Ali Nasrat Haidar

A data infrastructure reference model with applications: Towards realization of a ScienceTube vision with a data replication service

AbstractThe wide variety of scientific user communities work with data since many years and thus have already a wide variety of data infrastructures in production today. The aim of this paper is thus not to create one new general data architecture that would fail to be adopted by each and any individual user community. Instead this contribution aims to design a reference model with abstract entities that is able to federate existing concrete infrastructures under one umbrella. A reference model is an abstract framework for understanding significant entities and relationships between them and thus helps to understand existing data infrastructures when comparing them in terms of functionality, services, and boundary conditions. A derived architecture from such a reference model then can be used to create a federated architecture that builds on the existing infrastructures that could align to a major common vision. This common vision is named as ’ScienceTube’ as part of this contribution that determines the high-level goal that the reference model aims to support. This paper will describe how a well-focused use case around data replication and its related activities in the EUDAT project aim to provide a first step towards this vision. Concrete stakeholder requirements arising from scientific end users such as those of the European Strategy Forum on Research Infrastructure (ESFRI) projects underpin this contribution with clear evidence that the EUDAT activities are bottom-up thus providing real solutions towards the so often only described ’high-level big data challenges’. The followed federated approach taking advantage of community and data centers (with large computational resources) further describes how data replication services enable data-intensive computing of terabytes or even petabytes of data emerging from ESFRI projects.

Clinically driven design of multi-scale cancer models: the ContraCancrum project paradigm

The challenge of modelling cancer presents a major opportunity to improve our ability to reduce mortality from malignant neoplasms, improve treatments and meet the demands associated with the individualization of care needs. This is the central motivation behind the ContraCancrum project. By developing integrated multi-scale cancer models, ContraCancrum is expected to contribute to the advancement of in silico oncology through the optimization of cancer treatment in the patient-individualized context by simulating the response to various therapeutic regimens. The aim of the present paper is to describe a novel paradigm for designing clinically driven multi-scale cancer modelling by bringing together basic science and information technology modules. In addition, the integration of the multi-scale tumour modelling components has led to novel concepts of personalized clinical decision support in the context of predictive oncology, as is also discussed in the paper. Since clinical adaptation is an inelastic prerequisite, a long-term clinical adaptation procedure of the models has been initiated for two tumour types, namely non-small cell lung cancer and glioblastoma multiforme; its current status is briefly summarized.

A hybrid knowledge base system and genetic algorithms for equipment selection

This paper describes the development of a hybrid knowledge base system and genetic algorithms to select the optimum excavating and haulage equipment in opencast mining. The knowledge base system selects the equipment in broad categories based on the geological, technical and environmental characteristics of the mine. To further identify the make, size and number of each piece of equipment that minimizes the total cost of the operation, the problem is solved using the genetic algorithms mechanism. Results of four case studies are presented to show the validation of the developed system.

Formal Modelling of a Usable Identity Management Solution for Virtual Organisations

This paper attempts to accurately model security requirements for computational grid environments with particular focus on authentication. We introduce the Audited Credential Delegation (ACD) architecture as a solution to some of the virtual organisations identity management usability problems. The approach uses two complementary models: one is state based, described in Z notation, and the other is event-based, expressed in the Process Algebra of Hoares Communicating Sequential Processes (CSP). The former will be used to capture the state of the WS and to model back-end operations on it whereas the latter will be used to model behavior, and in particular, front-end interactions and communications. The modelling helps to clearly and precisely understand functional and security requirements and provide a basis for verifying that the system meets its intended requirements.

Flexible composition and execution of large scale applications on distributed e-infrastructures

Computer simulation is finding a role in an increasing number of scientific disciplines, concomitant with the rise in available computing power. Marshalling this power facilitates new, more effective and different research than has been hitherto possible. Realizing this inevitably requires access to computational power beyond the desktop, making use of clusters, supercomputers, data repositories, networks and distributed aggregations of these resources. The use of diverse e-infrastructure brings with it the ability to perform distributed multiscale simulations. Accessing one such resource entails a number of usability and security problems; when multiple geographically distributed resources are involved, the difficulty is compounded. In this paper we present a solution, the Application Hosting Environment,3 which provides a Software as a Service layer on top of distributed e-infrastructure resources. We describe the performance and usability enhancements present in AHE version 3, and show how these have led to a high performance, easy to use gateway for computational scientists working in diverse application domains, from computational physics and chemistry, materials science to biology and biomedicine.

On the usability of grid middleware and security mechanisms

Usability is an all too often neglected aspect of grid computing, although it is one of the principal factors militating against the widespread uptake of distributed computing. Many resource providers on a grid infrastructure deploy a standard middleware stack and expect users to invoke the default client tools for that middleware stack to access their resources. Unfortunately, many of these middleware client tools have been developed as an afterthought, and are widely considered difficult to use. Such tools typically require a user to interact with a machine, to stage data and launch jobs, and to use digital certificates. Our experience of working with grids over many years has led us to propose a new model of grid interaction, which we call the user–application interaction model. Similar considerations have also led us to develop environments that remove digital certificates from the users experience, replacing them with familiar username and password authentication credentials. In this paper, we investigate the usability of this interaction model and its security system through a series of tests, which compare the usability of our systems with commonly deployed middleware tools using five usability metrics. Our middleware and security solutions are judged to be more usable than the systems in use by most of todays computational grids.

Audited credential delegation - a user-centric identity management solution for computational grid environments

One major problem faced by end-users and administrators of computational grid environments arise in connection with the usability of the security mechanisms usually deployed in these environments, in particular identity management. Many of the existing computational grid environments use Public Key Infrastructure (PKI) and X.509 digital certificates as a corner stone for their security architectures. However, security solutions based on PKI have to be usable to be effective otherwise they will not provide the intended protection. This paper presents the Audited Credential Delegation (ACD), a user-centric security identity management solution that accommodates users and resource providers security requirements including authentication, authorisation and auditing security goals from the design level. The proposed architecture removes any association between users and digital certificates, which is the source of the grid usability problem, while addressing resource providers concerns with regards to accountability. A prototype of this architecture has been implemented in Java and Web Services technologies using the recommendations of the Open Web Application Security consortium (OWASP) for developing secure software. It is currently being tested on TeraGrid, NGS and DEISA grid infrastructures and a detailed usability study is underway.

Audited credential delegation: A sensible approach to grid authentication

If the authentication process in a computational grid environment is difficult for end-users, they will either be unable to use the system at all, or, in their attempts to circumvent the aspects of the authentication process which they find “difficult”, they will probably increase the likelihood of a security compromise of the system. In this paper we examine a proposed authentication architecture, audited credential delegation (ACD), that uses the familiar username/password paradigm to improve the usability (and so the security) of the authentication process in these environments. We report on a usability trial of this architecture in which it is compared to the traditional PKI-based authentication used in many existing computational grid environments. We also discuss how this architecture suggests that computational grid resource providers (and potentially the Certificate Authorities accepted by these providers) need to rethink their “one digital certificate = one user” security model.

Weaving Authentication and Authorization Requirements into the Functional Model of a System Using Z Promotion

The use of Z in software development has focused on specifying the functionality of a system. However, when developing secure system, it is important to address fundamental security aspects, such as authentication, authorization, and auditing. In this paper, we show an approach for building systems from generic and modular security components using promotion technique in Z. The approach focuses on weaving security component into the functionality of a system using promotion technique in Z. For each component, Z notation is used to construct its state-based model and the relevant operations. Once a component is introduced, the defined local operations are promoted to work on the global state. We illustrate this approach on the development of a “secure” model for a conference management system. With this approach, it is possible to specify the core functionalities of a system independently from the security mechanisms. Authentication and authorization are viewed as components which are carefully integrated with the functional system.

Comparison and Evaluation of Identity Management in Three Architectures for Virtual Organizations

This paper compares and contrasts authentication mechanisms used in three VO architectures: the first reflects ad-hoc connections among several organizations, the second uses a centrally managed database and the third is based on public key infrastructure (PKI). The reason for studying these particular three architectures is that they cover a large class of currently operating VOs (i.e. supply chains, grids). These architectures used several types of authentication mechanisms starting from traditional username/password, through online trusted servers (Kerberos), to offline trusted third parties: certificate authorities and digital certificates. The current defacto-standard middleware used to build VOs, Globus toolkit, is based on the PKI architecture.