Elisa Heymann's research while affiliated with University of Wisconsin–Madison and other places

Publications (60)

Article
Full-text available
The enormous growth in software development affects every facet of our lives, creating an urgent need for training in software security. In response, we have developed free and open software security education and training materials for a wide range of practitioners, from the student to experienced professional.  INDUSTRY, GOVERNMENT, AND ACADEMIA...
Article
Full-text available
As fuzz testing has passed its 30th anniversary, and in the face of the incredible progress in fuzz testing techniques and tools, the question arises if the classic, basic fuzz technique is still useful and applicable? In that tradition, we have updated the basic fuzz tools and testing scripts and applied them to a large collection of Unix utilitie...
Preprint
Full-text available
As fuzz testing has passed its 30th anniversary, and in the face of the incredible progress in fuzz testing techniques and tools, the question arises if the classic, basic fuzz technique is still useful and applicable? In that tradition, we have updated the basic fuzz tools and testing scripts and applied them to a large collection of Unix utilitie...
Article
Compute node failures are becoming a normal event for many long-running and scalable MPI applications. Keeping within the MPI standards and applying some of the methods developed so far in terms of fault tolerance, we developed a methodology that allows applications to tolerate failures through the creation of semi-coordinated checkpoints within th...
Article
Full-text available
Attacks on software systems occur world-wide on a daily basis targeting individuals, corporations, and governments alike. The systems that facilitate maritime shipping are at risk of serious disruptions, and these disruptions can stem from vulnerabilities in the software and processes used in these systems. These vulnerabilities leave such systems...
Preprint
Full-text available
Attacks on software systems occur world-wide on a daily basis targeting individuals, corporations, and governments alike. The systems that facilitate maritime shipping are at risk of serious disruptions, and these disruptions can stem from vulnerabilities in the software and processes used in these systems. These vulnerabilities leave such systems...
Conference Paper
This article describes experiences and lessons learned from the Trusted CI project, funded by the US National Science Foundation (NSF) to serve the community as the NSF Cybersecurity Center of Excellence (CCoE). Trusted CI is an effort to address cybersecurity for the open science community through a single organization that provides leadership, tr...
Preprint
Full-text available
This article describes experiences and lessons learned from the Trusted CI project, funded by the US National Science Foundation to serve the community as the NSF Cybersecurity Center of Excellence. Trusted CI is an effort to address cybersecurity for the open science community through a single organization that provides leadership, training, consu...
Article
Software assurance tools – tools that scan the source or binary code of a program to find weaknesses – are the first line of defense in assessing the security of a software project. Even though there are a plethora of such tools available, with multiple tools for almost every programming language, adoption of these tools is spotty at best. And even...
Article
Full-text available
The growth of the internet and networked systems has exposed software to an increased amount of security threats. One of the responses from software developers to these threats is the introduction of security activities in the software development lifecycle. This paper describes an approach to reduce the need for costly human expertise to perform r...
Conference Paper
Full-text available
The fast adaptation of Cloud computing has led to an increase in novel information technology threats. The targets of these new threats range from large scale distributed system, such as the Large Hadron Collider by the CERN, to industrial (water, power, electricity, oil, gas, etc.) distributed systems, i.e. SCADA systems. The use of automated tool...
Article
Full-text available
The Interactive European Grid (i2g) project has set up an advanced e-Infrastructure in the European Research Area specifically oriented to support the friendly execution of demanding interactive applications. While interoperable with existing large e-Infrastructures like EGEE, i2g software supports execution of parallel applications in interactive...
Article
Full-text available
Security on Grid computing is often an afterthought. However assessing security of middleware systems is of the utmost importance because they manage critical resources owned by different organizations. To fulfill this objective we use First Principles Vulnerability Assessment (FPVA), an innovative analystic-centric (manual) methodology that goes b...
Conference Paper
Workflow applications exhibit both high computation times and data transfer rates. For this reason, the completion time of the workflow is high. To reduce completion time, the tasks of a workflow ought to run on different machines interconnected by a network. Correct assignment of tasks to machines within the runtime environment is an important asp...
Conference Paper
Nowadays distributed applications, including MPI implementations, are executed on computer clusters managed by a batch queue system. Users take advantage of monitoring tools to detect run-time problems on their applications running on those environments. But it is a challenge to use monitoring tools on a cluster controlled by a batch queue system....
Conference Paper
Full-text available
Computational science increasingly relies on the execution of workflows in distributed networks to solve complex applications. However, the heterogeneity of resources in these environments complicates resource management and the scheduling of such applications. Sophisticated scheduling policies are being developed for workflows, but they have had l...
Article
Full-text available
Workflow applications running on distributed environments are a promising solution for resource and computing intensive problems. However, the heterogeneity of resources in these kind of environments may turn scheduling of such applications into a complicated enterprise. Although there is research in sophisticated scheduling policies for workflows...
Conference Paper
A fundamental problem in large scale Grids is the need for efficient and scalable techniques for resource discovery and scheduling. In traditional resource scheduling systems a single scheduler handles information about all computing resources and schedules jobs. This centralized approach has a serious scalability problem, since it introduces a bot...
Conference Paper
Full-text available
Clouds and Grids offer significant challenges to providing secure infrastructure software. As part of a our effort to secure such middleware, we present First Principles Vulnerability Assessment (FPVA), a new analyst-centric (manual) technique that aims to focus the analyst's attention on the parts of the software system and its resources that are...
Chapter
The CrossBroker is a Grid Resource Management System that provides transparent and reliable support for the execution of parallel and interactive applications on a Grid environment. In this chapter, we outline the architecture of our system and describe the key mechanisms responsible for an efficient and reliable execution of parallel and interacti...
Chapter
Full-text available
In this chapter we describe the Interactive European Grid project approach to handling interactive grid applications. Interactivity is an important feature that gives users the possibility to interact with applications in a natural way, giving the possibility to change parameters while the application is running. There are only few initiatives that...
Article
Execution of parallel and interactive applications on a Grid environment is a challenging problem that requires the cooperation of several middleware tools and services. In this paper, we present our experiences in the development of Cross-Broker, a job management service that provides transparent and reliable support for such types of applications...
Article
Full-text available
The int.eu.grid project aims at providing a production quality grid computing infrastructure for e-Science supporting parallel and interactive applications. The infrastructure capacity is presently about 750 cpu cores distributed over twelve sites in seven countries. These resources have to be tightly coordinated to match the requirements of parall...
Conference Paper
Resource Allocation in Grid environments to date is generally carried out under the assumption that there is one primary scheduling system scheduling jobs. However, as environments tend towards larger open “utility” Grids it becomes increasingly likely that deployments will involve multiple independent schedulers allocating jobs over the same resou...
Article
Full-text available
Scheduling is an important factor for the efficient executionof computational workflows on Grid environments. A large number of static scheduling heuristics has been presented in the literature. These algorithms allocate tasks before job execution starts and assume a precise knowledge of timing information, which may be difficult to obtain in gener...
Conference Paper
Full-text available
One of the main goals of the CrossGrid Project [1] is to provide explicit support to parallel and interactive compute- and data- intensive applications. The CrossBroker job manager provides services as part of the CrossGrid middleware and allows execution of parallel MPI applications on Grid resources in a transparent and automatic way. This docume...
Conference Paper
Scheduling is an important factor for the efficient execution of computational workflows on grid environments. A large number of static scheduling heuristics has been presented in the literature. These algorithms allocate tasks before job execution starts and assume a precise knowledge of timing information, which may be difficult to obtain in gene...
Article
Full-text available
Most recent grid middleware technologies have been aimed at the execution of sequential batch jobs. However, some users require interactive access when running jobs on grid sites. Execution of these applications on a grid environment is a challenging problem that requires the cooperation of several middleware tools and services. Additional problems...
Conference Paper
Full-text available
Grid systems offer high computing capabilities that are used in many scientific research fields and thus many applications are submitted to these powerful systems. Parallel applications and applications consisting of inter-dependent jobs may especially be characterized by a complex workflow. Therefore, Grid systems should be capable of executing an...
Conference Paper
The International Testbed of the CrossGrid Project has been in operation for the last three years, including 16 sites in 9 countries across Europe. The main achievements in installation and operation are described, and also the substantial experience gained on providing support to application and middleware developers in the project. Results are pr...
Article
We investigate the problem arising in scheduling parallel applications that follow a master–worker paradigm in order to maximize both resource efficiency and application performance. Based on the results obtained in a previous simulation study, we have derived a self-adjusting strategy that can be used to dynamically adjust the number of processors...
Chapter
Full-text available
The CrossGrid project is developing new grid middleware components, tools and applications with a special focus on parallel and interactive computing. In order to support the development effort and provide a test infrastructure, an international grid testbed has been deployed across 9 countries. Through the deployment of the testbed and its support...
Conference Paper
Full-text available
One of the goals of the EU CrossGrid project is to provide a basis for supporting the efficient execution of parallel and interactive applications on Grid environments. CrossGrid jobs typically consist of computationally intensive simulations that are often programmed using a parallel programming model and a parallel programming library (MPI). This...
Article
Full-text available
El concepto de Grid ha surgido en los últimos años para denominar un conjunto de recursos computacionales heterog El concepto de Grid ha surgido en los últimos años para denominar un conjunto de recursos computacionales heterogéneos distribuidos pertenecientes a distintas organizaciones. El principal objetivo del proyecto europeo CrossGrid en el cu...
Conference Paper
This paper presents the approach being followed to implement scheduling components that are integrated as part of the EU CrossGrid project. The purpose of these components is to provide a basis for supporting the efficient execution of distributed interactive applications on Grid environments. When a user submits a job, the scheduling services sear...
Conference Paper
Strategies for scheduling parallel applications on a distributed system must trade-off processor application speed-up and resource efficiency. Most existing strategies focus mainly on achieving high application speed-up without taking into account the efficiency factor. This paper presents our experiences with a self-adaptive scheduling strategy th...
Article
Full-text available
* . We investigate the problem arising in scheduling parallel applications that follow a master-worker paradigm in order to maximize both the resource efficiency and the application performance. We propose a simple scheduling strategy that dynamically measures application execution time and uses these measurements to automatically adjust the number...
Article
Full-text available
* . We address the problem of how many workers should be allocated for executing a distributed application that follows the master-worker paradigm, and how to assign tasks to workers in order to maximize resource efficiency and minimize application execution time. We propose a simple but effective scheduling strategy that dynamically measures the e...
Conference Paper
We investigate the scheduling problem that arises in parallel applications executing on a network of machines by using a mode of cycle-stealing. In this mode of execution a parallel application executes its tasks in several machines whenever they are idle. When the user reclaims the machine, tasks must relinquish control immediately. In this case,...
Conference Paper
Full-text available
We address the problem of how many workers should be allocated for executing a distributed application that follows the master-worker paradigm, and how to assign tasks to workers in order to maximize resource efficiency and minimize application execution time. We propose a simple but effective scheduling strategy that dynamically measures the execu...
Conference Paper
Full-text available
We investigate the problem arising in scheduling parallel applications that follow a master -worker paradigm in order to maximize both the resource efficiency and the application performance. We propose a simple scheduling strategy that dynamically measures application execution time and uses these measurements to automatically adjust the number of...
Article
Introduction The properties an application programmer demands from a computer system are basically: fast and easy development of programs, reliable execution, help for error debugging, easy portability and fast execution either with present and with upcoming computers. Parallel computers are not an exception. Nowadays, they look like very much earl...
Conference Paper
Full-text available
Processor and network management have a great impact on the performance of distributed memory parallel computers. Dynamic process migration allows load balancing and communication balancing at execution time. Managing the communications involving the migrating process is one of the problems that dynamic process migration implies. To study this prob...
Conference Paper
Full-text available
If parallel computers have to become general purpose tools, it is necessary to develop services that make transparent its internal characteristics and make parallel programming easier. Trying to fulfil this goal and to have a platform for the test and evaluation of mechanisms for a parallel architecture, a microkernel called TransCom has been desig...
Article
Despite the availability of parallel computing from the last two decades, there is little use of these systems in production-level environments. One of the factors most commonly blamed for the slow transition to parallelism is the lack of software support. While in serial programming the performance depends basically on the algorithm designed by th...
Article
Execution of interactive applications on a Grid environment is a challenging problem that requires the cooperation of several middleware tools and services. In this chapter, we present the experience carried out in the CrossGrid project to provide transparent and reliable support for such types of application. Our solution is based on the notion of...
Article
Full-text available
One of the goals of the EU CrossGrid project is to provide a basis for supporting the efficient execution of parallel and interactive applications on Grid environments. CrossGrid jobs typically consist of computationally intensive simulations that are often programmed using a parallel programming model and a parallel programming library (MPI). This...
Article
Full-text available
RESUM DE L'EXPERIÈNCIA El projecte desenvolupat consisteix en una eina que ajuda a que els professors deixin de banda el paper de relator-dictador d'apunts i es transformin en tutors-formadors que exerceixin de guia en l'aprenentatge de l'estudiant. Aquesta orientació suposa el replantejament dels continguts de les assignatures i la seva reestructu...

Citations

... The Home Depot data breach in 2014 exposed 56 million credit and debit cards information [5]. The Equifax data breach affected approximately 147 million individuals in 2017 [6]. These attacks and research suggest that these vulnerabilities may lead to data loss, financial losses, and in some cases even death. ...
... One possible technique for blackbox tests of industrial device is blackbox fuzzing. Even though classic fuzzing has been introduced in the 1980s, it is still relevant and helps to find vulnerabilities (Miller et al., 2020). For blackbox network fuzzing, one usually tests several expected or unexpected values for the different fields of a network packet. ...
... As a result, ensuring the security and privacy of data generated from a large number of IoT devices positioned on the vessels is important. The marine industry, for example, has been subjected to several cyberattacks [9]. GPS jamming, cargo system manipulation, and ransomware attacks are among the recent cyber security concerns in this sector. ...
... The main goal of this research is to develop a dashboard that supports the needs of security analysts that operate as a managed security service provider (MSSP) and run vulnerability assessments as part of their services [1]. Our work in progress study design included (1) exploratory interviews to understand security analyst workflows and regular tasks, ...
... Further, the reusability of code also creates a challenge if security is not considered while coding. Column 2 of Tab. 3 list down the security issues that are usually faced during the coding phase while best practices of secure coding are listed in Column 3 of Tab. 3 [28,33,[62][63][64][65][66][67][68][69][70] +Buffer overflow +Perform secure coding by following a secure coding checklist and practices. +Modules classification +Code injection flaw +Follow OWASP secure coding practices and checklists. ...
... In addition, we have recently assessed the software used to control about half of the world's container shipping ports [12], finding and helping to fix major software vulnerabilities that would have allowed an attacker to cause great harm. In addition, we used these experiences to help evaluate the effectiveness of software analysis tools [13]. ...
... Secure smart home environments � � � � Frydman et al. [55] Using DFD, an automated security expert consultant was provided. In the proposed method, risk ranking was presented. ...
... Currently several data management solutions have emerged, which try to deal with the increasing requirements of user applications in terms of large scale data processing, several of which were addressing the needs of the scientific Grid computing infrastructures [10,11,13]. ...
... , an add-on to Condor developed at the University of Wisconsin that expands and improves the efficiency of data managing for the condor_q and condor_history query utilities by storing the required information in a central relational database. CrossBroker [6], a resource management system for scheduling parallel and interactive applications. ...
... Regardless of their popularity with large enterprises, VAPT techniques are reported to be of little practical application in SMEs because of their small IT infrastructure and limited technical skills [17]. The conditions under which VAPT is performed, and the expertise required, reduce the possibilities of SMEs using these techniques to evaluate Cloud BI applications [30,31]. VAPT requires SMEs to utilise scanners to identify and analyse different security weaknesses in the enterprise IS devices and software owned by CSPs to ascertain the effectiveness of countermeasures [32]. ...