Cracow, Poland
D e c e m b e r  11 - 14, 2002
 
Objectives
Committees
Programme
Formatting
Registration
Accommodation
Practical info
About Kraków
 
Previous CGW
 back

A b s t r a c t s
of the Contributed Papers



Alan Cambell, Ralf Gerhards, Christoph Grab, Janusz Martyniak, Tigran Mkrtchyan, Sergey Levonian, Jacek Nowak, Max Vorobiev

A Framework for Event Filtering and Reconstruction for the DESY H1 Experiment

Abstract:

The aim of the L45 project at H1 experiment at DESY (Hamburg, Germany) is to create a framework for the online event filtering and online, offline event reconstruction, which would use Linux based networked PC's clusters. The input data is divided into computational independent records (events). Events are distributed onto multiple computing nodes from one or more input nodes. The results are then send to one or more output nodes. The number of computing nodes can be dynamically changed and the system can handle computing nodes crashes. Besides normal events special events called barriers may be inserted into the dataflow. Events which are between two barriers will remain there throughout the dataflow. Barriers can be also used to distribute callibration data which changes the way events are analyzed. This data may come directly from the experiment or from the output data analysis via a callback. Keeping the barriers consistent while allowing for dynamic modifications to the system is the main challenge in the project. The core system parts are written in C++, calculations are performed by Fortran routines, a module for system configuration and control is written in Python and a histogram display in Java. All communication between nodes and processes is done via CORBA.

back


Katarzyna Zajac, Marian Bubak, Maciej Malawski, Peter M.A. Sloot, Alfredo Tirado-Ramos

A Proposal of the Services For Managing Interactive Grid Applications

Abstract:

We propose a problem solving environment built of set of grid services which allows the setup and interactive steering of complex grid applications consisting of modules for simulation and visualization.
This environment is a consistent, non-complex framework in which complex systems can be composed from reliable sub-units. A core of the proposed PSE is the event system which functionality will be based on existing standard infrastructure for distributed interactive simulations called High Level Architecture (HLA) [1].
In the first step we focus on customising data distribution management service of HLA for Grid environment. For that purpose we are investigating existing Grid solutions like third party data transfer mechanisms in GridFTP library for data flow and XML messaging systems [2, 3] for control flow. We are also investigating algorithms for maching subscriptions with notifications within an event system.
As the proof-of-concept example we use the CrossGrid medical application that requires near real time steering of simulation parameters during runtime of the simulation located on the Grid [4].

This research is partly funded by the European Commission the IST-2001-32243 Project "CrossGrid".

References

  1. High Level Architecture Run-Time Infrastructure RTI 1.3-Next Generation Programmer s Guide. https://www.dmso.mil/public/transition/hla/
  2. Ryan C.O., and Levine, D.L.: Applying a Scalable CORBA Events Service to Large-scale Distributed Interactive Simulations In:Proceedings of the 5 th Workshop on Object-oriented Real-time Dependable Systems. Montery, CA.
  3. Foster I, Kesselman, C.,Nick, J., Tuecke, S.: The Physiology of the Grid: An Open Grid Services Architecture for Distributed Systems Integration. Open Grid Service Infrastructure WG, Global Grid Forum, June 22, 2002.
  4. Slonimski, A., Simmhan, Y., Rossi, A.L., Farrellee, M., Gannon, D.: XEvents/XMESSAGES: Application Events and Messaging Framework for Grid.
  5. CrossGrid - Development of Grid Environment for interactive Applications, EU Project, IST-2001-32243, Technical Annex; www.eu-crossgrid.org

back


Tomasz Bold, Anna Kaczmarska, Tadeusz Szymocha

ATLAS data challenges using Cyfronet cluster

Abstract:

The ATLAS experiment built on LHC accelerator at CERN will produce 6-8 PetaBytes of data per year. Analysis of physical phenomena requires more than 10 times bigger samples of Monte Carlo (MC) data. All this demands can be only fulfilled by the collaborating institutions spread all over the world. Therefore ATLAS computing environment is going to be fully distributed. Data production in ATLAS experiment is divided into Data Challenges (DC). Aim of DC-1 step is to provide human driven production of MC data in many sites. Generated data will provide useful information for understanding physics in this new detector. Before real data is going to be processed in GRID, processing of MC samples have to prove reliability and usability of the GRID for this purpose. Experience gained by this activity should be fruitful in future. First attempts of 'gridiffying' physical applications are conducted in Cracow (Cyfronet) and experience from this is going to be presented. Main effort is to use GRID as 'yet another job submission system'.

back


P. Slowikowski, K. Balos, K. Zielinski

Authorization Mechanisms for Portal Accessible Services

Abstract:

Portal Accessible Services are in the range of information systems, for which computer security is crucial. It is related to a huge quantity of potentially sensitive resources stored in the systems and practically unlimited users' access to web-accessible resources. Violation of security policy may cause catastrophic loss for an organization, of which the sensitive information will be disclosed or damaged in an unauthorized way. In order to assure the security of information systems defined by a security policy various security mechanisms are applied. One of the key mechanisms is access control. Access control means restrictions controlling a subject's access to an object.

Access control for portal accessible services of the Progress system is based on the Resource Access Decision (RAD) architecture created by the Object Management Group's (OMG) Healthcare Domain Task Force (HDTF). The RAD is a security service that allows obtaining authorization decisions and administrating access decision policies. It was intended to conform to healthcare industry's requirements. The main objectives of the RAD are: decoupling authorization logic from application logic, allowing application of different access control policies, maximum simplification of secure application development based on the RAD and possibility to use the service in domains other then healthcare. The above features contributed to its selection as the access control architecture for Progress.

The RAD service has been implemented in Java as a server providing its functionality through a Web Service interface. An authorization database is stored in two locations: in a relational database (Oracle 9i) containing authorizations and in an LDAP server containing information about users and groups. The management of the authorization database is realized by a WWW interface of J2EE application. Such designed and implemented authorization mechanism both assures proper level of performance and scalability and lets easy integration with other parts of the system. The universality of the solution allows limiting required changes in the systems to only some RAD modules during modification of system's security policy.

back


Jarek Nabrzyski, Ariel Oleksiak

Comparison of grid middleware in European Grid Projects - work in progress

Abstract:

Computational grids infrastructure is being simultaneously developed in the framework of many academic and commercial projects. These efforts, undertaken in Europe as well as in the US and Asia-Pacific, are to provide various communities of users with grid-aware, efficient applications, develop middleware enabling grid for application developers, scientists and researchers and prepare needed grid infrastructure. Particular projects focus sometimes on different aspects of computational grids, however, they often have many common parts and interests as well. As the directions proposed in the EU 6th Framework Programme include stronger coordination of European research activities and their targeting, the need for grid projects integration has arisen. In order to accomplish this, ten EU-funded projects have been clustered in the framework of GRIDSTART project.

The goal of this work is to compare the existing European grid projects, find differences between them, analyze various approaches and discover possible overlapping issues. Although it focuses mainly on initiatives joined by GRIDSTART, we take also into consideration other EU-funded activities and main projects in the US. The analysis is made from two points of view, taking into account the architecture and main components of the grid infrastructure. The former contains the comparison of layers content, the latter concerns the most important aspects of computational grids like applications, application environment and tools, resource management, information, monitoring, performance, logging, data management, security and accounting services, portals, mobile access, testbeds and network infrastructure. For each of them we identify crucial issues in order to enable more detailed analysis in a uniform way. On the basis of such defined structure, projects are described in the first part of this paper and compared in the second one. Finally, the results of comparison are summarized. The final report is scheduled for end of January 2003.

back


Lukasz Dutka, Renata Slota and Jacek Kitowski

Component-Expert Architecture as Flexible Environment for Selection Data-handlers and Data-Access-Estimators in CrossGrid

Abstract:

In this paper the Component-Expert technology and its usage for data access problems in the CrossGrid environment are presented. Due to CrossGrid environment openness [1], applications, tools and services are highly flexible. One of the demanding task is to optimize access to large datasets considering different localizations of replicas, different kinds of data and different types of secondary/tertiary storage systems.

Component-Expert Architecture (CEA) to support solving the two last mentioned problems is proposed. Similar to the classical component architecture it assumes that applications are divided into components, i.e., into independent parts with the clear communication paradigm defined. The most important CEA advantage is taking the components' selection over from the programmers. The selection is done on the fly by a rule-based expert system. CEA introduces the components' type and specialization to describe a general category and specific features of any particular component respectively. While the component with a defined type is requested, the expert system selects it from the set of components of a given type according to the specialization best matching the context of request.

In the CrossGrid project CEA purpose is to support local management of data, based on selection of components (i.e. data-handlers) for data management and estimation-access-factors within storage nodes [2]. The paper describes the internal issues related to CEA implementation. Three modules have been introduced: Component Expert Subsystem (CEXS), Storage Element (STEL) and Data Access Estimator (DAES). CEXS is the kernel of CEA; it manages the set of components and contains the expert system. STEL is intended to manages configuration of a particular node and collaborate with CEXS during the decision process. The DAES component is the client of CEXS and uses it for selection of the best data-access estimator which finally is used to estimating data access factors.

The work described in this paper was supported in part by the European Union through the IST-2001-32243 project "CrossGrid". AGH Grant is also acknowledged.

Literature:

  1. CrossGrid - Development of Grid Environment for interactive Applications, EU Project, IST-2001-32243, Technical Annex.
  2. L. Dutka and J. Kitowski, Application of Component-Expert Technology for Selection of Data-Handlers in CrossGrid, in: D. Kranzlm=FCller, P. Kacsuk, J. Dongarra, J. Volkert (Eds.), Proc. 9th European PVM/MPI Users' Group Meeting, Sept. 29 - Oct. 2, 2002, Linz, Austria, Lect.Notes on Comput.Sci., vol.2474, Springer, 2002, pp. 25-32.

back


Marian Bubak, Maciej Malawski, Katarzyna Zajac

Current Status of the CrossGrid Architecture

Abstract:

This paper presents the second version [1] of the architecture of the CrossGrid Project, i.e. the general overview of components and their relationships. The components are applications, tools that support application development and new grid services that are elaborated within the project. The dependencies on external components, such as DataGrid and Globus software are presented as well.

The architecture is resulting from the first software requirements, design documents and use cases of applications, services and tools [2] and it is presented using UML component diagrams.

Components that are directly dependent on DataGrid are Scheduling Agents and Data Access package. These services are extending the basic functionalities of the DataGrid software [3]. The former will provide functionalities addressing parallel and interactive jobs and the latter will extend the existing systems by optimization of access to tape residing data.

The point that will enable access to the Grid from portals is Roaming Access Server. It will also offer users a possibility to access the same working environment from any workstation by means of Migrating Desktop. It will provide a set of components that will be interfacing underlying grid services. Application developers' task is to write an application specific plugin that can be placed in a portal. The work on specification of the plugin capabilities and APIa is now in progress.

Under a common name of monitoring, there is a set of services, that are used for different kinds of information gathering and proccessing. We have on-line monitoring of running application that provides data for performance analysis tool. The Jiro-based monitoring system gathers data about infrastructure and there is also a system for monitoring network traffic by use of specialized hardware. Data from these services will be used by schedulers to make decisions about finding resources where jobs are run.

There is also dependency between applications and tools. Current application kernels are used for development and testing of the tools, and finally, the tools will be used to facilitate application development process.

This definition of the CrossGrid architecture will be driving the implementation of the first prototype and it is a good starting point to future analysis of the possible transition towards OGSA [4].

This research is partly funded by the European Commission the IST-2001-32243 Project CrossGrid [2].

References

  1. The first version of the CrossGrid Architecture was presented in: M. Bubak, M. Malawski, K. Zajac: Towards the CrossGrid Architecture. In: D. Kranzlmeller, P. Kacsuk, J. Dongarra, J. Volker (Eds.) Recent Advances in Parallel Virtual Machine and Message Passing Interface, Proc. 9th European PVM/MPI Users' Group Meeting, Linz, Austria, September/October 2002, LNCS 2474, pp. 16-24.
  2. CrossGrid - Development of Grid Environment for interactive Applications, EU Project, IST-2001-32243, Deliverables of M3 and M6. http://www.eu-crossgrid.org
  3. DataGrid Project: http://www.eu-datagrid.org
  4. Foster, I., Kesselman, C., Nick, J.M., and Tuecke, S.: The Physiology of the Grid. An Open Grid Services Architecture for Distributed Systems Integration. http://www.globus.org

back


Darin Nikolow, Renata Slota, Jacek Kitowski

Data Access Time Estimation for HSM systems in Grid Environment

Abstract:

In this paper a subsystem for estimating the access time of data stored on Hierarchical Storage Management(HSM) systems is presented.

As part of the CrossGrid project tools for optimizing the data access in Grid environment are being developed. In some cases a priori knowledge of the access time of data is essential, e.g., in the case of a Grid data replication system [1,2], which should decide where and from to copy the data in the case the data is replicated and stored in different HSM systems. This will allow more efficient usage of storage resources and will decrease latency times and network usage in total. Since the main focus of this study are HSMs, the access time is considered as the sum of the startup latency time and the transfer time of the HSM itself. The network overhead time is not taken into account. Two approaches for estimating the HSM access time have been defined:

  • Open HSM approach, in which the source code of the HSM isavailable, so event reporting functions can be introduced [3],
  • Gray-box HSM approach, in which the essential system information is accessible via HSM native tools only. Both approaches are based on event driven simulation of HSM system.

This paper describes the implementation of the Gray-box approach for the Legato DiskXtender HSM software.

The system consists of three modules: HSM Monitor, HSM Simulator and Request Monitor & Proxy. HSM Monitor collects essential information from the HSM: scans various configuration files to find out the system configuration; uses appropriate tools to get a description of the current state of the HSM. Then it starts monitoring the state of the HSM by scanning 'on-the-fly' the log messages produced by the HSM for the essential events.

The HSM Simulator simulates future state changes in order to estimate an ETA (Estimated Time of Arrival) for a given file. When the ETA request is coming it first obtains from HSM Monitor the current state of the HSM, as well as some essential information about the file. Additionally it obtains the queue state from the Request Monitor & Proxy. After that it performs the simulation and returns back the result. The simulator also receives the real access times of the files being requested, which can be used for automatic tuning of the simulation algorithm.

The last module Request Monitor & Proxy provides the simulator with information about the request queue. It also measures and feedbacks the real access times. In order to obtain this information all HSM requests go through a proxy which keeps track of these requests. The work described in this paper was supported in part by the European Union through the IST-2001-32243 project "CrossGrid". AGH Grant is also acknowledged.

Literature

  1. Vazhkudai, S., Tuecke, S., Foster, I., Replica Selection in the Globus Data Grid, in Proc. of the IEEE International Conference on Cluster Computing and the Grid (CCGRID 2001), Brisbane, Australia, May 2001
  2. CROSSGRID - Developement of Grid Environment for Interactive Applications, EU Project no.: IST-2001-32243
  3. Nikolow, D., Slota, R., Dziewierz, M., Kitowski, J., Access Time Estimation for Tertiary Storage Systems, Lecture Notes in Computer Science, 2400, pp. 873-880, Springer, 2002

back


Marcin Lawenda, Norbert Meyer, Tomek Rajtar

General Framework for Virtual Laboratory

Abstract:

Remote access and using expensive laboratory facilities issue in the age of the knowledge society are described in this presentation. One of the main assumptions of the Virtual Laboratory (VLab) idea is equal access to new technology and information in a general meaning for every person, group and organization. At present the accessibility of laboratory facilities is limited because of high purchase price. Many projects concerning remote access to different kind of devices are developed. In the presentation the state of the art and our approach to VLab will be presented.

The objective of the Virtual Laboratory project at PSNC is to create a framework for laboratories to define all accessible remote facilities treated as simple resources in the Grid infrastructure. The VLab broker will be connected to the Grid resource broker. Each job directed to the real laboratory facilities is treated as any other Grid task. A conception of dynamic measurement scenarios is a very important idea in this project. It will allow defining the process of experiment in any way, from pre-processing, through executing the experiment, to the post-processing tasks. Users are also allowed to add their own module as a part of the scenario.

The VLab has a client-agent-server structure. Most functions depend on the agent, which is the core of the whole system. The agent is the broker responsible for scheduling the incoming jobs, managing accessible devices, recognizing jobs type, gathering accounting information and many other functions. On the server side the program for communication with the equipment is implemented. It receives tasks from the agent, submits them to the facility and returns the experiments results and accounting information. User interface on the client side can be implemented as a WWW portal as well as any other kind of access interface.

Every tier of the VLab has a modular construction. Thanks to this solution we can adapt the existing implementation to a new type of laboratory only by exchanging some specific modules.

In the VLab project we distinguish two types of experiments. The first one is the real experiment executed on a device available in the Grid. The second one is a computational experiment executed on the supercomputing systems. In the project we will use the bandwidth of the PIONIER network and the computational power of the Polish National Cluster.

The presentation describes the concept of VLab approach. The research and development will be partially done in the project co-founded by the State Committee for Scientific Research and Silicon Graphics (Title: High Performance Computing and Visualisation with the SGI Grid for Virtual Laboratory Applications).

back


Jaroslaw Nabrzyski, Juliusz Pukacki, Krzysztof Kurowski, Bogdan Ludwiczak, Tomasz Piontek

GridLab Resource Management System

Abstract:

It is clear that sophisticated, fault tolerant superscheduling mechanisms based upon reservation facilities and performance prediction are required in order to efficiently utilize Grid environments. But much more than this, in a dynamic environment, the needs of the processes running on the Grid will change, resources will change, and so a mechanism must exist to monitor the present needs, the expected performance, and the actual performance, and to adapt accordingly. Such capabilities do not exist today, but will be critical for the types of applications and Grids we envision.

Within the GridLab Project we are developing GridLab Resource Management System (GRMS) which will cope with all the mentioned problems. We focus on efficient and effective use of resources by mapping job resource requests in a way that will satisfy both the application users and resource administrators. The GRMS will help to meet applications, users and administrators requirements based on user's preferences, multi -criteria resource performance evaluation and prediction-based scheduling.

Moreover, our system is trying to look into the system-specific and job-specific features, such as schedulability, resource availability and utilization, data - access communication delays, history of previous job execution and queue wait times as well as data access and communication time. All these parameters are taking into account and allow us to use various scheduling algorithms in the GRMS, including min CT, backfilling, as well as some other heuristics. Thus, the GRMS, based on dynamic resource selection and advanced scheduling methodology, combined with feedback control architecture, deals with dynamic Grid environment and resource management challenges and appears like a new essential approach to the complex Grid related problems and experiments.

All the functionality of the GRMS is straightforward and transparent for end-users and simultaneously available for third party resource managers or specific applications through the set of well defined interfaces. We assume that API's of the GRMS will be also available to the grid application developer as a part of Grid Application Toolkit (GAT). Up to date, we designed and developed basic components of the GRMS to facilitate job and task submissions, monitoring and application steering.

back


Paul Heinzlreiter, Dieter Kranzlmueller, Jens Volkert

GVK - Visualization Services for the Grid

Abstract:

Considering the scientific nature of most grid applications and the large amounts of data involved, visualization of simulation results is often a necessity. Computational science and engineering relies on the presentation of the simulation's results to the user in a meaningful way. This talk presents an overview of techniques and possibilities of grid-based visualization compared to common visualization approaches. The motivation for using grid-based visualization techniques is given by the large amounts of data processed and the interactivity required. Therefore, the availability of processing power and main memory on the grid is crucial for a sensible visualization.

Example applications where visualization on the grid is absolutely necessary are given with a biomedical simulation and flooding prediction system. The main focus of the presentation is on the Grid Visualization Kernel GVK, a grid middleware component built on top of Globus which is providing visualization services to the scientific user. Globus services are used for basic tasks including job submission, network access, data storage and parallel algorithms.

In order to provide interactivity the exploitation of computing resources provided on the grid is required. GVK hides the complexity of the grid infrastructure by providing high level visualization services to the user while relying on optimized techniques for high-performance rendering and network transmission. The interactive functionality provided by GVK is explained for the use case of a volume visualization presenting data which is delivered over the grid by a running simulation.

An structural overview of the GVK modules including communication and data streams is given as well as a presentation of the optimization techniques incorporated in order to overcome latency and bandwidth problems imposed by the underlying network. This techniques include well-known computer graphics techniques like level-of-detail, occlusion culling and image based rendering as well as brute force data compression for mass data transmission.

back


Maciej Malawski, Marian Bubak, Katarzyna Zajac

Integration of the GrossGrid Services into OGSA Model

Abstract:

This paper is inspired and based on the schedule of the development of Globus 3.0 and OGSA technology [1]. The main objective of the paper is the analysis of CrossGrid services [2,3] and, as a result, the proposal of the way they could be integrated into OGSA service model.

OGSA which was recently proposed and is actively developed by Globus Project, is intended to be a basic technology for building Grid systems. Due to web services the interoperability and implementation independence may be achieved. The basic service semantics included in Open Grid Services Infrastructure (OGSI) are used as building blocks of Globus Toolkit 3.0 (GT3). The Global Grid Forum OGSA Working Group is discussing the higher level set of services that are used in Grids and that can be integrated into OGSA framework [4].

In our opinion, the grid services that are beeing developed in CrossGrid may also be designed and implemented as OGSA-compliant giving significant contribution to the Grid community.

First step towards OGSA can be the usage of the web services technology to expose external interfaces of the services. This can be applied to Roaming Access, Scheduling and Data Access services in the CrossGrid. This step is independent of the changes in evolving Grid Service framework and may be considered even for the first prototype.

The second may consist on usign specific extensions of web services that are present in OGSA model. These are mechanisms for dynamic service creation, lifetime management, introspection and information (service data) management based on XML. Dynamic service creation and lifetime management mechanisms can be used when it is required to control the state of some process, e.g. user session in a portal, data transfer or a running simulation. Service data model can be applied to monitoring systems that can be used as information providers to other services.

This research is partly funded by the European Commission the IST-2001-32243 Project CrossGrid [2].

References

  1. Foster, I., Kesselman, C., Nick, J.M., and Tuecke, S.: The Physiology of the Grid. An Open Grid Services Architecture for Distributed Systems Integration. http://www.globus.org
  2. CrossGrid - Development of Grid Environment for interactive Applications, EU Project, IST-2001-32243, Deliverables of M6. www.eu-crossgrid.org
  3. Bubak, M., M. Malawski, K. Zajac: Towards the CrossGrid Architecture. In: D. Kranzlmeller, P. Kacsuk, J. Dongarra, J. Volker (Eds.) Recent Advances in Parallel Virtual Machine and Message Passing Interface, Proc. 9th Eurpean PVM/MPI Users' Group Meeting, Linz, Austria, September/October 2002, LNCS 2474, pp. 16-24.
  4. http://www.gridforum.org/

back


Bartosz Lawniczek, Grzegorz Majka, Krzysztof Zielinski, Slawomir Zielinski

Jiro Based Grid Infrastructure Monitoring - first prototype functionality

Abstract:

The paper will present the experience drawn from the first nine months of work on the Jiro based network infrastructure monitoring system. It will discuss applicability of mechanisms typical for that environments in the context of desired functionality of the system components.

The whole system will consist of five layers (instrumentation, agent, management logic, database and user interface). Much of the functionality of the instrumentation and agent ones as well as some user interfaces are currently implemented and will be presented in the article. In order to make the first prototype work properly we had to apply dynamic deployment and discovery mechanisms. The article will put attention to the avoidance of typical threats (like single point of failure).

The paper will cover also our plans for the near future, which are mostly concerned about ease of specification of the conditions, upon which notifications should be passed from the agent layer to the upper ones, i.e. main functionality of the management layer.

back


Siegfried Benkner, Aleksandar Dimitrov, Gerhard Engelbrecht, Rainer Schmidt, Nikolay Terziev

Medical Image Reconstruction in a Grid Environment

Abstract:

Novel algorithms enable very accurate 3D reconstruction of medical images from 2D scanner data (e.g. SPECT) by considering principal 3D effects of data acquisition. However, the high computational requirements of fully 3D iterative image reconstruction algorithms usually restrict the deployment of these methods to dedicated research centers. In order to make advanced image reconstruction services available to hospitals that have no in-house high performance computing facilities, we are developing in cooperation with the General Hospital of Vienna a service-oriented framework for near real-time 3D image reconstruction. This framework will make available powerful image reconstruction services to a larger medical community by providing transparent access to remote parallel computing systems over the Internet.

Our current prototype system for medical image reconstruction consists of a browser-based GUI, a parallel image reconstruction code written in C/MPI/OpenMP which can be executed on various HPC platforms, and a framework for dynamic service management, service selection and monitoring. Our service framework has been initially developed based on Java, Jini and Web Services technologies and is currently being extended in order to comply to the Open Grid Service Architecture (OGSA) proposed by the Global Grid Forum.

The OGSA-compliant implementation of the image reconstruction service relies on the Globus OGSI-AF V. tp4.0. It realizes the transfer of medical image data via XML-RPC (SOAP) and utilizes the factory concept for dynamic service instantiation. Moreover, the OGSA notification mechanism is utilized for service monitoring.

In our talk we will give an overview of the design and implementation of our medical image reconstruction framework. We will discuss the different options supported by our framework for providing image reconstruction services on SMP clusters utilizing different hosting environments including Java, various Web Services implementations, as well as the OGSI Application framework of the GGF. Furthermore, we will report on experimental results obtained with our test bed installation and compare the performance of image data transfers based on Java RMI to SOAP-based data transfers.

Our medical image reconstruction service will be integrated into a Grid-enabled medical simulation services system which is currently being developed in the context of the EU project GEMSS. Within GEMSS a major objective of our work will be on the extension of our image reconstruction service in order to provide support for various QoS aspects.

back


Piotr Grabowski, Bartosz Lewandowski, Jaroslaw Nabrzyski

Mobile users support in the GridLab project

Abstract:

We present our approach on how to give users the opportunity to access grid resources and to steer applications/simulations running in grids from any place using mobile devices. At the first stage of the project, we have decided to choose mobile phones and PDAs (e.g. IPAQs, PALMs) as the devices that will be used by mobile users. In the future we also want to develop our client applications for notebooks (for offline working practices).

Due to our approach there are two main layers in our architecture: a server side layer (where the main logic is placed and where the database of users and their profiles is stored) and a client side layer (battery powered mobile devices running applications with limited resources, i.e.memory and cpu). In the early design stages we have developed our own servlet framework for the server side to test several issues concerning interaction between client and server sides (SSL, SOAP XML/RPC, session tracking using cookies or URL rewriting). However, finally we have decided to use Gridlab Portal Framework as the server module to avoid redundancy of building two separate portals (one common and one dedicated).

On the client side, we have decided to adopt J2ME (Java Micro Edition) technology. Even though this technology is currently on the pre-mature stage of life, it gives us one important feature: we can run the client application on wide variety of devices (develop and build once, run anywhere). Mobile users have to download a J2ME application (called a midlet) to their mobile device (mobile phone, PDA) and, of course, the mobile device should have the ability to run this application (in practice - it should have a built-in limited Java virtual machine designed for battery powered devices with limited memory and CPU power). The newer versions of J2ME specifications give us other interesting possibilities (messages exchanging, multimedia serving).

Keywords: grids, portals, PDA, mobile phones, micro Java, midlets, MIDP, CLDC

back


Bartosz Balis, Marian Bubak, Wlodzimierz Funika, Roland Wismueller, and Grzegorz Kaplita

Monitoring of Multithreaded Applications on SGI Computers

Abstract:

Nowadays multithreading is a standard for shared memory architectures. Thread are more efficient then processes and they have lower overhead for communication, context switching and creation cost, thus they are natural choice for parallel programming. Although this approach has many advantages, there is enormous difficulty: multithreaded application development is poorly supported. All available tools are limited and they don't supply required functionalit of the monitoring system for multithreaded applications.

Our main goal is to design tool that allows programmers solve majority problems encountered during development of multof the monitoring system for multithreaded applications. We have examined broad variety of tools: debuggers, performance analyzers and visualizers. Each of them has some interesting features, but they can't be used together. Programmers have to decide which feature they need at the moment. This is unacceptable solution, so interoperability is one of our major concerns. We notice that most of tools consist of two parts: user interface and monitoring module. To fulfill interoperability requirement, we decide to build autonomous monitoring system that can be base for various tools. The functionality of this monitoring system may be obtained by extension of the On-line Monitoring Interface Specification (OMIS) protocol. This approach guarantees that more then one tool can observe a single application simultaneously.

Monitoring of multithreaded application introduces many complications. Among others we have to deal with: race conditions, lack of standard interface for asynchronous thread control, probe effect and difficulties with single code image.

These considerations allow us to identify key aspects of robust monitoring system and to propose a prototype architecture of the monitoring system for multithreaded applications.

This system will be implemented on SGI Origin computers; this research is a part of the Polish SGI Cluster Project.

References

  1. Balis, B., M. Bubak, W. Funika, and R. Wismueller: A Concept of Portable Monitoring of Multithreaded Programs. In: P.M.A. Sloot, C.J.K. Tan, J.J. Dongarra and A.G. Hoekstra (eds): Computational Science - ICCS 2002, Proceedings Part II, LNCS 2330, pp. 884-893, Springer, April 2002, ISBN 3-54043591-3.

back


Krzysztof Korcyl, Grzegorz Sladowski, Robert W. Dobinson, Catalin Meirosu, Mihail Ivanovici, Marcia Losada Maia

Network performance measurements for massive data transfers between CERN Geneva and Cyfronet Cracow

Abstract:

The Institute of Nuclear Physics in Cracow actively participates in the design and evaluation of the architectures for the high-level trigger system of ATLAS expriment to be carried out in CERN, Geneva. The architecture includes third level - an Event Filter, where a massive computing power is necessary to run complicated algorithms fulfilling system's filtering requirements. Some of these computing resources can be gained in remote, CERN-affiliated institutes, if a reliable network conection between CERN and the remote site could be achieved and granted. With current assumptions of 2 kHz as the lower limit rate for the Event Filter, and 2 MB as an average size of the ATLAS event data, the minimal total throughput require for the Event Filter reaches 4 GB/s. A better use of the local links and processors could be achieved, when events with long processing times could be sent to remote sites. Assuming 1 Gb/s network throughput to a remote site, some more than 60 events per second can be transferred for processing. The GEANT (Gigabit European Academic Network) network is a good candidate to carry that traffic. We need to estimate impact of moving Event Filter to remote locations on events' latencies and on the performance of the whole trigger system.

The presentation shows the system which is assembled at CERN and in Cyfronet in Cracow to measure characteristics of the network. We plan to run a series of practical end to end tests using the existing network infra-structure i.e. passing through the CERN local network to Cracow, via the GEANT European backbone and the regional and national networks. This would quantify the present network and it would help us to identify our needs as well as current restrictions and bottlenecks. One can envisage three types of tests being carried out over the next few months.

  1. Quantifying the connection from CERN to Cracow in terms of end to end packet throughput, delay/jitter and loss. We plan to use our system (based on GPS) for synchronised time stamping.
  2. Run streaming tests using TCP/IP to measure available throughput.
  3. Perform high level network protocol studies on TCP/IP including IP Quality of Service, routing testing and traffic shaping issues.

back


Bartosz Balis, Marian Bubak, Tomasz Szepieniec, Roland Wismueller, Marcin Radecki

OCM-G -- a Grid Application Monitoring System: Towards the First Prototype

Abstract:

This paper presents the OCM-G -- a Grid application monitoring system which is being developd in the framework of the CrossGrid Project [1]. The goal of the OCM-G is to provide services via which tools for application development support are enabled to gather information about, manipulate, and detect events inside applications. The functionality of the OCM-G is available via a standardized protocol -- OMIS (On-line Monitoring Interface Specification).

The OCM-G is designed to work in a Grid environment. This includes a distributed and decentralized design which allows for a large-scale scalability and capability to handle multiple applications, users and tools at the same time ensuring security. The OCM-G is designed in such a way that part of it is permanent which allows it to work as a Grid service as well as solves other problems such as communication through firewalls, while other part is transient and private to each Grid user, which solves the major security problems.

The OCM-G supports on-line monitoring which means that the information is gathered at runtime and delivered to consumers without storing it in a trace file. The events inside applications are collected by means of a run-time, selective instrumentation. "Selective" means that the instrumentation can be activated or deactivated on demand, thus ensuring a minimized probe overhead. The measurements defined in tools are translated into monitoring requests which in turn cause activation of the necessary instrumentation.

In this paper, we provide a short overview of OMIS wich focus on necessary Grid extensions. We describe the architecture of the OCM-G and explain how we address the scalability and security issues in a Grid environment. We also present the start-up procedure of the OCM-G which is necessary to enable monitoring of applications in the Grid. This extends concepts presented in [2].

This research is partly funded by the European Commission the IST-2001-32243 Project "CrossGrid".

References

  1. CrossGrid - Development of Grid Environment for interactive Applications, EU Project, IST-2001-32243, Technical Annex. www.eu-crossgrid.org
  2. Balis, B., M. Bubak, W. Funika, T. Szepieniec, and R. Wismueller: An Infrastructure for Grid Application Monitoring. In: D. Kranzlmeller, P. Kacsuk, J. Dongarra, J. Volker (Eds.) Recent Advances in Parallel Virtual Machine and Message Passing Interface, Proc. 9th European PVM/MPI Users' Group Meeting, Linz, Austria, September/October 2002, LNCS 2474, pp. 41-49.

back


Witold Alda, Jacek Kitowski

On Models of Distributed Scientific Visualization

Abstract:

Distributed visualization of scientific data has already become a common approach in scientists' work. However, it is continuosly being intensively developed due to growing importance of distributed data and applications, rapidly increasing amount and size of data and computationally expensive visualization process. One of important problems in building a visualization system is adjusting it's structure to specific scientific tasks. This concerns the distribution of visualization pipeline tasks on available servers and client workstation, choice of data structures and formats as well as communication protocols.

In the paper we discuss several solutions of visualization process decomposition depending on visualization type. These include client-based and server-based visualization with thin and intelligent clients, parallel visualization with single and multiple sources as well as collaborative visualization model. We compare several existing solutions and discuss their usefulness in different scientific areas, such as: visualization of continuous scalar and vector fields, solid objects, atoms and molecules, genomes and other biological structures. In the discussion on lower level programmers' tools special attention is paid to 3D visualization using Java3D and raw data transformation to VRML/X3D files.

back


Maciej Brzezniak, Norbert Meyer

Optimisation of the usage of mathematical libraries in the Grid environment

Abstract:

The presentation describes the idea of optimising the usage of mathematical libraries invoked by applications running in the distributed heterogeneous environment. The introduction will give a short overview of the current state of the art, focusing on the differences we will propose in our concept. One of the major problems is how to run Grid-enabled applications efficiently. It means, for example, which system architecture should be used to run a special and independent part (function call) of the application.

The crucial issue of our approach is a distributed execution of individual function calls. It is focused on GridRPC mechanisms proposed in the NetSolve and Ninf projects.

These mechanisms are used to execute remotely invoked calls of mathematical functions using a pool of distributed geographically distant computational resources. The main goals are the following:

  • to give the end user the ability to exploit math library functions that guarantee the shortest application execution time,
  • to use the libraries even if they are not installed on the requested computational node,
  • to make load balancing between computing nodes (feature mainly for resource management).

The solution we are working on is based on the mechanisms developed in NetSolve and Ninf projects. The techniques drawn up by these projects are accepted as the base for our system. The R&D are focused on improving and adapting them for the demands of the Polish scientific community. Therefore, in this presentation we consider the main aspects of Ninf and NetSolve systems and present the improvements and extensions we are developing.

At first we will present the mechanism of automatically adapting the existing user applications to exploit the functionality of the system. This adaptation is going to be made without the need to manuallly modifying the existing application source code. Also the idea of our own version of system API, required to keep the possibility of controlling the computation flow and specifying several requirements concerning the computations will be described.

Additionally, we will describe the mechanism of exploiting the computational resources working under the control of resource managers (such as queue systems, e.g. LSF, NQE, PBS or even Grid brokers) and integrating them with our system. It is going to be done by introducing a gateway between our system and the resource managers.

We will also describe the improved function call mechanism. GridRPC protocol assumes that the main system module (scheduler) and the computational server are always accessible and that the remote computations offer higher performance than the local ones. We would like to add the possibility of executing the math function locally (from the user application?s point of view) to improve fault tolerance and possibly improve the performance of computations (when the local execution seems to be more efficient).

The last improvement we will discuss in the presentation will be the extension of the scheduling techniques. In both of the mentioned systems (NetSolve and Ninf) the scheduling is based on the static information concerning the computational complexity of a given mathematical function and the dynamic information about the current and predicted workload of computational nodes. Our idea is to collect some statistical data concerning the times of task execution on the given nodes, the information about the load of the nodes during the task execution and so on. We will discuss our plan of harnessing the statistical analysis of that data to discover the trends in function execution times and the idea of using such statistical data as the criteria in making scheduling decisions.

The development of the described ideas will be done in the project co-founded by the State Committee for Scientific Research and Silicon Graphics (Title: High Performance Computing and Visualisation with the SGI Grid for Virtual Laboratory Applications).

back


Roman Wyrzykowski, Norbert Meyer, Maciej Stroinski

PC-Based LINUX Metaclusters as Key Elements of Grid Infrastructure

Abstract:

The fast development of the processing power of high-end PCs together with the availability of open source software such as Linux have made it possible to build very cost efficient parallel computers. With the addition of high bandwidth and low latency local networks, PC-clusters are the most common and available parallel systems now. Many academic and research institutions in Poland have now an extensive experience in building and using such clusters.

At the same time, the capability of Gigabit/s wide are networks are increasing rapidly, to the point when it becomes feasible and indeed interesting to think of the high-end integrated metacluster environment rather than a set of disjoint local clusters. Such metaclusters can be viewed as key elements of the modern grid infrastructure, and used by scientists and engineers for solving computationally and data demanding problems.

In the paper, we present the principal requirements which should be taken into account when designing such PC-based LINUX metaclusters. Among these requirements are: using open source software for basic middleware components, and providing efficient support for fault tolerant metacluster managemet not only for static hardware/software environments, but also for dynamic ones. In this context, we describe design choices which were adopted in existing metaclusters. We also discuss some available tools for programming HPC applications on PC-based LINUX clusters.

back


Marian Bubak, Wlodzimierz Funika, Roland Wismueller, Tomasz Arodz, Marcin Kurdziel

Performance Analysis of Grid Interactive Applications with G-PM tool

Abstract:

The paper presents the functionality and software design of the G-PM tool for evaluation of Grid applications performance on the basis of basic and user-defined measurements as well as means for performance visualization. It extends results presented in [1].

The task of performance analysis of interactive applications, which feature highly distributed nature and dynamical changes in the execution environment, is connected with the run-time measurement definition, selective instrumentation, and using of counters/timers mechanism rather than extensive tracing as it is common with most performance tools. This implies the necessity to focus on interaction of distributed application components and to provide data meaningful in the context of an application.

For providing this kind of information, the G-PM tool uses three sources of data: performance measurement data related to the running application, measured performance, data on the execution environment, and results of micro-benchmarks, providing reference, values for the performance of the execution environment.

The tool consists of three main components: standard measurements component, high-level application-specific measurements component and user interface/visualization component. The internal tool interface is specified as m easurement interface to defineperformance measurements, while the external interface to the raw monitoring data, based on the extended OMIS specification, provides an interface to the OCM-G monitoring system to handle monitoring requests. The measurement interface provides a hierarchy of three major classes: for defining a single measurement, for providing actual measurements, and for defining the properties to be measured.

The tool interacts with the OCM-G and collects information about a selected application, by connecting to the monitoring system via the monitoring interface call, by sending conditional or unconditional requests to the monitoring system, which result in the obtaining of monitoring data or ex ecuting some manipulations on the application.

Via GUI one can select a preferred measurement type, an appropriate display type and features within a dialog. High-level performance properties are defined by the user via loading from a file or via measurement definition dialog. The user-defined metric is transformed into an appropriate set of standard metrics. Measurements are realized either by sampling or by determining monitoring events relevant to the value to be measured.

Application-specific metrics are associated with inserting user-defined procedure calls, probes resulting in generating special events to captured by the monitoring system.

Active measurements are created whenever a concrete measurement is defined. The user interacts with the tool via portal by submitting a job and afterwards starting the tool as a normal application. The latter includes the specification of the host of the main service manager, the specification of an application Id orthe selection of one of the started applications, the definition of performance measurement and observation of results in the GUI.

In the future, the G-PM tool is going to include a special API for providing performance data for the tasks of MPI applications verification and benchmarking. This research is partly funded by the European Commission the IST-2001-32243 Project CrossGrid [2].

References

  1. Bubak, M., W. Funika, R. Wismueller: The CrossGrid Performance Analysis Tool for Interactive Grid Applications. In: D. Kranzlmeller, P. Kacsuk, J. Dongarra, J. Volker (Eds.) Recent Advances in Parallel Virtual Machine and Message Passing Interface, Proc. 9th European PVM/MPI Users' Group Meeting, Linz, Austria, September/October 2002, LNCS 2474, pp. 50-60.
  2. CrossGrid - Development of Grid Environment for interactive Applications, EU Project, IST-2001-32243, Technical Annex. www.eu-crossgrid.org

back


Michal Kosiedowski, Cezary Mazurek, Maciej Stroinski

PROGRESS - Access Environment to Computational Services Performed by Cluster of SUN Systems

Abstract:

The PROGRESS project aims at building an access environment to computational services performed by cluster of SUN systems. PROGRESS integrates different parts of grid middleware. The job submission is handled by the Grid Broker. Data required for computations are managed by the Data Management System.

Additionally, any user interface may use the Grid Service Provider developed within the project. The computing portal is an example of such an interface and was provided within the project. Another example is the migrating desktop. One of the most important parts of the realised grid-portal architecture is the Grid security. The PROGRESS project enables the complete grid-portal architecture for further deployments in different fields of grid enabled applications. Currently couple of bioinformatics computing applications are provided to run the tested environment.

The whole software architecture consists of middleware which is already available (e.g. Globus, Sun Grid Engine) as well as tools and services developed within project workpackages. Most of those components communicates with each other through interfaces based on Web Services and are distributed within the testbed installation.

The testbed installation consists of three SUN Fire 6800 and two SUN Fire V880 systems installed in Poznan and Krakow.

The current status of the project work will be described basing on the first testbed installation, which have been presented during the Supercomputing 2002 Exposition.

back


Miroslaw Kupczyk, Rafal Lichwala, Norbert Meyer, Bartek Palak, Marcin Plociennik, Pawel Wolniewicz

Roaming Access and Migrating Desktop

Abstract:

The Roaming Access and Migrating Desktop implement a new generation tools for the end user according to the growing up demands and needs. Nowadays it is not enough to have an Internet or Grid access. It can be observed the group of inexperi-enced users has increased significantly. On the other hand the Grid and Internet populations are among the most mobile of all (moving between Virtual Organizations in open network environment). Therefore the Grid should be able to deliver a service allowing keeping and restoring the users working environment. It is mostly (but not in each case) done assuming the user is changing the place between VOs with his/her personal terminal. But when we assume, to achieve a better flexibility, the users would like to access the open network environment at any place and any VO without loosing the last working environment settings, it becomes a problem, due to the fact no any tools are available currently.

This service will be supported by the Roaming Access and Migrating Desktop, giving a chance each user to restore the last used (valid) settings, without restricting whether the user has or not a personal terminal with all stored settings. The Desktop Portal Server extends the functionality of the Application Portal Server by providing a specialised advanced graphical user inter-face and a mechanism that allows the user to access all files stored on his personal machine available from other locations/machines. The Roaming Access Server a network server responsible for managing user profile, user authorisation and authenti-cation, job submission, file transfer and grid monitoring.

The mentioned functionality is developed in the CrossGrid project (IST-2001-32243, http://www.eu-crossgrid.org) and will be released the first time in February 2003. As a preview of the first prototype we will describe the offered functionality which will be available on-line.

back


Marian Bubak, Piotr Nowakowski, Robert Pajak

Short Overview of EU Funded Grid Projects

Abstract:

This paper presents an overview of EU IST-funded research activities in the field of Grid technology development and its applications. It is an extention to an invited talk presented at the EuroPVM/MPI [1].

The paper consists of short descriptions of each project followed by a comparison of applications, development tools, and Grid middleware involved in the projects.

Chronologically, the first EU grid projects EUROGRID, DAMIEN and DATAGRID commenced in 2000 with a total budget of 15 million Euro. EUROGRID develops middleware for seamless access to high-performance computer centers and demonstrate it through biology, meteorology, and industrial applications. DAMIEN extends the MPI to Grids and develops tools for performance analysis and prediction; the results are demonstarted by a CAE industrial application. DATAGRID develops middleware and production testbeds for high-energy physics, Earth observation and biology.

In the year 2001 EU IST launched 6 new Grid projects a with total budget of 20 million Euro: GridLab, CrossGrid, EGSO, GRIA, DATATAG and GRIP. GridLab focuses on development of a Grid Application Toolkit for large-scale simulations, with numerical relativity codes used for testing. CrossGrid develops Grid services and programming tools for interactive applications. The main objective of EGSO is the elaboration of a solar observatory virtual archive. DATATAG is working on the construction of a transatlantic Grid testbed and GRIP is related to EUROGRID as it establishes interoperability between Unicore and Globus.

The recent EU IST Grid projects commenced in the year 2002 with a funding of 14 million Euro. They are as follows: on-demand flow simulation (FLOWGRID), Grid-based computing for molecular science and engineering (OpenMolGrid), Grid search and categorization (GRACE), corporate ontology (COG), development of a semantic web (MOSES), bio-technology information and knowledge (BioGrid), medical simulation services (GEMSS), self e-learning networks (SeLeNe), and a federated mammogram database on a Grid (MammoGrid).

When analysing the objectives of EU IST Grid projects one may observe the following trends: moving from Grid computing to knowledge discovery and management (in the form of data mining, search engines, semantic web and ontology-based methods), development of the Grid as a collaborative environment, enabling Grid services to be customized by users, introducing the Grid technology to bussines and industrial applications.

The most frequently used middleware is Globus and the activity in middleware development addresses application interfaces, tools for monitoring, resources discovery, data management, and interoperablity issues. Almost all projects consider transition from the standard Globus suite to a Grid Services-based version.

This investigation is partly funded by the European Commission in the IST-2001-32243 Project CrossGrid [2] and GridStart [3].

  1. [1] Bubak, M., M. Turala: CrossGrid and its Relatives in Europe. In: D. Kranzlmeller, P. Kacsuk, J. Dongarra, J. Volker (Eds.) Recent Advances in Parallel Virtual Machine and Message Passing Interface, Proc. 9th Eurpean PVM/MPI Users' Group Meeting, Linz, Austria, September/October 2002, LNCS 2474, pp. 14-15.
  2. [2] CrossGrid - Development of Grid Environment for interactive Applications, EU Project, IST-2001-32243, Technical Annex. - www.eu-crossgrid.org
  3. [3] GridStart - www.gridstart.org

back


Andrzej Ozieblo, Piotr Nyczyk, Mieczyslaw Pilipczuk

Testbed Status at Cyfronet Krakow

Abstract:

Our testbed hardware is based on a rack cluster of 1U Intel Dual processor units produced by RackSaver Inc. The initial configuration contained four Intel Dual P III nodes with 512 MB of memory and 40GB disk on each node. Communication between nodes is assured by HP Switch with 40 100Mb ports with one 1000Mb uplink port. 23 new additional Dual Xeon units were recently installed. Each node contains two 2.4MHz Xeon processors, 1GB memory, 40GB disk and 1000Mb Ethernet port. Currently the bandwidth of link to the national research network is 622 Mbits/s but it should reach 10Gbit/s in a few months. A dedicated KVM (keybord, mouse, monitor) 1U unit, incorporated into the cluster rack, is in use for monitoring all elements. Disk space was increased by additional 640MB 1U unit (Quardian 4400).

Currently we use Linux 6.2 and EDG testbed software 1.2.3, as was agreed with all europeens CrossGrid testbed partners. The instalation was rather tedious due to all inperfections and bugs in the testbed software and lack of information. The current configuration is the following: LCFG installation server, Gatekeeper (CE), Worker Node, Storage Element, and User Interface are installed on four initial Dual P III nodes and most of additional Dual Xeon nodes are used as Worker Nodes. The dedicated subnet was created for the cluster, so all elements have their own IP adresses.

Local certificate policy, according to polish and europeen CrossGrid agreement, was established and several user accounts were opened. Our testbed have passed all neccesary tests and is fully operational.

back


Marcin Adamski, Michal Chmielewski, Sergiusz Fonrobert, Jaroslaw Nabrzyski, Tomasz Ostwald

The Authorization Service for Grid Environments

Abstract:

Security is one of most current and critical research issues in the field of Grid technologies. In order to use these technologies in practice, appropriate approaches to security problems have to be designed and efficient solutions developed. One of the most current security issues is the requirements of consistent authorization service, capable of covering the complete Grid infrastructure. The development of flexible and universal Authorization Service is the primary goal of security work package of the GridLab Project.

The Authorization Service (hereinafter referred to as the AS) to be useful in practice, should provide a single logical point for defining security policy for the whole Grid infrastructure. It ought to be able to implement various security scenarios (for example push or pull models) for Grids as well as be independent of specific technologies used at lower layers (for example authentication methods). According to the approach assumed in GridLab security work package, the AS server should be considered as a trusted component and therefore implemented in very stable and secure way.

The core functionality of GridLab AS is currently under heavy development. The basic prototype should be available for internal tests in the spring 2003. At this time, the experiments aimed at the verification of various scenarios for communication between GridLab services are planned. The results of these experiments will be further used to design the proposal for security model for the GridLab Project.

back


Michal Chmielewski, Adam Gowdiak, Sergiusz Fonrobert, Norbert Meyer, Tomasz Ostwald

VALIS/Valkyrie

Abstract:

The project encompassing the VALIS system was initiated to create a useful and effective tool for security maintenance in open network environments, where other standard security methods like network isolation or access restrictions are hardly applied. VALIS is an intrusion detection based system - it means that it automates the process of detecting intrusions and unauthorized use of computer resources. It is developed for Solaris operating environment version 7/8 (sparc&intel).

The system was designed and is being implemented with a modular architecture in mind, which naturally extends its functionality and makes it more flexible to suite the demanded level of security. VALIS sensitivity to security related events can be configured to protect all system resources at the B2 (according to the Orange Book) compliant system event monitor level where all accesses to the resources are consulted with the IDS. VALIS event reporting policy can be set to be more or less detailed according to the compromise made between the monitored systems' security and its efficacy/system overload. This reporting policy can also be dynamically changed at any time if there is a need to have more detailed information for the analysis process (for example, when an unauthorised attack attempt is detected).

The architecture of the VALIS system is built based on the distributed system schema, where two separated subsystems can be distinguished: an intelligent agent group and a security management station. The first one gathers information about changes in the protected systems and uses them for a fundamental analysis. The second subsystem manages information received from intelligent agents and performs its analysis using more sophisticated techniques.

In this architecture a high level of efficacy may be achieved by using a wide range of analysis and decision support methods. Several distinct methods can be used at the same time depending on the input data peculiarities. In our case, the whole analysis is done by the expert system. The knowledge base of the expert system contains rules for detecting known attack patterns. It also contains some general exploitation techniques patterns which can be used for detecting unknown attack attempts. Input events received from the information gathering module are processed by the expert system with the use of its rule set database. When some suspicious behaviour or action is detected, proper actions may be signalled back to the intelligent agent, which can further perform proper actions (i.e. block the user, deny access to the system resources). The results of the analysis process and users activity in the protected systems can be monitored with the use of the GUI console.

The version of VALIS IDS implemented as a part of Sun project is referred to as Valkyrie IDS.

back


 
Sponsored by: ATM S.A. ACC Cyfronet AGH Institute of Nuclear Physics Institute of Computer Science AGH School of Banking and Management in CracowWSZiB