Cluster Computing

Distributed Hash-tables for Scientific Computing

Distributed Hash-Tables are a common data-store in distributed applications and have proven to be useful in the context of webservices and Big Data applications.

In this project, we investigate how the field of High Performance Computing benefits from this technique. Therefore, we explore two research questions. The first one deals with the efficient implementation of a DHT. Compute-Clusters are equipped with High-performance networks like InfiniBand or Omni-Path and offer special communication APIs.

Green IT

Network-Attached Accelerators In Heterogeneous Computing Environments (NAAICE) (BMBF)

The aim of the project is to decouple programmable accelerator modules (FPGA) for special calculations from the close connection to server processors of high-performance computers and instead connect them dynamically via the network. Compared to directly coupled accelerators, these new network-attached accelerators (NAA) promise more flexibility and at the same time lower energy consumption through better utilization. The communication with the FPGA clusters should take place asynchronously, which is a challenge in connection with a heterogeneous hardware environment in the HPC. The use of the NAA also requires an adjustment of the middleware and the runtime environments as well as the resource management system for energy monitoring in data centers.

CHERUB - an energy saving daemon for HPC- and SLB-clusters

Compute clusters are often managed by a so-called Resource Management System (RMS) which has load information about the whole system. CHERUB is a centralized daemon which is installed on top of an arbitrary RMS and uses its load information to switch on/off nodes according to the current load situation and load forecasting to save energy in this way. Due to its modular design and its well defined API it can operate with different Resource Management Systems. At the Moment there are modules available for the Portable Batch System (PBS), the Load Sharing Facility (LSF) and the IBM Load Leveler (LL) in the High Performance Compute (HPC) field and for the Linux Virtual Server (LVS) in the Server Load Balancing (SLB) field.

Security

CoFee: Teaching secure C Programming

CoFee is a modular framework focusing on code security and code robustness by using state-of-the-art software analyzers. Further, error messages are supplemented by meaningful hints suited for novice students. It also follows the theory of situated learning by exposing students to typical software engineering workflows using Gitlab for version control, continuous integration and code quality reports. To check code quality CoFee supports well-established open-source tools which were tested on a purpose build test suite. Its modular architecture allows easy integration of future analyzers.

DNSSEC und DANE

Transport Layer Security (TLS) ist das Standardverfahren zum Verschlüsseln des Datentransports. Über eine PKI können digitale Zertifikate ausgestellt, verteilt und geprüft werden. Die Authentizität der verwendeten Zertifikate ist jedoch nicht immer gewährleistet.

Derzeit sind über 200 verschiedene CAs verfügbar, jede dieser CA kann Zertifikate für jeden beliebigen Hostnamen ausstellen. Wenn eine dieser CAs nachlässig bei der Systemsicherheit oder der Prüfung des Antragsstellers ist, kann sich ein Angreifer ein "gültiges" Zertifikat für einen Host erstellen lassen.

Hier kommt DANE ins Spiel! DANE definiert einen TLSA-Record, der den Hash des öffentlichen Schlüssels einer Domain oder eines Dienstes enthält.

Fast Formal Security Verification in IPv6 Networks

Today, enforcing security is a tough challenge as security policies grow over time and networks become more and more complex. Eventually, rulesets with thousands of rules and large network configurations cannot be checked manually. Meanwhile, new networking approaches like Software Defined Networking (SDN) or Network Function Virtualization (NFV) introduce new possibilities in terms of scalability and flexibility but also increase the heterogenity and complexity of network setups. The same applies for state-of-the-art networking technologies like IPv6 with its extension header chains. Therefore, the goal of our research is to give operators the ability to automatically determine the security status of their network through an online supervision system attached to their regular management systems.

IPv6 Intrusion Detection System

The transition from the currently used internet protocol version IPv4 to the official successor protocol IPv6 is an important technical requirement for the ongoing development of communication and network infrastructures within the next years. Therefore the security of IPv6 networks is of high social relevance and importance.

IPv6

Here you can find different projects about IPv6.

Internet of Things (IoT)

Semantic Web in Internet of Things (IoT)

Things in the Internet of Things (IoT) are usually equipped with sensors or an actuator. Sensors enable to measure e.g. temperature, air humidity, light, motion, etc. Furthermore, things can connect to the other things. However, there is no interoperability standard for connecting heterogeneous devices from different vendors in the IoT. Instead, there are several consortia and vendors which work on their own solution, (e.g. Smart Home standards).

One particular challenge in the Internet of Things is the management of many heterogeneous things. The things are typically constrained devices with limited memory, power, network and processing capacity. Configuring every device manually is a tedious task. We propose an interoperable way to configure an IoT network automatically using the existing standards: MQTT, YANG, NETCONF and Ontologies. At the center of MYNO framework a proposed NETCONF-MQTT bridge intermediates between the constrained devices (speaking MQTT) and the network management standard NETCONF. The NETCONF-MQTT bridge dynamically generates YANG data models from the semantic description of the device capabilities based on the oneM2M ontology.

Virtual Institute for Geomatics

Geomatics is the discipline of gathering, storing, processing, and delivering geographic information, or spatially referenced information. The Potsdam Virtual Institute for Geomatics (POVIG) is an inderdisciplinary platform for scientists from Deutsches GeoForschungsZentrum (GFZ) and Potsdam University in the field of earth science and computer science.