Distributed Hash-tables for Scientific Computing
Distributed Hash-Tables are a common data-store in distributed applications and have proven to be
useful in the context of webservices and Big Data applications.
In this project, we investigate how the field of High Performance Computing benefits from this
technique. Therefore, we explore two research questions. The first one deals with the efficient
implementation of a DHT. Compute-Clusters are equipped with High-performance networks like
InfiniBand or Omni-Path and offer special communication APIs.
Network-Attached Accelerators In Heterogeneous Computing Environments (NAAICE)
The aim of the project is to decouple programmable accelerator modules (FPGA) for special calculations
from the close connection to server processors of high-performance computers and instead connect them
dynamically via the network. Compared to directly coupled accelerators, these new network-attached
accelerators (NAA) promise more flexibility and at the same time lower energy consumption through better
utilization. The communication with the FPGA clusters should take place asynchronously, which is a
challenge in connection with a heterogeneous hardware environment in the HPC. The use of the NAA also
requires an adjustment of the middleware and the runtime environments as well as the resource management
system for energy monitoring in data centers.
CHERUB - an energy saving daemon for HPC- and SLB-clusters
Compute clusters are often managed by a so-called Resource Management System (RMS) which has load information
about the whole system. CHERUB is a centralized daemon which is installed on top of an arbitrary RMS and uses its
load information to switch on/off nodes according to the current load situation and load forecasting to save
energy in this way. Due to its modular design and its well defined API it can operate with different Resource
Management Systems. At the Moment there are modules available for the Portable Batch System (PBS), the Load
Sharing Facility (LSF) and the IBM Load Leveler (LL) in the High Performance Compute (HPC) field and for the
Linux Virtual Server (LVS) in the Server Load Balancing (SLB) field.
CoFee: Teaching secure C Programming
CoFee is a modular framework focusing on code security and code robustness by using
state-of-the-art software analyzers. Further, error messages are supplemented by
meaningful hints suited for novice students. It also follows the theory of situated
learning by exposing students to typical software engineering workflows using Gitlab
for version control, continuous integration and code quality reports. To check code
quality CoFee supports well-established open-source tools which were tested on a
purpose build test suite. Its modular architecture allows easy integration of future
DNSSEC und DANE
Transport Layer Security (TLS) ist das Standardverfahren zum Verschlüsseln des Datentransports.
Über eine PKI können digitale Zertifikate ausgestellt, verteilt und geprüft werden. Die
Authentizität der verwendeten Zertifikate ist jedoch nicht immer gewährleistet.
Derzeit sind über 200 verschiedene CAs verfügbar, jede dieser CA kann Zertifikate für jeden
beliebigen Hostnamen ausstellen. Wenn eine dieser CAs nachlässig bei der Systemsicherheit oder
der Prüfung des Antragsstellers ist, kann sich ein Angreifer ein "gültiges" Zertifikat für
einen Host erstellen lassen.
Hier kommt DANE ins Spiel! DANE definiert einen TLSA-Record, der den Hash des öffentlichen
Schlüssels einer Domain oder eines Dienstes enthält.
Fast Formal Security Verification in IPv6 Networks
Today, enforcing security is a tough challenge as security policies grow over time and networks become
more and more complex. Eventually, rulesets with thousands of rules and large network configurations
cannot be checked manually. Meanwhile, new networking approaches like Software Defined Networking
(SDN) or Network Function Virtualization (NFV) introduce new possibilities in terms of scalability and
flexibility but also increase the heterogenity and complexity of network setups. The same applies for
state-of-the-art networking technologies like IPv6 with its extension header chains. Therefore, the
goal of our research is to give operators the ability to automatically determine the security status
of their network through an online supervision system attached to their regular management systems.
IPv6 Intrusion Detection System
The transition from the currently used internet protocol version IPv4 to the official successor
protocol IPv6 is an important technical requirement for the ongoing development of communication
and network infrastructures within the next years. Therefore the security of IPv6 networks is
of high social relevance and importance.
Here you can find different projects about IPv6.
Internet of Things (IoT)
Semantic Web in Internet of Things (IoT)
Things in the Internet of Things (IoT) are usually equipped with sensors or an
actuator. Sensors enable to measure e.g. temperature, air humidity, light, motion,
etc. Furthermore things can connect to the other things. However there is no
interoperability standard for connecting heterogeneous devices from different vendors
in the IoT. Instead there are several consortia and vendors which work on their own
solution, (e.g. Smart Home standards).
One particular challenge in the Internet of Things is the management of many
heterogeneous things. The things are typically constrained devices with limited
memory, power, network and processing capacity. Configuring every device manually is
a tedious task. We propose an interoperable way to configure an IoT network
automatically using existing standards. The proposed NETCONF-MQTT bridge intermediates
between the constrained devices (speaking MQTT) and the network management standard
NETCONF. The NETCONF-MQTT bridge generates dynamically YANG data models from the
semantic description of the device capabilities based on the oneM2M ontology.
Virtual Institute for Geomatics
Geomatics is the discipline of gathering, storing, processing, and delivering geographic
information, or spatially referenced information. The Potsdam Virtual Institute for Geomatics
(POVIG) is an inderdisciplinary platform for scientists from Deutsches GeoForschungsZentrum
(GFZ) and Potsdam University in the field of earth science and computer science.