刚刚才发现SimJava里面不是在initialize之前create的entities都无法通过Sim_system的method获得, 也就是说他们并不被Sim_system所监控?? 头疼, 头疼...debug啊...

越开发越觉得SimJava不够灵活啊...

JDBC Compliant Database

Such a database is a must. If you are going to use this database solely for globus toolkit, the one (PostgreSQL 7.1+) mentioned in the Admin Guide is highly recommended. Refer to http://www.postgresql.org/ for detail information. We here used PostgreSQL 8.0 as our DBMS. (Note, the following steps are based on version 8.0. There may be some different operations for older versions. Please refer to the corresponding manuals before you start.)

1. Download the PostgreSQL 8.0 to a directory, un-zip and un-tar it. This step may be done by a common user (e.g. your personal account).

[yanguo@locutus ~]$ gzip -d postgresql-8.0.3.tar.gz
......
[yanguo@locutus ~]$ tar -vxf postgresql-8.0.3.tar
......

2. Pre-install

[yanguo@locutus ~]$ cd postgresql-8.0.3
[yanguo@locutus ~]$ ./configure
[yanguo@locutus ~]$ gmake

3. Install

[yanguo@locutus ~]$ sudo /bin/bash
Password:
[root@locutus ~]# cd postgresql-8.0.3
[root@locutus postgresql-8.0.3]# gmake install

4. Post-install

[root@locutus ~]# useradd postgre
[root@locutus ~]# passwd postgres
......
[root@locutus ~]# mkdir /usr/local/pgsql/data
[root@locutus ~]# chown postgres:postgres /usr/local/pgsql/data

<to be continued>

(For more detail description, please refer to http://www-unix.globus.org/toolkit/docs/4.0/admin/docbook/ch03.htm .)

Here would I mention something important about the required softwares that would cause problems during the installation and configuration of GT4.

As described in the Admin Guide (see the linking above), these softewares are required:
- Globus Toolkit installer, from Globus Toolkit 4.0 download page
- J2SE 1.4.2+ SDK from Sun, IBM or BEA (do not use GCJ).
- Ant 1.5.1+ (1.6.1+ if using Java 1.5). Do not use the Ant distributed with Fedora Core 2.
- C compiler. If gcc, avoid version 3.2. 3.2.1 and 2.95.x are okay.
- GNU tar
- GNU sed
- zlib 1.1.4+
- GNU Make
- sudo
- JDBC compliant database. For instance, PostgreSQL 7.1+
- gpt-3.2autotools2004 (shipped with the installers, but required if building standalone GPT bundles/packages)

Among these required softwares, C compiler, GNU tar, GNU sed, zlib, GNU Make and sudo are normally provided by most Linux installation (or you should contact the system administrator for detail), so we won't discuss them here.

JSDK 1.4.2+

Before you install JSDK 1.4.2+, please make sure that you have removed (uninstalled) all older versions of JDK, including the gcj compiler accompanying with Linux, with root account. Remember to use RPM to uninstall the older versions of JDK if they were installed using RPM.

Use command java -version to verify that your java compiler version is appropreate.

[root@borg01 ~]# java -version
java version "1.4.2_08"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_08-b03)
Java HotSpot(TM) Client VM (build 1.4.2_08-b03, mixed mode)

If the result turns out to be a proper version (1.4.2+), you can skip the following steps.

If the above command implies that no JDK (or java compiler) has been installed, you can skip the following steps and install JSDK 1.4.2+ directly. Refer to Sun Java documents for installation.

Use command rpm -q gcj to check whether a default gcj is being used. If yes, use rpm -e gcj to uninstall it.

Try rpm -q j2sdk to check whether the older version of JDK were installed using RPM. If this yields no result, use command rpm -q -a to list all packages installed using RPM, then search for jdk (jsdk) related packages (since the package name may not be exactly "j2sdk"). You may pipe the output to a file for easy checking. An example of using rpm -q is as following:

[root@borg01 ~]# rpm -q j2sdk
j2sdk-1.4.0_01-fcs

This indicates that a j2sdk-1.4.0_06-fcs package has been installed using RPM. Use command rpm -e j2sdk to uninstall this old version of JDK.

If the above steps yield no results but the java -version command tells that an older version of java compiler is being used, you should manually search for the java directory where it was installed (not using RPM), and remove it.

After you remove all older versions of java and install a proper one (using RPM recommended), you should verify this by java -version. Please check those system environment variables such as JAVA_HOME and PATH. They should look like:

[root@borg01 ~]# env
......
JAVA_HOME=/usr/java/j2sdk1.4.2_08
PATH=...:/usr/java/j2sdk1.4.2_08/bin:...
......

If any system environment variable is not correct, please set them properly. There will be later a separate section showing how to efficiently setup default system variables for all users by root account.

To make my this memo series easily understandable, I think it better to mention something related, that is, our project background and the working environment.

A huge database (Gene Dictionary) has been built over years, which has over 2 million entries. An application has also been developed to classify all bio-informatic nouns according to this dictionary. The process is, for each noun in a document, we search in the dictionary and try to classify this noun. The task is quite heavy due to both the huge dictionary and the large number of nouns to be classified, as well as the limited computational ability of a single computer. 

To overcome the addressed noun classification difficulity (which may be extended to other projects), we try to make use of the new technologies of grid computing to launch all computational abilities within a grid system. Our intention is to build a peer grid system (this means all nodes in the grid system is peer to each other) consists of 9 nodes, one of which is a powerful server and the others are common PCs. When a batch of jobs are submitted (by any node), those free (available for more jobs) nodes should be able to be assigned new jobs and execute them in parallel.

Globus Toolkit is a collection of tools providing the infrastructure of a grid system for developers and system architects. Our task is now build the grid system described above with Globus Toolkit. We chose Redhat Linux 9 as our operating system and GT4 as the infrastructure of grid system. Further more, we will explore how to deploy Condor-G to work with GT4 to achieve convenient job managements.

My this memo will try to provide a cookbook for novices into this GT4 installation and configuration, followed by the application of Condor-G.

How To Use the Globus Toolkit

Like the pipes and valves in a house's plumbing system, the Globus Toolkit has surprisingly little direct value to end users of distributed collaborative projects or products. Very few of the components in the Toolkit include user interface elements that would be immediately useful to scientists, engineers, or other application users. One most certainly cannot get useful results simply by directing scientists, engineers, or marketing specialists to the Globus Toolkit and telling them to do something useful with it!

The Globus Toolkit can be extremely useful to application developers and system integrators. In order to make good use of the Toolkit, one must have a specific application or system in mind, preferably one that involves shared use of physical or logical resources from several administrative domains. Having the right expertise on hand (system design and architecture, software development, user interface design, and of course familiarity with end user requirements) is essential. The most ambitious projects and products (those that the Globus Toolkit is aimed at) require sophisticated project planning and strong, experienced leadership to achieve success.

After reviewing the contents and capabilities of the Globus Toolkit and having read the preceding paragraphs, it may appear to someone grappling with the specific user requirements of a complex, distributed collaborative project that the Toolkit by itself meets very few of these requirements head-on. That may be true to a point, but it is important to remember that the Globus Toolkit is not intended to be a turnkey solution. As stated at the beginning of this section, all applications require a combination of application-specific code, components from the Grid community (including the Globus Toolkit), and off-the-shelf commodity components, assembled together by an architect and fit together by system integrators.

Review: What's In the Globus Toolkit?

The Globus Toolkit isn't a turnkey solution for a specific problem. Instead, it's a collection of solutions to sub-problems that have proven useful in real projects. (The Globus Toolkit genuinely is a "toolkit," or a collection of tools.) Specific applications will find different combinations of Globus Toolkit components more useful than others.

• Two Very Important Software Development Kits
  These SDKs (of particular interest to software developers) are critical for developing new Grid software services within the OGSA framework.
  • Web Services Core (WS-Core) Implementation
    Used to develop and run OGSA-compliant Grid Services (available in Java and C/C++)
  • Grid Security Infrastructure (GSI) Implementation
    Used to secure communication (e.g., between services and clients)
• A Variety of Basic Grid Services
  These services are popular among current Grid application and system builders. They provide uniform interfaces to the most typical types of system elements and they currently include both OGSA and non-OGSA implementations.
  • Computing / Processing Power (GRAM)
  • Data Management (GridFTP, DAI, RLS)
  • Monitoring/Discovery (MDS)
  • Authorization/Security (CAS)
  • In development: Telecontrol (NTCP/GTCP), Metadata (MCS), Virtual Data (Chimera, Pegasus)
• Developer APIs
  All of the services and tools above include C/C++ libraries and Java classes for building Grid-aware applications and tools.
• Tools and Examples
  All of the services and tools above include tools and examples based on the developer APIs and associated services.

When connecting to database using JDBC driver, the following runtime exception prompts:

java.lang.ClassNotFoundException: com.mysql.jdbc.Driver
java.lang.ClassNotFoundException: com.mysql.jdbc.Driver
        at java.net.URLClassLoader$1.run(URLClassLoader.java:199)
        ......

At this time, I need to add the path of connector (JDBC driver) to the system variable "CLASSPATH". e.g.

[xxx@xxxx]$ export CLASSPATH=$CLASSPATH:.:dir_of_the_driver/xxxx.jar

The "." path is also important.

In this paper, F. Stevens et al. described a probabilistic model for validating an intrusion-tolerant system. This model made use of an innovative attacker model, which has a sophisticated and detailed representation of various kinds of effects of intrusions on the behavior of system components. Attacks were classified as infrastructure-level, data-level, or across-process-domail; attack effects were classified as compormise, crash, or DoS. 

Models in this paper were built with the stochastic activity network(SAN) formalism using the Mobius tool. Eighteen different SAN models were built to represent the various components of the system. Yet the authors did not solve the higher-level model by its underlying stochastic process, instead, they Obtain the measures such as the probability of correct functionality by discrete-event simulation.

This paper reviewed the works on Dependability and Security Quantification, discussed the models and methods used in analyzing Dependability and Reliability, and summarize how some of these methods are extendedly used in quantifying Security.

Due to the stochastic properties of system and attacker behaviors, Markov models, Markov Reward models and Semi-Markov Porcess models are applicable for quantifying security. The complexity of the system and attacker behaviors bring us the challenges of largeness. Two classes of techniques of solving largeness problems are listed here:

Largeness Avoidance Techniques:
    Lumping Techniques
        State-level Lumping
        Model-level Lumping (by SWNs or SANs)
        Compositional Lumping
    Aggregation Technique

Largeness Tolerance Techniques:
    Build high-level model (SPN, SPA, etc.) ----> Manipulate the large underlying CTMCs, and reduce the space requirement of the state space, generator matrix and iteration vector.
    Binary & Multiple-Valued Dicision Diagram (BDD & MDD) are developed for exploring and representing large state spaces; Kronecker technique, Matrix Diagram (MD), Canonical MDs (CMD), disk-based approach, on-the-fly technique, and path-based approach(for transient analysis) are techniques developed for storing large generator matrix.

Regarding the higher-level model representations and their underlying stochastic processes, the article gives the following summary:
    SPN, GSPN, SANs, SRNs : Markov Reward Model (MRM)
    ESPN : Semi-Markov Process (SMP)
    DSPN, MRSPN, CGPN : Markov ReGeneration Process (MRGP)

This paper also summarizes the requirements for modeling of security, and the challenges reside in this new field.

My next step is to review the works that were already done on quantifying security with models and tools, and then try to figure out how the previous works can be extended.

In this paper, Sankalp S. et al show the approach by using Stochastic Activity Networks (SANs) to quantitatively validate an intrusion-tolerant replication management system.

The authors believe that probabilistic models for intrusion torelant systems should include submodels of the attacker, the intrusion-tolerance mechanism being used, the application, and the resource/privilege state of the system. They build a model compesed by several submodels, each of which is represented by a SAN in a modular way.

The Mobius tool is used to design the SANs, define the instusion tolerance measures on the model and design studies on the model. Mobius can solve SANs analytically by converting them into equivalent CTMC, however, it is used in this paper to simulate the model to obtain values for the intrusion tolerance measures for various studies.

With model parameters based on experience and security literature, these two studies are conducted: the preferable distribution of host into domains; and the comparison of relative efficacy of host-exclusion and domain-exclusion management algorithms.

The authors also points out that even if accurate input parameter values are not available, a model can still be used to study the trends in a system's security and availability for various parameter ranges, and the trends can be used to guide the system design process.

This paper presents a generic state transition model based on which a Semi-Markov Process (SMP) model is developed to quantify the security attributes of a intrusion tolerant software system.

In this SMP Model, attacker actions are modeled by the states {G, V, A} and the rest states {MC, UC, TR, FS, GD, F} describe the system behaviors (responses to a security intrusion).

The model parameters, i.e. mean sojourn time in each state and the branching probabilities, are described and the computation of sojourn time in each state is given, while the estimation of such parameters remains undiscussed.

The authors also discuss distribution functions that are applicable for different attack senarios.

The proposed model is quite general for different intrusion tolerant systems. Upon accurate estimated model parameters, security measure like "MTTSF" and probabilities of security failure due to violations of different security attributes can be computed. Yet I think how to make use of these results to guide the enhancement (by re-configuration or other methods) of the system security is needed to be further studied.