept in memory and on disk (the CPU is
  allocated to a job only if the job is in memory).
• A job is swapped in and out of memory to the
  disk.
• On-line communication between the user and the
  system is provided when the operating system
  finishes the execution of one command, it seeks
  the next control statement not from a card
  reader, but rather from the users keyboard.
• On-line system must be available for users to
  access data and code.

48
Personal-Computer Systems

• Personal computers computer system dedicated to
  a single user.
• I/O devices keyboards, mice, display screens,
  small printers.
• User convenience and responsiveness.
• Can adopt technology developed for larger
  operating system often individuals have sole use
  of computer and do not need advanced CPU
  utilization of protection features.

49
Migration of Operating-System Concepts and
Features
50
Common OS System Components

• Process Management
• Main Memory Management
• Secondary-Storage Management
• I/O System Management
• File Management
• Protection System
• Networking
• Command-Interpreter System

51
UNIX Versions Clones

• System V (ATT)
• AIX (IBM)
• BSD (Berkeley Univ.)
• HP-UX (HP)
• Linux (Linus Torvalds)
• Minix (Tanenbaum)
• OSF (open software foundation)
• SCO (santa cruz operation)
• Solaris (SUN Microsystems)
• XENIX (Microsoft)
• FreeBSD

52
UNIX HISTORY

• 1950s time-sharing invented at Dartmouth MIT
  (sys. running only basic)
• MIT System CTSS
• 2nd Generation MIT, Bell Labs, GE designed
  MULTICS (Multiplexed Information Computing
  Service)
• Ken Thompson from Bell Labs wrote stripped down
  MULTICS on a discarded PDP-7. Code was written in
  assembly language.
• Brian Kernighan (Bell labs) called the system
  UNICS (Uniplexed Information Computing Service).
  Later this name was changed to UNIX.
• Dennis Ritchie joined the team of Ken Thompson.
• UNIX moved to PDP-11
• B and later C languages were designed/developed.
  

53
UNIX HISTORY

• Thompson and Ritchie rewrote UNIX in C.
• 1974, Thompson and Ritchie wrote a landmark paper
  on on UNIX.
• Universities started to ask for a copy of UNIX.
• By Mid 80s UNIX was in widespread use.
• ATT released first commercial UNIX product
  System III which was not well received.
• ATT later released System V.
• ATT decided to concentrate on telephone
  business. Sold UNIX business to Novell 1993.
• Novell sold UNIX biz to Santa Cruz Operation in
  1995.

54
UNIX HISTORY

• Berkeley Unix (BSD Berkeley Software
  Distribution). Introduces many improvements,
  networking TCP/IP.
• System V and BSD are major 2 Unix flavors
• IEEE POSIX standard was developed to reconcile
  these two flavors took intersection of these
  two systems
• POSIX Portable Operating System IX
• POSIX Idea A software vendor who writes his a
  program that uses only procedures defined in
  POSIX standard knows that this program will run
  on every conformant UNIX system.
• OSF (Open Software Foundation), IBM, DEC, HP
  Unix system version (with X11, Motif etc
  included)
• OSF gradually vanished

55
UNIX HISTORY

• Solaris (from SUN Microsystems) is based on
  System V.
• Minix (Tanenbaum) written for educational
  purposes 87, 12K lines of code.
• Linux developed by finnish student Linux
  Torvalds), first released in 91.
• Minix has micro-kernel architecture, Linux is
  monolithic.
• Big famous argument between Tanenbaum Linus
  about micro-kernel vs monolithic operating
  systems.

56
Microkernel vs Monolithic

• A trend in modern OS (according to Tanenbaum) is
  moving code up into higher layers and remove as
  much as possible from kernel mode, leaving a
  minimal kernel.
• all the kernel does is handle the communications
  between clients and servers.
• Advantages small manageable parts, no direct
  access to hardware, as a result if a bug is
  triggered, that part may crash but this will not
  bring down the whole system.
• Also better suited to distributed systems, client
  need not know whether the message comes from the
  same machine or from a remote system.
• Monolithic (one big mess) no structure, OS is
  written as a collection of procedures, each of
  which can call any other ones whenever it needs
  to.
• Monolithic OS, however, have much better
  performance (i.e. they are faster).

57
Microkernel vs Monolithic
Main procedure
Service procedures
Monolithic System
Utility procedures
User mode
Microkernel System
Client Client Process Terminal File Memory
kernel mode
Microkernel
Client obtains service by Sending messages to
server processes
58
Comparison of some operating system sizes
59
Windows Desktop OS Family History
60
1985 Windows 1.0

• milestone product since it allowed PC users to
  switch from MS-DOS method of typing their
  commands at the prompt to using mouse to point
  and click
• Also allowed users to switch between several
  programs without requiring them to quit and
  restart

61
1987 Windows 2.0

• took advantage of Intel 286 processor
• Support for VGA graphics standard
• Allowed users to overlap windows
• Windows /386 2.03 released later took advantage
  of the protected mode and extended memory
  capabilities of Intel 386 processor

62
1990 Windows 3.0

• Microsofts first mainstream computing platform
  offering 32-bit performance, advanced graphics
  and full support for the more powerful Intel 386
  processor
• Rewritten application development environment
  with modular virtual device drivers
• Fully pre-emptive MS-DOS
• multitasking
• New software development kit
• (SDK)
• Widespread acceptance among 3rd
• party hardware/software developers helped fuel
  the success windows 3.0

63
1993 Windows for Workgroups 3.11

• superset of Windows 3.1
• Added peer-to-peer workgroup and domain
  networking support
• First time, network aware and became part of
  emerging client/server computing evolution

64
1993 Windows NT 3.1

• completion of a project that started late 1980s
  to build an advanced new operating system from
  scratch (David Cutler,VMS)
• Pre-emptive multitasking scheduler for
  windows-based applications
• Integrated networking
• Domain server security
• Support for multiple
• processor architectures
• NTFS file system
• Geared towards business/engineering
• users

65
1993 Windows NT Workstation 3.5

• support for OpenGL graphics standard which
  helped power high-end applications for sofware
  development, engineering, financial analysis,
  scientific and business-critical tasks
• Support for NetWare file and print servers
• Filenames with 255 characters

66
1995 Windows 95

• Successor to Windows 3.1, Workgroups and MS-DOS.
• Integrated TCP/IP stack for built-in Internet
  support
• Dial-up networking
• Plug-and-play capabilities
• Enhanced multimedia

67
1996 Windows NT Workstation 4.0

• Included the popular windows 95 user interface
• Improved networking support providing secure,
  easy access to the Internet and corporate
  intranets

68
1998 Windows 98

• Windows 95 upgraded
• Described as works better, plays better
• Enabled users to find PC or Internet based
  information more quickly
• Support for reading DVD discs
• Support for connecting universal serial bus (USB)
  devices

69
1999 Windows 98 Second Edition

• Incremental update to Windows 98
• New and enhanced hardware compatibility and
  Internet-related features
• Improved Internet Explorer browser
• NetMeeting conferencing software
• Capable of using device drivers that also worked
  with Windows NT

70
2000 Windows Millennium Edition (Windows Me)

• Numerous music, video and home networking
  enhancements
• Reliability improvements
• Windows ME was the last operating system to be
  based on Windows 95 kernel
• Microsoft announced that all future operating
  system products would be based on the Windows NT
  and Windows 2000 kernel

71
2000 Windows 2000 Professional

• More than just an upgrade to Windows NT 4.0
• Designed to replace windows 95, 98, NT
  workstation on all business desktops and laptops
• Improved reliability
• Ease of use
• Internet compatibility
• Support for mobile computing
• Support for advanced networking and wireless
  products,
• infrared devices

72
2001 Windows XP

• Merge two operating system lines for consumers
  and businesses uniting them around the Windows NT
  and Windows 2000 codebase
• Windows XP consumers and home users were offered
  the performance, stability and security that
  business users benefited from Windows 2000
• Fresh user interface
• Available as
• - XP Professional
• - XP Home Edition
• - XP 64-Bit Edition (for Intel Itanium 64-bit
  processor)

73
2001 Windows XP Professional

• Superior OS performance
• Encrypting file system
• Wireless 802.1x networking support
• Redesigned interface

74
2001 Windows XP Home Edition

• Clean, simplified visual design that makes
  frequently accessed features more accessible
• many enhancements aimed at home users
• - Network setup wizard
• - Windows Media
• - Movie Maker
• - Enhanced digital photo capabilities

75
Comparison
76
Windows Server OS History
2003
77
Different Versions of Windows 2003 Servers

• Windows Server 2003, Standard Edition, provides a
  solution for departmental and standard workloads
  and supports file and printer sharing, helps
  secure Internet connectivity, centralizes
  deployment of desktop applications, and enhances
  collaboration among employees, partners, and
  customers.
• Windows Server 2003, Enterprise Edition, is the
  platform for mission-critical server workloads.
  By delivering high reliability, scalability, and
  performance, it offers a superior value to
  businesses of all sizes.

78
Different Versions of Windows 2003 Servers
(cont.)

• Windows Server 2003, Datacenter Edition, is
  designed to support the highest levels of
  scalability and reliability. Windows 2003,
  Datacenter Edition, is available in both 32-bit
  and 64-bit versions through original equipment
  manufacturer (OEM) partners.
• Windows Server 2003, Web Edition, a new offering,
  is a single-purpose operating system for
  dedicated Web serving and hosting. It provides a
  platform for rapidly developing and deploying Web
  services and applications.

79
Part 3 WEB Programming
80
HTML

• Hypertext Markup Language
• Identifies the elements of a page so that a
  browser such as MS Internet Explorer or Netscape
  can render that page on the computer screen
• Static page description
• WYSIWYG web page authoring tools
• MS Frontpage
• Dreamweaver
• Home Site

81
HTML Example Source
ltHTMLgt ltHEADgt ltTITLEgt Hello lt/TITLEgt lt/HEADgt ltBODY
gt ltPgt Hello world lt/Pgt lt/BODYgt lt/HTMLgt
82
HTML Form Example
ltHTMLgtltHEADgt ltTITLEgt Hello lt/TITLEgt lt/HEADgt ltBODYgt
ltFORM METHOD"GET" ACTION"http//localhost/cgi
-bin/ex.cgi gt ltINPUT TYPE"text" NAME"word"gt
ltINPUT TYPE"submit" VALUE"Submit word"gt
lt/FORMgt lt/BODYgt lt/HTMLgt
83
GET and POST METHODS

• GET method passes form input as part of the URL
  to the server side program
• http//www.yahoo.com/cgi-bin/process.cgi?first
  namealilastveli
• POST method passes input to the standard input of
  the server side program
• firstnameali
• lastveli

84
JAVASCRIPT

• Scripting language
• Browser contains Javascript interpreter which
  processes the commands in the script
• Processed by client

85
Javascript Example Source
ltHTMLgt ltHEADgt ltTITLEgt Hello lt/TITLEgt ltSCRIPT
LANGUAGE "Javascript" gt function sayhello()
document.writeln("ltpgt Hello world lt/pgt")
lt/SCRIPTgt lt/HEADgt ltBODY ONLOAD "sayhello()" gt
lt/BODYgt lt/HTMLgt
86
CSS (Cascading Style Sheets)

• Allow you to specify the style of your page
  elements (spacing, margins etc) separately from
  the structure of your documents (section headers,
  body, text, links etc)
• Separation of Structure from Content allows
  greater manageability and makes changing the
  style of the document easier.

87
CSS Example Source

• inline style (w/o CSS)

ltHTMLgt ltHEADgt ltTITLEgt Hello lt/TITLEgt
lt/HEADgt ltBODYgt ltP STYLE font-size 20 pt gt
Hello world lt/Pgt lt/BODYgtlt/HTMLgt
88
CSS Example Source

• css style sheet

ltHTMLgt ltHEADgt ltTITLEgt Hello lt/TITLEgt ltSTYLE
TYPE text/cssgt P font-size 20 pt
lt/STYLEgt lt/HEADgt ltBODYgt ltP gt Hello world
lt/Pgt lt/BODYgtlt/HTMLgt
89
CSS Example Source

• importing the css file

ltHTMLgt ltHEADgt ltTITLEgt Hello lt/TITLEgt ltLINK REL
stylesheet TYPEtext/css HREF
styles.css lt/HEADgt ltBODYgt ltP gt Hello world
lt/Pgt lt/BODYgtlt/HTMLgt
90
XML-Extensible Markup Language

• HTML markup is for displaying information
• XML markup is for describing data of virtually
  any type
• XML enables creation of new markup languages to
  markup anything imaginable (such as mathematical
  formulas, records etc)
• In XML, new tags can be created
• Data is structured in a hierarchical manner

91
XML example
lt? xml version 1.0gt ltpersongt
ltfirstnamegt Ali lt/firstnamegt ltlastnamegt Veli
lt/lastnamegt ltmarriedgt yes lt/marriedgt
ltwifegt ltfirstnamegt Ayse
lt/firstnamegt ltlastnamegt Mehmet
lt/lastnamegt lt/wifegt lt/persongt
92
XML Document Model

• A document model is used to enforce structure
  within a document
• Two types of document models for XML
• DTD Document Type Definition
• XML Schema
• Document models are not required in XML

93
Validating Parsers

• A validating parser will check an XML documents
  structure against a DTD or XML Schema
• Documents that conform to a document model are
  valid
• Validating parsers will report an error if the
  document does not conform to its document model,
  even if it is well-formed

94
DTD Example XML File

• 1 lt?xml version1.0 standaloneyes?gt
• 2 ltemailsgt
• 3 ltmessage numa1 tojoe64acmeshipping.com
  
• 4 frombrenda64xyzcompany.com
  date02/09/01gt
• 5 ltsubject titleOrder 10011/gt
• 6 ltbodygt
• 7 Joe,
• 8 Please let me know if order number 10011 has
  shipped.
• 9 Thanks,
• 10 Brenda
• 11 lt/bodygt
• 12 ltreply status"yes"/gt
• 13 lt/messagegt
• 14 lt/emailsgt

95
DTD Example Internal DTD

• 1 lt!DOCTYPE emails
• 2 lt!ELEMENT emails (message)gt
• 3 lt!ELEMENT message (subject?, body, reply)gt
• 4 lt!ATTLIST message
• 5 num ID REQUIRED
• 6 to CDATA REQUIRED
• 7 from CDATA FIXED brenda64xyzcompany
  .com
• 8 date CDATA REQUIREDgt
• 9 lt!ELEMENT subject EMPTYgt
• 10 lt!ATTLIST subject
• 11 title CDATA IMPLIEDgt
• 12 lt!ELEMENT body ANYgt
• 13 lt!ELEMENT reply EMPTYgt
• 14 lt!ATTLIST reply
• 15 status (yes no) "no"gt
• 16 gt

96
XML Schema

• XML Schema specification released by the W3C in
  May 2001, and contains two parts
• Part I - structure
• Part II - data types
• Developed as an alternative to DTDs and is much
  more powerful
• Features
• Pattern matching
• Rich set of data types
• Attribute grouping
• Supports XML namespaces
• Follows XML syntax

97
XML Schema Example

• 1 lt?xml version1.0?gt
• 2 ltmessage
• 3 xmlnsxsi "http//www.w3.org/2001/XMLSchem
  a-instance"
• 4 xsinoNamespaceSchemaLocation
  "message_schema.xsd"gt
• 5 lttogtJoe Pollerlt/togt
• 6 ltfromgtBrenda Lanelt/fromgt
• 7 ltdate_sent/gt
• 8 ltsubjectgtOrder 10011lt/subjectgt
• 9 ltbodygt
• 10 Joe,
• 11 Please let me know if order number 10011
  has shipped.
• 12 Thanks,
• 13 Brenda
• 14 lt/bodygt
• 15 lt/messagegt

98
XML Schema Example

• 1 lt?xml version1.0?gt
• 2 ltxsdschema xmlnsxsdhttp//www.w3.org/2001/XM
  LSchemagt
• 3 ltxsdelement namemessagegt
• 4 ltxsdcomplexTypegt
• 5 ltxsdsequencegt
• 6 ltxsdelement nameto typexsdstring
• minOccurs-1
• maxOccursunbounded/gt
• 7 ltxsdelement namefrom typexsdstring
  minOccurs1/gt
• 8 ltxsdelement namedate_sent
  typexsddate/gt
• 9 ltxsdelement namesubject
  typexsdstring/gt
• 10 ltxsdelement namebody
  typexsdstring/gt
• 12 lt/xsdsequencegt
• 12 lt/xsdcomplexTypegt
• 13 lt/xsdelementgt
• 14 lt/xsdschemagt

99
ASP/PHP

• Javascript is client side scripting language
• ASP/PHP are server side scripting languages
• ASP/PHP process pages on the server and return
  the results in the form of HTML source to the
  client (browser)
• ASP is Microsoft product

100
PHP Example 1
101
PHP Example 2
102
PHP-MYSQL PROGRAMMING
MYSQL Commands CREATE TABLE tablename (
columnname typ modifiers,
columnname typ
modifiers,
..) SELECT fieldname1,
fieldname2,.. FROM tablename WHERE
criteria SELECT fieldname1, fieldname2,.. FROM
tablename ORDER BY fieldname ASC
DSC
103
PHP-MYSQL PROGRAMMING
INSERT INTO tablename (fieldname1, fieldname2,)
VALUES (value1, value2, ) UPDATE
tablename SET fieldname1value1,
fieldname2value2 WHERE criteria DELETE FROM
tablename WHERE criteria
104
CGI

• Common Gateway Interface
• Protocol to enable running programs on the web
  server
• These programs produce HTML output which is sent
  to the client (browser)
• Programs can be written in any language (most
  popular is PERL)

105
PERL

• Practical Extraction and Report Language
• Became popular with CGI programs
• High level rich and easy to use pattern
  matching, text processing operators
• Lots of free PERL modules (packages) are
  available that make programming easy
• networking modules
• Html/XMP parser, CGI modules
• Extremely useful for developing automated pograms
  that surf the Internet

106
Automated Web Page Downloader
!/usr/local/bin/perl use LWPUserAgent use
HTMLTokeParser options"agent"
"Mozilla/4.6 en (X11 I SunOS 5.7 sun4u)" my
agent new LWPUserAgent(options) my
request new HTTPRequest('GET' gt ARGV0 )
my response agent-gtrequest(request) if
( response-gtis_success() )
print(response-gtcontent()) else
print("Error " . reponse-gtstatus_line() . "\n"
) die
107
CGI Life Cycle

• Server receives a request for a CGI program
• Server creates a new process to run the CGI
  program
• Server passes information to the program
• via environment variables and standard input.

108
CGI Based Web Server
Main Process
Request for CGI1
Child process for CGI1
Child process for CGI2
Request for CGI2
Request for CGI1
Child process for CGI1
109
Problems with CGI

• Expensive to create a process for each request
• requires time and significant server resources,
• limits the of requests a server can handle
  concurrently
• Stateless No history remembered
• A big problem for web-based development
• Solutions cookies
• Still expensive

110
Problems with CGI

• Once the CGI program starts
• It cannot interact with the web server
• It takes advantage of the server's abilities once
  it begins execution
• Reasons the program is running in a separate
  process.
• Example, a CGI script cannot write to the
  server's log file.

111
Ways to Improve CGI Performance

• FastCGI
• mod_perl
• Other solutions

112
FastCGI

• Developed by a company Open Market
• FastCGI creates a single persistent process for
  each FastCGI program
• It eliminates the need to create a new process
  for each request.
• See http//www.fastcgi.com/

113
FastCGI

• No need to start multiple processes for
  different requests for the same fastcgi program
• Still needs one process for each cgi program.
• It does nothing to help the FastCGI program to
  interact more closely with the server.
• Not implemented by some of the more popular
  servers, i.e., Microsoft's Internet Information
  Server.
• Not very portable

114
FastCGI Based Web Server
Main Process
Request for CGI1
Single Child process for CGI1
Request for CGI2
Single Child process for CGI2
Request for CGI1
115
Mod_perl

• Used in the Apache web server
• mod_perl is a module that embeds a copy of the
  Perl interpreter into the Apache httpd executable
• Providing complete access to Perl functionality
  within Apache
• CGI scripts are precompiled by the server and
  executed without forking,
• Thus running much more quickly and efficiently.
• http//perl.apache.org/

116
Server Extension APIs

• Proprietary server extension APIsfor example
• Netscape provides an internal API called NSAPI
• Microsoft provides ISAPI
• Exist within the main process of a web server

117
Server Extension APIs Advantages

• Using one of these APIs, one can write server
  extensions that enhance or change the base
  functionality of the server
• Allowing the server to handle tasks that were
  once assigned to external CGI programs.
• Use linked C or C code
• Thus can run extremely fast and
• make full use of the server's resources.

118
Web Server with Server Extension API
Main Process
Request for ServerExtension1
ServerExtension1
Request for ServerExtension2
ServerExtension2
Request for ServerExtension1
119
Server Extension APIsDisadvantages

• Difficult to develop and maintain
• Pose significant security and reliability hazards
• a crashed server extension can bring down the
  entire server.
• Proprietary server extensions are tied to the
  server API on a particular OS
• Not very portable

120
JAVA

• Introduced by SUN Microsystems
• Object oriented programming language
• Java compiler creates bytecodes that are
  interpreted by java bytecode interpreter
• Portable bytecode
• Java can be used to create dynamic content on
  web pages
• Java applets are programs that can be embedded
  in HTML documents. Browser (i.e. client) executes
  the applets.

121
JAVA Servlets

• A servlet is a server-side version of an applet
• Servlets are executed on the server under the
  control of web server
• Servlets are called from HTML just as with
  applets
• Servlet receive a request and returns a response
  to the client in the form of an HTML source
• Often used as alternative to CGI programs
• Some advantages
• CGI programs start, execute and stop providing no
  way to save information whereas servlet continue
  to run (hence capable of saving information)
• Large set of APIs
• Can be faster than CGI

122
Java Servlet Based Web Server
Main Process
Request for Servlet1
thread
Servlet1
thread
Request for Servlet2
JVM
Servlet2
thread
Request for Servlet1
123
AJAX Technologies(Asynchronous Javascript and
XML)

• Ajax programming uses combination of
• XHTML/HTML and CSS for formatting.
• DOM accessed with a client-side scripting
  language such as JavaScript to dynamically
  display and interact with the information
  presented.
• XMLHttpRequest object is used to exchange data
  asynchronously with the web server without
  leaving the current page
• XML is used for transferring data between the
  server and client, (any other format can also be
  used).
• Example Gmail uses ajax technologies

124
Web Services Technologies

• XML-RPC
• SOAP
• WSDL
• UDDI

125
XML-RPC

• XML-RPC uses a simple XML application to express
  function calls (requests) and returned values
  (responses) between clients and servers.
• The heart of an XML-RPC message is the way data
  is encoded into XML.

126
SOAP ( Simple Object Access Protocol )

• SOAP
• XML based protocol to let applications exchange
  information over HTTP
• Protocol for accessing a Web Service.
• A communication protocol
• For communication between applications
• Provides a format for sending messages
• Designed to communicate via Internet
• Platform independent
• Language independent
• Simple and extensible
• SOAP will be developed as a W3C standard

127
WSDL( Web Services Description Language )

• WSDL is a document written in XML which describes
  a web service. It specifies the location of the
  service and the operations (or methods) the
  service provides.

128
UDDI( Universal Description, Discovery and
Integration )

• UDDI is a directory service where businesses can
  register and search for web services.
• UDDI communicates via SOAP
• Web service interfaces in UDDI is described by
  WSDL

129
Part 4 Security
130
SECURITY

• Fundamental Requirements
• Privacy
• Integrity
• Authentication
• Non-repudiation
• Availability

131
SECURITY

• Privacy issue
• How do you ensure that that the information you
  transmit over the Internet has not been captured
  or passed on to a third party without your
  knowledge.
• Integrity Issue
• How do you ensure the information you send or
  receive has not been compromised or altered

132
SECURITY

• Authentication issue
• How do sender and receiver of a message prove
  their identities to each other
• Non-Repudiation Issue
• How do you legally prove that a message was sent
  or received
• Availability Issue
• How do we ensure that the network and the
  computer system it connects will stay in
  operation continuously

133
Cryptography

• Cryptography transforms data using a key (a
  string of digits that acts as a password) to make
  the data incomprehensible to all but the sender
  and the intended receiver
• Plaintext unencrypted data
• Ciphertext encrypted data
• Cipher/Cryptosystem technique/algorithm for
  encrypting messages
• Simple examples of cryptosystem
• Substitution
• Transposition

134
Secret key (Symmetric) Cryptography

• uses same (symmetric) keys to encrypt/decrypt a
  message
• fundamental problem before two people can
  communicate, they must first find a way to
  exchange the symmetric key securely
• Point-to-point key exchange
• Centralized Key distribution center generates a
  session key
• DES algorithms developed by NSA and IBM in the
  1950s

135
Public Key (Asymmetric) Cryptography

• developed by Diffie Hellman (Stanford Univ)
  1976
• Two inversely related keys are used
• Public key freely distributed
• Private key kept secret by its owner
• Either the public key or the private key can be
  used to encrypt or decrypt a message
• If the public key is used to encrypt a message,
  only the corresponding private key can decrypt it
• Vice versa if the private key is used to encrypt
  a message, only the corresponding public key can
  decrypt it (this can be used to authenticate the
  sender of the message)

136
Public Key (Asymmetric) Cryptography

• The defining property of a secure public key is
  that it is computationally infeasible to deduce
  the private key from the public key
• Public key algorithms require large amounts of
  computer power
• Symmetric systems are faster
• RSA most commonly used public key algorithm
  (developed by Rivest, Shamir, Adleman, MIT
  Professors, in 1977)

137
Key Agreement Protocols

• Public key algorithms can be used to allow two
  parties to agree upon a key to be used as secret
  key to be used for symmetric key encryption over
  insecure medium
• Digital Envelope
• message is encrypted using a symmetric key
• Symmetric key is encrypted using public key
• Attach encrypted symmetric key to encrypted
  message and send the entire package
• To decrypt receiver first decrypts the symmetric
  key using the receivers private key. Then the
  symmetric key is used to decrypt actual message

138
SECURITY-Hash Function

• Also known as message digest
• Mathematical function that gives message a hash
  value
• The chance that two different messages will have
  the same message digest is statistically
  insignificant
• Collision occurs when multiple messages have the
  same hash value
• It is computationally infeasible to compute a
  message from its hash value or to find two
  messages with the same hash value
• Example MD5

139
SECURITY- Digital signatures

• Solve problems of integrity and authentication
• Like a written signature, authenticates senders
  identity
• To create a digital signature
• Run original plaintext message through hash
  (message digest)
• Encrypt message digest using senders private key
  (creates a digital signature and authenticates
  the sender)
• Encrypt original message with receivers public
  key
• Send (encrypted messagedigital signaturehash
  function) to the receiver

140
SECURITY Digital Signatures

• Receiver
• Receives the package
• Uses senders public key to decipher the digital
  signature and reveal the message digest
• Uses receivers own private key to decipher the
  original message
• Applies the hash function to the original message
• Compare the deciphered message digest to the
  result of hash function

141
SECURITY Digital Signatures

• Digital signatures do not provide the proof that
  a message has been sent
• A time-stamping agency (third party) can help to
  solve the non-repudiation problem by digitally
  signing the time-stamp
• US government recently passed digital-signature
  legislation that makes digital signatures as
  legally binding as hand-written signatures

142
Public Key Infrastructure (PKI)

• How does a customer know that the web site it is
  accessing belongs to a trustworthy merchant and
  not to a third party site that is acting as
  merchant to steal credit-card information
• PKI integrates public-key cryptography with
  digital certificates and certification
  authorities (CA) to authenticate parties in a
  transaction
• Digital Certificate is a digital document issued
  by a CA and includes
• name of the subject (being certified)
• Subjects public key
• Expiration date
• plus other relevant information
• CA is a financial institution or other trusted
  third party such as VeriSign or Thawte

143
CA

• CA takes the responsibility for authentication,
  it checks the validity of information before
  issuing a digital certificate
• Digital certificates are publicly available in
  CA certificate repositories
• CA signes the certificate by encrypting either
  the public key or a hash value of the public key
  using the CAs own private key
• CA has to verify every individuals public key.
  Thus users must trust the public key of a CA.
• A certificate authority is a chain of
  certificates starting with the root certification
  authority IPRA (Internet Policy Registration
  Authority)
• Root only signs certificates for policy creation
  authorities (organizations that set policies for
  obtaining digital certificates)
• Policy creation authorities sign digital
  certificates for Cas
• CA s sign digital certificates for individuals,
  organizations

144
SECURE SOCKETS LAYER (SSL)

• SSL protocol developed by Netscape
• Built into web browsers and numerous other
  products
• When you use the Internet, the connection between
  you and any other point can be routed through
  dozens of independent systems (unauthorized
  people can steal confidential information, credit
  card numbers etc by eavesdropping)
• SSL protocol was developed to transfer
  information privately and securely across the
  Internet
• SSL is the de facto standard for encrypted and
  authenticated communications between clients and
  servers on the Internet
• Virtually all online purchases and monetary
  tansactions on the Internet are secured by SSL
• URL starts with https

145
SSL

• SSL usage is not just limited to securing
  e-commerce transactions other SSL usage
  examples
• financial institutions, insurance companies, B2B,
  private organizations
• SSL ensures that connection is private and
  secure by providing authentication and encryption
• Authentication confirms the server and
  optionally the client are who they say they are
• Encryption creates a secure tunnel between the
  client and the server which prevents any
  unauthorized system from reading the data
• SSL-enabled clients Netscape, MS Internet
  Explorer
• SSL-enabled servers Apache or MS IIS
• Clients and Servers confirm each others
  identities using digital certificates which are
  issued by CA.

146
SSL

• SSL is comprised of two protocols
• Handshake Protocol (key exchange)
• Record Protocol (bulk data transfer)

147
SSL- Handshake Protocol

• Authenticates the server to the client
  (optionally the client to the server) using
  public-key encryption (asymmetric) techniques
• Allows client and server to negotiate the cipher
  suite to be used
• Allows the client and the server to generate
  symmetric session keys
• Establishes the encrypted session
• Once key exchange is complete, client and server
  use symmetric session keys to encrypt all
  communication between them (SSL Record Protocol)
• Symmetric encryption algorithm such as DES or RC4
  is used.

148
SSL Negotiation Steps

• Initially request for SSL session comes from the
  browser to the web server
• Web server sends the browser its digital
  certificate (contains info about the server and
  servers public key)
• Browser verifies that certificate is valid and
  that a CA listed in the clients list of trusted
  CAs issued it. Browser also checks expiration
  date and web server domain name
• Once browser has determined that the server
  certificate is valid, browser generates a 48-byte
  master secret. This master secret is encrypted
  using servers public key and is then sent to the
  Web server
• Web server receives the encrypted master secret
  from the browser and decrypts it using the
  servers private key
• Both web server and the browser have the same
  secret key
• Communicate securely by encrypting data using
  symmetric technique

149
SSL Negotiation Steps
SSL Negotiation Steps
150

• SSL sits on top of TCP at the transport layer
• SSL operates independently and transparently of
  other protocols so it will work with any
  application layer and transport layer protocol
• This allows clients servers to establish secure
  SSL connections w/o requiring knowledge of other
  partys code

151
Secure Electronic Transaction (SET)

• developed by Visa and Mastercard
• Uses digital certificates to authenticate each
  party in an e-commerce transaction, including the
  customer, the merchant, and the merchants bank
• Public-key cryptography is used to secure
  information as it is passed over the web
• Merchants must have digital certificate and
  special SET software to process transactions
• Customers must have digital certificate and
  digital wallet software
• Digital wallet is similar to a real wallet it
  stores credit card information as well as digital
  certificate verifying cardholders identity
• Clients credit card number is not stored on the
  merchants server

152
SET

• When a customer is ready to place an order
• Merchants SET software sends the order
  information and the merchants digital
  certificate to the customers digital wallet
• Customer selects credit card to be used for the
  transaction
• Credit card and order information is encrypted by
  using the merchants bank public key and sent to
  the merchant along with the customers digital
  certificate
• Merchant then forwards the information to the
  merchants bank to process the payment
• Only merchants bank can decrypt the message
  since the message was encrypted using banks
  public key

153
SET
6. The merchants bank then sends the amount of
purchase and its own digital certificate to the
customers bank to get approval to process the
transaction 7. If the customers charge is
approved, customers bank sends an authorization
back to the merchants bank. 8. Merchants bank
then sends a credit card authorization back to
the merchant 9. Finally merchant sends a
confirmation of order to the customer
154
Microsoft Authenticode

• How do you know software you ordered online is
  safe and has not been altered ?
• Do you trust the source of the software ?
• Microsoft authenticode combined with VeriSign
  digital certificates authenticates the publisher
  of the software
• Authenticode is a security feature built into
  Microsoft Internet Explorer

155
SECURITY ATTACKS

• Denial-of-service attack occurs when a networks
  resources are taken up by unauthorized
  individual, leaving the network unavailable for
  legitimate users
• Another type of attack modifies routing tables
  of a network, thus disabling network ability or
  funneling all data to one address in the network
• Distributed denial service attacks ( attack does
  not come from one single source, but rather from
  multiple sources

156
Denial of Service Attack

• A "denial-of-service" attack is characterized by
  an explicit attempt by attackers to prevent
  legitimate users of a service from using that
  service. Examples include
• - attempts to "flood" a network, thereby
  preventing legitimate network traffic
• - attempts to disrupt connections between two
  machines, thereby preventing access to a service
• - attempts to prevent a particular individual
  from accessing a service
• - attempts to disrupt service to a specific
  system or person
• Illegitimate use of resources may also result in
  denial of service. For example, an intruder may
  use your anonymous ftp area as a place to store
  illegal copies of commercial software, consuming
  disk space and generating network traffic

157
Modes of Attack

• Consumption of scarce, limited, or non-renewable
  resources
• - Network connectivity,
• - Using Your Own Resources Against You
• - Bandwidth Consumption
• - Consumption of Other Resources
• Destruction or alteration of configuration
  information
• Physical destruction or alteration of network
  components

158
Network Connectivity

• half open connection (client does not send ACK)

Client
Server SYN--------------------gt
lt--------------------SYN-ACK
ACK--------------------gt -- Client and server
can now send service-specific data --
159
Using Your Own Resources Against You

• The intruder uses forged UDP packets to connect
  the echo service on one machine to another
  machine
• The result is that the two services consume all
  available network bandwidth between them
• Thus, the network connectivity for all machines
  on the same networks as either of the targeted
  machines may be affected.

160
Bandwidth Consumption

• An intruder may also be able to consume all the
  available bandwidth on your network by generating
  a large number of packets directed to your
  network.
• Typically, these packets are ICMP ECHO packets,
  but in principle they may be anything.
• Further, the intruder need not be operating from
  a single machine he may be able to coordinate or
  co-opt several machines on different networks to
  achieve the same effect.

161
Network Security

• Firewalls protect local area network from
  intruders outside the network (packet filters)
• Kerberos (internal authentication) employs
  symmetric secret-key cryptography to authenticate
  users in a network and to maintain integrity and
  privacy of network communications

162
Further Reading
http//www.cert.org/tech_tips/denial_of_service.ht
ml
163
Part 5 Computer Networks, Telecommunications Re
ference A. S. Tanenbaum, Computer Networks, 3rd
Edition, 1996
164
Computer Networks

• An interconnected collection of autonomous
  end-systems
• End Systems hosts, PCs, dedicated computers,
  network
• components
• Connection can be via various means copper wire,
  fiber optic
• cables, microwaves, satellites, ham radio.
• Distributed Systems
• Existence of multiple autonomous computers is
  transparent (not visible), machines managed
  automatically
• Network
• Users explicitly log onto a machine, machines
  managed personally

165
Network Hardware

• Broadly speaking two types of transmission
  technology
• Broadcast Networks
• Point-to-Point Networks

Broadcast (multiaccess)
Point-to-point
166
Broadcast Networks

• Single communication channel that is shared by
  all the machines on the network
• Share wire, frequency etc.
• Packets (small messages) sent by one mechanism is
  received by the others.
• Each machine checks the address field in the
  provided message. If the address is the same as
  receiving machines address, packet is processed,
  otherwise it is ignored.
• Some arbitration mechanism is needed when more
  than one machine want to send message at the same
  time.
• Multicasting transmission to a subset of
  machines.

167
Point-to-Point Networks

• Consists of many connections between individual
  pair of machines.
• To go from source machine to destination machine,
  packet may have to visit intermediate machines.
• Various routes (multiple paths) possible ?
  Routing algorithms are required.

168
Connecting Networks- Repeaters -

• Copies bits from one network to another
• Does not look at (interpret) bits
• Allows the extension of a network beyond physical
  length limitations

REPEATER
169
Connecting Networks- Bridges -

• Copies frames from one network to another
• Can operate selectively does not copy all forms
  
• Extends t