曙光1000大规模并行计算机系统软件的设计

曙光１０００是基于消息的大规模并行计算机系统。本文介绍曙光１０００系统软件的设计目标，重要的微核心，用户空间服务。客户／服务模型和标准用户界面的设计思想，实现技术路线，以及组织结构，并详细阐述了系统诊断与监控，系统管理，并行程序开发环境与工具和调试器的设计。     

Constructing formal rules to verify message communication in distributed systems

This study presents a method to construct formal rules used to run-time verify message passing between clients in distributed systems. Rules construction is achieved in four steps: (1) Visual specification of expected behavior of the sender, receiver, and network in sending and receiving a message, (2) Extraction of properties of sender, receiver, and network from the visual specification, (3) specification of constraints that should govern message passing in distributed systems, and (4) construction of verifier rules from the properties and the constraints. The rules are used to verify actual sender, receiver, and network behavior. Expected behavior of the client (process) is one that to be and the actual one is the behavior should be verified. The rules were applied to verify the behavior of client and servers that communicated with each other in order to compute Fibonacci numbers in parallel and some violations were discovered.     

基于机群操作系统的并行调试器

并行调试工具的设计，是并行计算环境工具研究开发中的一个突出难点。介绍了一个在曙光3000上实现的并行调试器DCDB3．0。该调试器是未来曙光4000机群操作系统的一部分，是曙光3000上的第1个可运行版本，采用典型的客户／服务器模式。客户端的用户界面可将冗繁的调试信息与操作可视化。客户端可以远离提供服务的大型机，其远程通信依赖的是机群操作系统中的DRPC和任务管理，前者提供远程方法调用，后者使得客户端能够在服务器上启动相应的任务。DCDB3．0的服务器端负责处理调试任务和同客户端进行信息交互。DCDB3．0的功能具有可扩放性，使得可以在此平台上研究一些高级并行调试技术的实现。改进了已有的方式，实现了重放技术，并计划进一步添加其他高级并行调试技术。     

三维语音动画聊天室的设计与实现

聊天室是人们在网上交流的一种重要手段,由于硬件设备、网络带宽的限制,目前广泛使用的聊天室只能基于文本和语音,不能基于人脸形象。以已经实现的“一个基于SAPI5.0的中文语音动画系统”为基础,设计并实现了一个结合文本、语音和人脸动画的三维语音动画聊天室。聊天室由客户端和服务器两部分组成,多个用户利用客户端连接到服务器上,用户可以输入文本并且选择各种表情,由客户端混合成带有表情标签的文本传送给服务器。服务器将该用户的三维人脸模型以及带有表情标签的文本传送给接收方,由接收方的客户端合成为带有表情的语音动画。聊天室只有发送方第一次给接收方传送信息时才需要下载人脸模型,以后只传送带有表情标签的文本,具有计算方法简单、系统通信开销小的特点,在普通微机上就能够产生带有表情的高质量的语音动画。     

基于椭圆曲线的密码体制

论述了基于椭圆曲线的三类密码体制。第一类体制提供了一种签名和认证的机制。第二类体制在发送方加密信息 ,在接收方解密信息 ,具有加密功能。第三类体制将会产生共享密钥 ,可以保证双方通信的安全性。主要对这三种体制结合具体的算法加以说明 ,从而对基于椭圆曲线的密码体制有一个宏观的把握     

Communication styles for parallel systems

Distributed-memory parallel systems rely on explicit message exchange for communication, but the communication operations they support can differ in many aspects. One key difference is the way messages are generated or consumed. With systolic communication, a message is transmitted as it is generated. For example, the result computed by the multiplier is sent directly to the communication subsystem for transmission to another node. With memory communication, the complete message is generated and stored in memory, and then transmitted to its destination. Since sender and receiver nodes are individually controlled, they can use different communication styles. One example of memory communication is message passing: both the sender and receiver buffer the message in memory. These two communication styles place different demands on processor design. This article illustrates each style's effect on processor resources for some key application kernels. We are targeting the iWarp system because it supports both communication styles. Two parallel-program generators, one for each communication style, automatically map the sample programs     

匿名通信系统中时间攻击模型研究

时间攻击是指对手研究信息穿过系统的时间来找出信息发送者和接收者之间的相关性,对支持交互式的低延时匿名通信系统形成一种巨大威胁。论文提出了一种基于重路由技术的匿名通信系统和针对该系统的时间攻击模型,理论分析和计算数据表明这种时间攻击方式可以有效地破坏匿名通信系统中信息发送者和接收者之间的连接性,但这种时间攻击的成功率受到信息到达率和节点延迟时间以及重路由路长等因素的影响。     

CACF：一种面向P2P客户端的应用程序框架

P2P客户端程序对网络通信的要求正变得越来越复杂。在开发过程中使用应用程序框架可以比较好地处理这种复杂性。本论文提出了框架CACF。它支持水平，垂直和协作过程等多种并行模式，能通过消息优先级和多种排队模型实现流控和端到端QoS，引入多路复用器实现对网络连接的多路复用，复合消息则消除了费时的内存拷贝。作为P2P系统Virtual Helpdesk的客户端，JCVIEWER的开发实践证明了CACF的有效性。     

Tools fair: untangling the web with Web and client/serverdevelopment tools

This article concentrates on tools for developing applications for the Internet and for client server distributed environments. These tools help serious software developers build applications that support company missions, goals, and objectives. The article also includes a testing and a miscellaneous category to describe a few tools that may interest software development managers     

Secure Sockets Layer

Secure Sockets Layer is a Web-based protocol used for securing data exchanges over the Internet. To understand how SSL does its job, we also must review the two cryptographic techniques on which it relies: symmetric-key and public-key cryptography (PKC). If a particular recipient is intended to decode the ciphertext, the sender and receiver must be using the same cryptographic technique, and they must safeguard a secret - a random number (called a key) in the case of symmetric-key cryptography, or the private key of a public/private key pair in the case of the public-key cryptography. To transport data, large messages are divided into multiple smaller messages with a maximum size of 16 Kbytes. Each message is optionally compressed, then a message authentication code (a hash derived from the plaintext, the two nonces, and the pre master secret) is appended. The plain-text and appended MAC are now encrypted using the negotiated symmetric-key scheme and the computed session key.     

基于0-1规划的并行计算图划分模型

图划分广泛地应用在许多科学与工程领域,但它应用于并行计算任务分配时,使用无向图表示数据依赖关系,这限制了它的应用(例如,无向图不能表示矩形和非对称依赖关系的应用).为了克服图划分的这个缺点,我们对数据间的依赖关系进行区分(即同一条边区分通信的发送方与接收方),然后基于0-1规划模型化这个问题,并通过互联网上求解优化问题常用的NEOS服务器进行求解,在一些数据集上的实验表明,0-1规划方法优于求解图划分流行的多层划分方法.     

SSL及使用OpenSSL实现证书的签发和管理

WWW服务器与浏览器之间的安全通信是WEB安全数据交换的基础。SSL是基于WEB应用的安全协议,具有很强的实际安全性,它为TCP/IP连接提供数据加密、服务器认证、消息完整性以及可选的客户机认证。OpenSSL是开源软件,提供了一个通用的高强度加密库,并在此基础上实现了SSL2.0,SSL3.0,TLS1.0,分析了SSL协议规则,并简要介绍了OpenSSL软件包,同时就如何使用OpenSSL软件包实现证书的签发和管理进行了详细的探讨。实践证明,利用OpenSSL提供的库文件能很方便地对证书进行签发和管理,构建安全WEB服务器。     

Security and Controls for EDI

During the many years in which I have been involved in building client/server systems, I have often been asked if there is any real difference between the security of client/server systems and that of traditional, mainframe-based systems. The simple though seldom heard answer is yes—adoption of such a new architectural paradigm has a direct impact on security. It does not significantly affect existing security objectives; in most cases, security objectives remain constant. However, a new systems architecture does require that existing security methods and tools be either changed or replaced with new security techniques and tools. In short, what has to be done remains constant; how it is done changes depending on the new systems architecture.

This column addresses a number of the unique security issues that are raised by adoption of client/server technologies.     

多媒体邮件的发送系统存储机制研究

针对传统邮件系统收发多媒体邮件时存在的不足,提出一种发送系统存储机制。该方案使用多媒体Server和客户端应用程序,利用流媒体技术,使视听信息从发送系统直接传送到接收者,节省了中间环节的带宽和存储空间。讨论了实现这种机制的方法,最后针对多媒体邮件的安全性问题提出了解决方法。     

一种面向加密流量的网络应用识别方法

为实现网络流量的有效管控,提出一种基于安全套接层(SSL)协议交互字段与多输入最大化单输出隐马尔可夫模型(HMM)的加密应用并行识别方法.将来自客户端或者服务器的单向数据流SSL协议交互阶段的字段作为HMM模型的观测序列,并对所有待识别的加密应用建立HMM模型形成指纹库.在此基础上,利用前向算法计算未知观测序列被识别为HMM模型的概率,选取概率最大HMM模型所对应的加密应用作为识别结果.实验结果表明,与传统应用识别方法相比,该方法对典型加密应用具有更好的识别效果及鲁棒性.     

Architecture for modeling and simulation of technical systems along their lifecycle

Modeling and simulation is an established scientific and industrial method to support engineers in their work in all lifecycle phases—from first concepts or tender to operation and service—of a technical system. Due to the fact of increasing complexity of such systems, e.g. plants, cyber-physical systems and infrastructures, system simulation is rapidly gaining impact. In this paper, a simulation architecture is presented and discussed on three different industrial applications, which offers a client–server concept to master the challenges of a lifecycle spanning simulation framework. Looking ahead, open software concepts for modeling, simulation and optimization will be required to cover new co-simulation techniques and to realize distributed, for example web-based simulation environments and tools.     

A new fuzzy-decision based load balancing system for distributed object computing

Distributed object computing systems are widely envisioned to be the desired distributed software development paradigm due to the higher modularity and the capability of handling machine and operating system heterogeneity. Indeed, enabled by the tremendous advancements in processor and networking technologies, complex operations such as object serialization and data marshaling have become very efficient, and thus, distributed object systems are being built for many different applications. However, as the system scales up (e.g., with larger number of server and client objects, and more machines), a judicious load balancing system is required to efficiently distribute the workload (e.g., the queries, messages/objects passing) among the different servers in the system. Unfortunately, in existing distributed object middleware systems, such a load balancing facility does not exist. In this paper, we present the design and implementation of a new dynamic fuzzy-decision-based load balancing system incorporated in a distributed object computing environment. Our proposed approach works by using a fuzzy logic controller which informs a client object to use the most appropriate service such that load balancing among servers is achieved. We have chosen Jini to build our experimental middleware platform, on which our proposed approach as well as other related techniques are implemented and compared. Extensive experiments are conducted to investigate the effectiveness of our fuzzy-decision-based algorithm, which is found to be consistently better than other approaches.     

A partitioning algorithm for distributed software systems design

One complication in using distributed computer systems is the increased complexity of developing distributed software systems. These software systems are composed of asynchronously executing components which communicate via message passing. Current software design techniques are not adequate for use in the design of distributed software systems. New design methods which explicitly address the problem of system partitioning are needed. An overall distributed software design approach is presented. The key to the design approach is the presentation of a distributed processing component (DPC) partitioning algorithm for clustering functional modules in order to derive a set of distributed processing components. The design approach is oriented towards producing a software system which is hierarchical, which exploits potential concurrency that exists between functional modules, and which avoids nonprofitable message traffic.     

Metacomputing in practice: a distributed compute server for pharmaceutical industry

We describe a distributed high-performance compute server that has been implemented for running compute-intensive applications on a mixture of HPC systems interconnected by Inter-and Intranet. With a practical industrial background, our work focusses on high availability, efficient job load balancing, security, and the easy integration of HPC computing into the daily work-flow at pharmaceutical companies.

The work was done in the course of the ESPRIT project P A Distributed Pharmaceutical Application Server The client software is implemented in Java. All results are displayed in a web browser and can be forwarded to the next stage of applications used in the drug design cycle. The server software handles the job load balancing between the participating HPC nodes and is capable of managing multi-site applications.

Our environment currently supports four key applications that are used in rational drug design and drug target identification. They range from the automatic functional annotation of protein sequences to three-dimensional protein structure prediction tools and protein comparison applications.