OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...The Linux Foundation
Safety certification is one of the essential requirements for software to be used in highly regulated industries. The Xen Project, a secure and stable hypervisor that is used in many different markets, has been exploring the feasibility of building safety certified products on top of Xen for a year, looking at key aspects of its code base and development practices.
In this session, we will lay out the motivation and challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the project has followed thus far and highlight lessons learned along the way. The talk will cover technical enablers, necessary process and tooling changes and community challenges offering an in-depth review of how Xen Project is approaching this exciting and and challenging goal.
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...The Linux Foundation
Safety certification is one of the essential requirements for software to be used in highly regulated industries. The Xen Project, a secure and stable hypervisor that is used in many different markets, has been exploring the feasibility of building safety certified products on top of Xen for a year, looking at key aspects of its code base and development practices.
In this session, we will lay out the motivation and challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the project has followed thus far and highlight lessons learned along the way. The talk will cover technical enablers, necessary process and tooling changes and community challenges offering an in-depth review of how Xen Project is approaching this exciting and and challenging goal.
Outlines the objectives and scope for the NFV ISG in the next phase of work. http://www.cablelabs.com/etsi-nfv-industry-specification-group-publishes-second-release-of-documents/
Many projects start out with the intention of staying single license FOSS projects. As your project grows, reality hits: some components or files may need to use different licenses than originally anticipated. There are many reasons why this can happen: you may need to interface with projects of another license, you may want to import code from other projects or your developers may not understand the subtleties of the licenses in use. Besides the obvious challenges of managing mixed license FOSS projects, such as license compatibility and tracking what licenses you use, you are running the risk of exposing your project to unintended consequences.
This talk will explore unintended consequences, risks and best practices using some examples from the recent history of the Xen Project. In particular we will cover:
Refactoring can lead to licensing changes: best practices and unintended consequences when importing code from elsewhere.
Making code archeology easy from a licensing perspective and why it is important.
A worked example of a license change of a key component: process, pain points, their causes and how they could have been avoided
The perils of LGPL/GPL vX (or Later): the unintended consequences of not providing pre-defined copyright headers in your source base
We will conclude with a summary of lessons and best practices from both the Xen Project and a quick overview of how usage of SPDX and other tools may help you.
Outlines the objectives and scope for the NFV ISG in the next phase of work. http://www.cablelabs.com/etsi-nfv-industry-specification-group-publishes-second-release-of-documents/
Many projects start out with the intention of staying single license FOSS projects. As your project grows, reality hits: some components or files may need to use different licenses than originally anticipated. There are many reasons why this can happen: you may need to interface with projects of another license, you may want to import code from other projects or your developers may not understand the subtleties of the licenses in use. Besides the obvious challenges of managing mixed license FOSS projects, such as license compatibility and tracking what licenses you use, you are running the risk of exposing your project to unintended consequences.
This talk will explore unintended consequences, risks and best practices using some examples from the recent history of the Xen Project. In particular we will cover:
Refactoring can lead to licensing changes: best practices and unintended consequences when importing code from elsewhere.
Making code archeology easy from a licensing perspective and why it is important.
A worked example of a license change of a key component: process, pain points, their causes and how they could have been avoided
The perils of LGPL/GPL vX (or Later): the unintended consequences of not providing pre-defined copyright headers in your source base
We will conclude with a summary of lessons and best practices from both the Xen Project and a quick overview of how usage of SPDX and other tools may help you.
These slides address the concerns that the Telecom industry has over IMS, the spread of OTTs, the importance of interoperability, and the search for the Telecom network standards of the future. It answers such questions as, "Do we need to simplify IMS?", "Do we need standards?", "Why is IMS so complicated?", "What do we mean by a 'seamless experience'?", and many more.
With billions of things connecting in the Internet of Things, the extensive footprint, reliability, security and proven performance of cellular networks is the ideal platform for growth. With Ericsson software enhancements, it just got better.
I have Over 8+ years of experience as a DevOps Engineer. I came across an interesting position of DevOps Engineering position on your Linked post. Constantly updating my skill set, I am proficient in DevOps Tools like Git, Jenkins Pipeline Automation, AWS, Chef, Ansible, Kubernetes, Terraform, Docker, Shell Scripting,ELK, Jfrog and Prometheus.
1. Purnima Vishwabrahma
E-mail: purnima.vb@gmail.com
Phone: +1 309 660 1987
Professional Summary
• 9+ years of professional experience involving in design, development, testing and maintenance of system and
telecom application software.
• Experience in troubleshooting and software development for agile methodology.
• Experience in quality assurance for reviewing code deliverables as an active member in Technical Control
Board.
• Experience in developing client/server applications using programming languages like C++, STL and Adaptive
Communication Environment (ACE) wrappers.
• Good experience in Socket Programming, Multithreading and Process Synchronization.
• Exposure in using tools like windows debugger (WinDbg), FileMon, RegMon, Sysmon tools and Valgrind,
GDB debugging tools in Linux.
• Ability and experience in managing Configuration Management Tools such as Rational clear case
• A team player with excellent communication, mentoring skills and also self-motivated to implement next-
generation paradigms.
• Specialized knowledge in domains such as Telecom billing applications.
• Good organizational, analytical and problem solving skills combined with very good communication and
interpersonal skills.
• Proven ability to work on multiple projects with high aggressive deadlines
• Ability to quickly adapt to new concepts and technologies
Education Details
BTech in Computer Science
Engineering
Jawaharlal Nehru
Technological University
2000 to 2004
Intermediate (MPC) Atomic Energy Junior College 1998 to 2000
CBSE (10th
class) Atomic Energy Central School 1998
Employment Details
Tata Consultancy Services Assistant Consultant Feb 2007 to Aug 2015
Valyd, Inc Software Engineer Sept 2005 to Feb 2007
Electronics Corporation of
India Ltd
Graduate Engineer Apprentice Oct 2004 to Sept 2005
Technical Proficiency
• Operating Systems: Unix, RedHat Linux7.2/9.0, Solaris 9.0, LYNX, Windows NT Server 4.0, Windows
2000/XP & Windows Server 2003
• Languages: C, C++
Page 1 of 5
2. • Scripting: Unix Shell Scripting
• Tools & Utilities: Ericsson proprietary tool-WinFiol, Coverity tool, Windbg, LeakDiag, Standard Template
Library (STL), Adaptive Communication Environment (ACE) wrapper, GDB, and Valgrind.
• IDE: Eclipse, Vim, and Vi.
• Version Controllers: Rational Clear case 3.2.1, Rational Purify
• Protocols: TCP/IP
Professional Experience
1. Adjunct Processor Group APG43L June 2012 – Aug 2015
Ericsson
The Adjunct Processor Group 43 (APG43L) is the high capacity IO system for AXE exchanges. It is a next
generation IO system for AXE. Implemented on open-standard processors and integrated as a subsystem of AXE.
The hardware is based on GEM Architecture (Shelf with Blades) for achieving the lease signature for a field
replaceable unit. This is based on the Linux operating system and a high available middleware solution based on
OpenSAF. APG43L is a platform for operations & Maintenance communication applications and secure data
storage in fixed and mobile telecommunications networks. It receives the billing data from AXE switch (CP) and
manipulates the customer bills. It has been located in many BSC, MSC of the entire world.
The project involves porting existing APG43 software from Windows 2003 server to architecture based on Linux
which uses LOTC, and Common Component based architecture (OpenSaf).
Roles and Responsibilities
• Involved in Requirements gathering.
• Designed TCP IP client and Server application in order to provide communication.
• As a Scrum master for multiple subsystems (MCS, AES, FMS).
• As a designer for new objects:
Involving in requirement analysis and preparing the implementation proposals for new objects.
Involving in coding and unit testing.
Building the packages using block based Upgrade Package.
Handling Clear Case activities.
• As a troubleshooter in maintenance:
Analyzing the trouble report which has been reported at any site through out the world
Try to reproduce the fault in testing labs or in simulated environment.
Analyzing the logs to find out the root cause of the problem.
Fixing the problem and performing the unit testing and regression tests in the lab.
Environment / Software Used
C, C++, RedHat Linux 7.2, GDB, Valgrind, telnet, Winfiol, Clear case tools, Virtual machines, Eclipse, ACE
Framework, ACE Reactor Frame work, ACE multi threading and Event Handling
2. Adjunct Processor Group Blade Cluster (APG43) Jul 2008 – Jun 2012
Ericsson
APG43 Blade Cluster is the project, which is an upgrade of APG40 and APG43 projects in order to provide better
performance. Blade Cluster is used to provide a linear scalability and capacity, improve the system for better ISP
(In Service Performance).
Page 2 of 5
3. MSC-S Blade Cluster (MSC-S BC) as an application of AXE Blade Cluster concept includes, on the highest level
the following elements:
• MSC/TSC Blades.
• The Signaling Proxy (SPX).
• I/O System
• Cluster Handler
The nodes share a common I/O system based on a number of APGs.
The Cluster system is housed in the Integrated Site (IS) infrastructure. That infrastructure is housed in an eGEM
subrack.
Roles and Responsibilities
• As a designer for new objects
Involving in requirement analysis and preparing the implementation proposals for new objects.
Involving in coding and unit testing.
Building the packages using install shield.
Handling Clear Case activities.
Uploading the all build packages in the GASK.
• As a troubleshooter in maintenance:
Analyzing the trouble report which has been reported at any site through out the world
Try to reproduce the fault in testing labs or in simulated environment.
Analyzing the logs to find out the root cause of the problem.
Fixing the problem and performing the unit testing and regression tests in the lab.
Environment / Software Used
C, C++, WIN 32 API, VC++, AP SDK, Cluster SDK, Windows NT, Window 2000,Windows 2003, telnet, Winfiol,
PcAnyWhere, Windows Debugger, Clear case tools
3. Adjunct Processor Group (APG40) Sep 2005 - Jul 2008
Ericsson
The Adjunct Processor Group 40 (APG40) is the high capacity IO system for AXE exchanges. Implemented on
open-standard processors and integrated as a subsystem of AXE. APG40 is platform for operations & Maintenance
communication applications and secure data storage in fixed and mobile telecommunications networks
It receives the billing data from AXE switch (CP) and manipulates the customer bills. It has been located in many
BSC, MSC of the entire world. It was based on clustering technology by using Microsoft Cluster Server (MSCS) to
achieve the higher availability of the system. Services there by enabling customizable solutions.
Roles and Responsibilities
Involved in Requirements gathering.
Designed TCP IP client and Server application in order to provide communication
I have been involving in multiple responsibilities:
• As a designer for new objects:
Involving in requirement analysis and preparing the implementation proposals for new objects.
Involving in coding and unit testing.
Page 3 of 5
4. Building the packages using install shield.
Handling Clear Case activities.
• As a troubleshooter in maintenance:
Analyzing the trouble report which has been reported at any site through out the world
Try to reproduce the fault in testing labs or in simulated environment.
Analyzing the logs to find out the root cause of the problem.
Fixing the problem and performing the unit testing and regression tests in the lab.
Environment / Software Used
C, C++, WIN 32 API, VC++, AP SDK, Cluster SDK, Windows NT, Window 2000,Windows 2003, telnet, Winfiol,
PcAnyWhere, Windows Debugger, Clear case tools
4. Linux Secure File System (SecureFS) Sept 2005 – Feb 2007
Valyd Inc.
To satisfy the increasing requirements for protecting the critical information stored in files in an Enterprise, Valyd’s
KeepSecure product focuses on securing the files against attacks from both external hackers and internal sources.
Valyd has therefore developed a robust solution for selectively encrypting critical files, called Valyd-KeepSecure
for File System (SecureFS). SecureFS enables organizations to protect their most critical files in the Enterprise. It
enables users to encrypt just the critical files leaving non-critical files unencrypted. It includes a unique policy
enforcement application to selectively apply this additional and important layer of security in the most efficient
manner.
A highly secure key management schema can be implemented either through software only, or by way of a
combined software-hardware approach using complementary hardware products from Valyd partners (SafeNet,
nCipher).
Valyd-KeepSecure for File System comprises of Valyd-KeepSecure Console and a File System Adapter. The
console is used to manage files/folders to be encrypted and File System Adapter is deployed in the host machine.
KeepSecure console is used to perform the initial configuration settings and existing file data conversion from clear
to cipher. File System Adapter is used to enforce security policy and on the fly encryption/decryption of the files.
Key Features
• Selective critical files encryption out of a large number of files.
• Transparent to applications.
• Separation of duties between the file system administrators and file system users.
• Secure and pluggable key management. Choice available between the software and hardware key
management.
Valyd-KeepSecure for File System integrated with applications gives the end users a flexible option to protect the
data either at application level or at file level and also support the leading cryptographic algorithms like AES, DES,
3DES, BLOWFISH and TWOFISH for protecting the sensitive data.
Roles and Responsibilities
• Creating an encrypted file system SecureFS in Linux, which encrypts the files when mounted.
• Creating roles and assigning users, groups, applications and actions (create, read, write, rename and delete)
each action in turn having grants of permit or deny.
• Setting a file as secured object by assigning a role to it. This helps in giving permissions to a user for opening
the file in an encrypted / decrypted form in read only or read-write using a particular application renames a file
Page 4 of 5
5. or delete.
• Integrated with the Valyd Keep Secure Console through which the host machine gets connected.
5. Brahmos Security Module Oct 2004 – Sept 2005
Defence Research and Development Laboratory (DRDL)
MCP (Mobile Command Post)
Mobile Command Post (MCP) acts as nerve center for Shore based WCx, which is base on C4I Concept. It
accomplishes tasks like Track Fusion, Target Identification, Type of Target Identification, Group Target
Identification, Threat Evaluation, Threat Prioritization, Target and Weapon Assignment / Cancellation / Re-
Assignment. It communicates to different stations using VSAT, INMARSAT, VHF MAL FH-TDMA and Modem
Communication. Data Send from are Encrypted and received are Decrypted.
MPCU (Multi Protocol Control Unit)
Multi protocol Control Unit (MPCU) is an interface between communication equipments of MCP / FCC Eqpt and
FCS computer in MAL. MPCU communicates with MCP using FHTDMA, INMARSAT and Modem. MPCU
communicates with FCC Eqpt through SATCOM, INMARSAT. Communication between MPCU and FCS
Computer in MAL is through Ethernet (UDP). MPCU Decrypts the Received Message from FCC Eqpt / MCP
verifies the digital signature and sends to FCS. And if the Message is for itself process it. Message Received from
FCS are added Digital Signature, Encrypt the Message and Send to FCC Eqpt / MCP.
FCC (Fixed Control Center)
FCC Equipment is an interface between Fixed Control Center (FCC) and MCP, which is based on C4I Concept.
FCC Equipment is the Headquarters of operational command. Its function is to plan, co-ordinate and control all
offensive and defensive warfare using different types of weapon systems available on various platforms under its
command. It can have more than one Weapon Complex under its control. FCC Equipment performs tasks that are
similar to MCP, in addition it sends mode of operation, target assignment/ reassignment / cancellation (in
centralized mode) and other critical information (received from FCC) to MCP.
Roles and Responsibilities
• Key Management
• Encryption and Decryption of the Messages with Symmetric and Asymmetric Algorithms
• Signature Generation and Verification
• Member of the Team in Preparation of SDD (Software Design Document).
• Member of the Team in Preparation of SCD (Software Code Description).
• Unit Test cases for Communication and Security Modules.
Page 5 of 5
6. or delete.
• Integrated with the Valyd Keep Secure Console through which the host machine gets connected.
5. Brahmos Security Module Oct 2004 – Sept 2005
Defence Research and Development Laboratory (DRDL)
MCP (Mobile Command Post)
Mobile Command Post (MCP) acts as nerve center for Shore based WCx, which is base on C4I Concept. It
accomplishes tasks like Track Fusion, Target Identification, Type of Target Identification, Group Target
Identification, Threat Evaluation, Threat Prioritization, Target and Weapon Assignment / Cancellation / Re-
Assignment. It communicates to different stations using VSAT, INMARSAT, VHF MAL FH-TDMA and Modem
Communication. Data Send from are Encrypted and received are Decrypted.
MPCU (Multi Protocol Control Unit)
Multi protocol Control Unit (MPCU) is an interface between communication equipments of MCP / FCC Eqpt and
FCS computer in MAL. MPCU communicates with MCP using FHTDMA, INMARSAT and Modem. MPCU
communicates with FCC Eqpt through SATCOM, INMARSAT. Communication between MPCU and FCS
Computer in MAL is through Ethernet (UDP). MPCU Decrypts the Received Message from FCC Eqpt / MCP
verifies the digital signature and sends to FCS. And if the Message is for itself process it. Message Received from
FCS are added Digital Signature, Encrypt the Message and Send to FCC Eqpt / MCP.
FCC (Fixed Control Center)
FCC Equipment is an interface between Fixed Control Center (FCC) and MCP, which is based on C4I Concept.
FCC Equipment is the Headquarters of operational command. Its function is to plan, co-ordinate and control all
offensive and defensive warfare using different types of weapon systems available on various platforms under its
command. It can have more than one Weapon Complex under its control. FCC Equipment performs tasks that are
similar to MCP, in addition it sends mode of operation, target assignment/ reassignment / cancellation (in
centralized mode) and other critical information (received from FCC) to MCP.
Roles and Responsibilities
• Key Management
• Encryption and Decryption of the Messages with Symmetric and Asymmetric Algorithms
• Signature Generation and Verification
• Member of the Team in Preparation of SDD (Software Design Document).
• Member of the Team in Preparation of SCD (Software Code Description).
• Unit Test cases for Communication and Security Modules.
Page 5 of 5
