What are the software safety and security standards that software developers in the automotive industry need to meet? How can safe, secure code be developed in accordance with the industry norms like ISO 26262, ISO 21434, and SOTIF? Experts specialized in the automotive industry will answer all your questions in this webinar dedicated to automotive software safety and security.
1. Latest safety and security standards for automotive software (ISO 26262, ISO 21434, and SOTIF) and how they impact software developers' work - Amin Amini, CertX
2. How to implement coding best practices to ensure the highest levels of safety & security in software in autonomous vehicles - Arnaud Telinge, EasyMile
3. How can code analysis tools be leveraged to help reach ISO 26262 and ISO 21434 demands more efficiently - Fabrice Derepas, TrustInSoft
Learn what formal methods are and how they make developing bug-free, impenetrable source code a possibility in this webinar by TrustInSoft, the leading provider of formal methods-based code analysis tools.
Splitting The Check On Compliance and SecurityNew Relic
Often times, developers and auditors can be at odds. The agile, fast-moving environments that developers enjoy will typically give auditors heartburn. The more controlled and stable environments that auditors prefer to demonstrate and maintain compliance are traditionally not friendly to developers or innovation. We'll walk through how Netflix moved its PCI and SOX environments to the cloud and how we were able to leverage the benefits of the cloud and agile development to satisfy both auditors and developers.
Shifting the conversation from active interception to proactive neutralization Rogue Wave Software
When did we forget that old saying, “prevention is the best medicine”, when it comes to cybersecurity? The current focus on mitigating real-time attacks and creating stronger defensive networks has overshadowed the many ways to prevent attacks right at the source – where security management has the biggest impact. Source code is where it all begins and where attack mitigation is the most effective.
In this webinar we’ll discuss methods of proactive threat assessment and mitigation that organizations use to advance cybersecurity goals today. From using static analysis to detect vulnerabilities as early as possible, to managing supply chain security through standards compliance, to scanning for and understanding potential risks in open source, these methods shift attack mitigation efforts left to simplify fixes and enable more cost-effective solutions.
Webinar recording: http://www.roguewave.com/events/on-demand-webinars/shifting-the-conversation-from-active-interception
Proving the Security of Low-Level Software Components & TEEsAshley Zupkus
Learn how it is possible to prove low-level software component and TEE security, as well as the Goodix driver example demoed in the webinar.
Check out the webinar replay here: https://www.youtube.com/watch?v=nG3DlejBd3k
Visit our website trust-in-soft.com for more information!
Learn what formal methods are and how they make developing bug-free, impenetrable source code a possibility in this webinar by TrustInSoft, the leading provider of formal methods-based code analysis tools.
Splitting The Check On Compliance and SecurityNew Relic
Often times, developers and auditors can be at odds. The agile, fast-moving environments that developers enjoy will typically give auditors heartburn. The more controlled and stable environments that auditors prefer to demonstrate and maintain compliance are traditionally not friendly to developers or innovation. We'll walk through how Netflix moved its PCI and SOX environments to the cloud and how we were able to leverage the benefits of the cloud and agile development to satisfy both auditors and developers.
Shifting the conversation from active interception to proactive neutralization Rogue Wave Software
When did we forget that old saying, “prevention is the best medicine”, when it comes to cybersecurity? The current focus on mitigating real-time attacks and creating stronger defensive networks has overshadowed the many ways to prevent attacks right at the source – where security management has the biggest impact. Source code is where it all begins and where attack mitigation is the most effective.
In this webinar we’ll discuss methods of proactive threat assessment and mitigation that organizations use to advance cybersecurity goals today. From using static analysis to detect vulnerabilities as early as possible, to managing supply chain security through standards compliance, to scanning for and understanding potential risks in open source, these methods shift attack mitigation efforts left to simplify fixes and enable more cost-effective solutions.
Webinar recording: http://www.roguewave.com/events/on-demand-webinars/shifting-the-conversation-from-active-interception
Proving the Security of Low-Level Software Components & TEEsAshley Zupkus
Learn how it is possible to prove low-level software component and TEE security, as well as the Goodix driver example demoed in the webinar.
Check out the webinar replay here: https://www.youtube.com/watch?v=nG3DlejBd3k
Visit our website trust-in-soft.com for more information!
Application Security in a DevOps World: Three Methods for Shifting Left Operations has always resided clearly outside of development. Release candidates are tossed over the fence by development and operations was expected to “just make it work.” The same can be said about many other activities, including application security. This isn’t intended to be derision aimed at development—it’s just a feature of how processes have historically been demarcated. But with the emergence of the DevOps movement, organizations are beginning to apply the “shift-left” principle associated with early testing toward other facets of application development. Security, which has been treated as something you can test into an application, should be built into an application according to DevOps principles. In this presentation, we discuss how to get development and operations working together to build security into the application. We’ll outline three methods and discuss their merits and drawbacks:
• Penetration testing: This is the approach most commonly used.
• Hybrid testing: By applying flow (dynamic analysis) early in the process, you can that look for possible paths through the code that lead to security flaws.
• Preventative testing: By taking a standards-based approach and implementing a set of activities that target defects that lead to security vulnerabilities, you are able to get ahead of security issues that diminish the effectiveness of DevOps approaches.
Norse Live Attack Map http://map.ipviking.com/
8,000,000 sensors in 200 data centers in 50 countries – designed to look like everything
The top 5,000,000 worst IPs on the internet
"There are very rarely attacks against Canada, for whatever reason. I guess they're just too nice."
See also http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&list=0&time=16447&view=map for DDOS live
'Acceptance Test Driven Development Using Robot Framework' by Pekka Klarch & ...TEST Huddle
Acceptance test driven development (ATDD) is an important agile practice merging requirement gathering with acceptance testing. In its core are concrete examples, created together with the team, that provide collaborative understanding and, as automated acceptance tests, make sure that the features are implemented correctly. There are many ways to create ATDD examples/tests, and the behavior driven development (BDD) style with Given-When-Then format is one of the more popular ones.
Robot Framework is an open source test automation framework suitable for ATDD and acceptance testing in general. It has a flexible test data syntax that supports keyword-driven, data-driven, and BDD styles, but is still simple enough so that also non-programmers can create and understand test cases. The simple test library API makes extending the framework easy, and there are several ready made libraries that allow testing generic interfaces such as web, databases, Swing, SWT, Windows GUIs, Flex, and SSH out-of-the-box.
This presentation gives an introduction both to ATDD and Robot Framework. It contains different demonstrations and
all the material will be freely available after the presentation.
This session will give an overview of Static Code Analysis, its impact on the SDLC, its benefits and problems, the various automated tools used, and a demonstration of the code analysis of a Javascript web application using Sonarqube.
Driving Risks Out of Embedded Automotive SoftwareParasoft
Automobiles are becoming the ultimate mobile computer. Popular models have as many as 100 Electronic Control Units (ECUs), while high-end models push 200 ECUs. Those processors run hundreds of millions of lines of code written by the OEMs’ teams and external contractors—often for black-box assemblies. Modern cars also have increasingly sophisticated high-bandwidth internal networks and unprecedented external connectivity. Considering that no code is 100% error-free, these factors point to an unprecedented need to manage the risks of failure—including protecting life and property, avoiding costly recalls, and reducing the risk of ruinous lawsuits.
Key Findings from the 2019 State of DevOps ReportPuppet
Learn how to make security work in your DevOps practice.
We already know that advanced DevOps companies release software faster, with fewer errors. Did you know they also have the best security? (To be fair, we didn’t either until we got the analysis back from our 8th annual State of DevOps survey.)
In this webinar, the authors of the 2019 State of DevOps Report will walk you through the most important things they learned about how organizations are successfully integrating security into their DevOps practices — and the results they’re seeing.
We hope you’ll join us at this APAC timezone webinar on Wednesday, 23 October 2019 at 11 a.m. SGT | 2 p.m. AEST where you can expect to learn:
Which DevOps practices are most important for improving your security posture.
How security integration affects everything from your ability to deploy on demand to the time it takes to remediate vulnerabilities.
What to expect as you integrate security into the software delivery lifecycle. (Hint: It’s not all sunshine and rainbows.)
Webinar presenters and 2019 State of DevOps Report authors: Alanna Brown and Nigel Kersten of Puppet, Andi Mann of Splunk, and Michael Stahnke of CircleCI
Top Ten things that have been proven to effect software reliabilityAnn Marie Neufelder
There are many myths about what causes reliable or unreliable software. However, this presentation shows the facts based on real data from real projects.
Four things that are almost guaranteed to reduce the reliability of a softwa...Ann Marie Neufelder
Distressed software projects typically have at least one of the 4 risks shown in the presentation. Avoiding these 4 things is the first step in ensuring software reliability.
Deploy + Destroy Complete Test EnvironmentsParasoft
This presentation, given at STAREAST in May 2016, explains how Service Virtualization, Containers, and Cloud help organizations test applications on their own terms.
Embedded software engineering has become a much bigger and more complex domain than we could have imagined. As devices are expected to communicate with other devices and embedded subsystems, a much larger surface area has emerged for defects that threaten the safety, security, and reliability of the software. For example, the connected car not only introduces software safety and security concerns within the car as a system, interactions with environmental components, such as communicating with 'smart traffic lights' and vehicle-to-vehicle communication, potentially expose additional risk. Additionally, as car makers develop and merge functionality into 'the autopilot' mode, driver-assist technologies have become safety-critical technologies.
Embedded software organizations have always taken a 'shift-left' approach to software quality, rigorously applying defect prevention techniques early in the lifecycle. The demand for IoT requires a new testing paradigm that more closely resembles the challenges that Enterprise IT have faced for decades. As enterprise IT struggles to 'shift-left', embedded systems are struggling to 'shift-right' by testing more componentized and distributed architectures.
A recent regulation approved by the European Parliament laid out the requirements for type approvals of motor vehicles on their safety aspects calls for the introduction of these new safety features as a prerequisite. As such, the need for an internationally recognized standard for safety critical systems becomes more crucial to measure how safe a system is.
Application Security in a DevOps World: Three Methods for Shifting Left Operations has always resided clearly outside of development. Release candidates are tossed over the fence by development and operations was expected to “just make it work.” The same can be said about many other activities, including application security. This isn’t intended to be derision aimed at development—it’s just a feature of how processes have historically been demarcated. But with the emergence of the DevOps movement, organizations are beginning to apply the “shift-left” principle associated with early testing toward other facets of application development. Security, which has been treated as something you can test into an application, should be built into an application according to DevOps principles. In this presentation, we discuss how to get development and operations working together to build security into the application. We’ll outline three methods and discuss their merits and drawbacks:
• Penetration testing: This is the approach most commonly used.
• Hybrid testing: By applying flow (dynamic analysis) early in the process, you can that look for possible paths through the code that lead to security flaws.
• Preventative testing: By taking a standards-based approach and implementing a set of activities that target defects that lead to security vulnerabilities, you are able to get ahead of security issues that diminish the effectiveness of DevOps approaches.
Norse Live Attack Map http://map.ipviking.com/
8,000,000 sensors in 200 data centers in 50 countries – designed to look like everything
The top 5,000,000 worst IPs on the internet
"There are very rarely attacks against Canada, for whatever reason. I guess they're just too nice."
See also http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&list=0&time=16447&view=map for DDOS live
'Acceptance Test Driven Development Using Robot Framework' by Pekka Klarch & ...TEST Huddle
Acceptance test driven development (ATDD) is an important agile practice merging requirement gathering with acceptance testing. In its core are concrete examples, created together with the team, that provide collaborative understanding and, as automated acceptance tests, make sure that the features are implemented correctly. There are many ways to create ATDD examples/tests, and the behavior driven development (BDD) style with Given-When-Then format is one of the more popular ones.
Robot Framework is an open source test automation framework suitable for ATDD and acceptance testing in general. It has a flexible test data syntax that supports keyword-driven, data-driven, and BDD styles, but is still simple enough so that also non-programmers can create and understand test cases. The simple test library API makes extending the framework easy, and there are several ready made libraries that allow testing generic interfaces such as web, databases, Swing, SWT, Windows GUIs, Flex, and SSH out-of-the-box.
This presentation gives an introduction both to ATDD and Robot Framework. It contains different demonstrations and
all the material will be freely available after the presentation.
This session will give an overview of Static Code Analysis, its impact on the SDLC, its benefits and problems, the various automated tools used, and a demonstration of the code analysis of a Javascript web application using Sonarqube.
Driving Risks Out of Embedded Automotive SoftwareParasoft
Automobiles are becoming the ultimate mobile computer. Popular models have as many as 100 Electronic Control Units (ECUs), while high-end models push 200 ECUs. Those processors run hundreds of millions of lines of code written by the OEMs’ teams and external contractors—often for black-box assemblies. Modern cars also have increasingly sophisticated high-bandwidth internal networks and unprecedented external connectivity. Considering that no code is 100% error-free, these factors point to an unprecedented need to manage the risks of failure—including protecting life and property, avoiding costly recalls, and reducing the risk of ruinous lawsuits.
Key Findings from the 2019 State of DevOps ReportPuppet
Learn how to make security work in your DevOps practice.
We already know that advanced DevOps companies release software faster, with fewer errors. Did you know they also have the best security? (To be fair, we didn’t either until we got the analysis back from our 8th annual State of DevOps survey.)
In this webinar, the authors of the 2019 State of DevOps Report will walk you through the most important things they learned about how organizations are successfully integrating security into their DevOps practices — and the results they’re seeing.
We hope you’ll join us at this APAC timezone webinar on Wednesday, 23 October 2019 at 11 a.m. SGT | 2 p.m. AEST where you can expect to learn:
Which DevOps practices are most important for improving your security posture.
How security integration affects everything from your ability to deploy on demand to the time it takes to remediate vulnerabilities.
What to expect as you integrate security into the software delivery lifecycle. (Hint: It’s not all sunshine and rainbows.)
Webinar presenters and 2019 State of DevOps Report authors: Alanna Brown and Nigel Kersten of Puppet, Andi Mann of Splunk, and Michael Stahnke of CircleCI
Top Ten things that have been proven to effect software reliabilityAnn Marie Neufelder
There are many myths about what causes reliable or unreliable software. However, this presentation shows the facts based on real data from real projects.
Four things that are almost guaranteed to reduce the reliability of a softwa...Ann Marie Neufelder
Distressed software projects typically have at least one of the 4 risks shown in the presentation. Avoiding these 4 things is the first step in ensuring software reliability.
Deploy + Destroy Complete Test EnvironmentsParasoft
This presentation, given at STAREAST in May 2016, explains how Service Virtualization, Containers, and Cloud help organizations test applications on their own terms.
Embedded software engineering has become a much bigger and more complex domain than we could have imagined. As devices are expected to communicate with other devices and embedded subsystems, a much larger surface area has emerged for defects that threaten the safety, security, and reliability of the software. For example, the connected car not only introduces software safety and security concerns within the car as a system, interactions with environmental components, such as communicating with 'smart traffic lights' and vehicle-to-vehicle communication, potentially expose additional risk. Additionally, as car makers develop and merge functionality into 'the autopilot' mode, driver-assist technologies have become safety-critical technologies.
Embedded software organizations have always taken a 'shift-left' approach to software quality, rigorously applying defect prevention techniques early in the lifecycle. The demand for IoT requires a new testing paradigm that more closely resembles the challenges that Enterprise IT have faced for decades. As enterprise IT struggles to 'shift-left', embedded systems are struggling to 'shift-right' by testing more componentized and distributed architectures.
A recent regulation approved by the European Parliament laid out the requirements for type approvals of motor vehicles on their safety aspects calls for the introduction of these new safety features as a prerequisite. As such, the need for an internationally recognized standard for safety critical systems becomes more crucial to measure how safe a system is.
[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration w...Obeo
The importance of mission or safety-critical software systems in many application domains of embedded systems is continuously growing, and so is the effort and complexity for reliability and safety analysis. Model-based system engineering (MBSE) is currently one of the key approaches to cope with increasing system complexity.
With Component Fault Trees (CFTs) there is a model- and component-based methodology for safety analysis, which extends the advantages of model-based development to safety & reliability engineering. In this talk, we demonstrate how to ease the development of safety-critical systems by implementing a graphical modeling tool for Component Fault Trees using Sirius and integrate safety analysis capabilities in a model-based system engineering workflow in Capella.
Speaker :
Mark Zeller, Siemens CT
Marc Zeller works as a Senior Key Expert for model-based safety and reliability engineering at Siemens Corporate Technology. His research interests are focused on the efficient and effective development of dependability-relevant Cyber-physical Systems using model-based engineering techniques. Marc Zeller received a diploma in Computer Science from the Karlsruhe Institute of Technology (KIT) in 2007 and obtained a PhD in Computer Science from the University of Augsburg in 2013. With over 10-years' experience in different industrial domains, such as automotive, railway, avionics, or industry automations, he has been involved in various projects establishing model-based engineering techniques and is author of many publications in this area.
Utilities Monitoring System - energy, water, gas, compressed airMrs.Shanaz Akter
Milon Device Monitoring System (MDMS)
Utilities Monitoring System - energy, water, gas, compressed air
Electricity Monitoring
Utilities Monitoring
Measurement of Production Efficiency
Temperature Monitoring
Monitoring of Machine Temperature
Measurement of Energy Efficiency
Extruder Control System
Parts Washer Control
Laboratory-testing Work Stations Monitorings
Portable Measuring Sets Varius Equipment as for Customer Demand
SIA Journée d'étude : NORME ISO 26262 Sécurité fonctionnelle électronique automobile , 04-03-2018
Cédric Heller, DQI/DSEE, French Delegate of TC22/SC32/WG8
Experiences evaluating cloud services and productsJavier Tallón
The market for IT products is constantly evolving. More and more vendors are developing products and services deployed only in the cloud (Cloud Native). This implies a paradigm shift in the way assessments are carried out, in the methodology to be followed and in the tests to be performed.
Today, it is NOT possible to use Common Criteria to evaluate cloud services, despite many administrations are migrating to cloud solutions.
This talk will not talk about Cloud programs such as FedRamp, ENS, C5, SecNumCloud or ENISA EUCS scheme. All these schemes, evaluate the clod infrastructure and the controls specified in the respective standards.
But in those standards, we cannot find assurance requirements related to the product/service itself. e.g. If your WAF (Web Application Firewall) is cloud native and deployed in the cloud, you could obtain those cloud certifications but it would be NOT possible to obtain a CC certification using NIAP PPs.
To solve this problematic, a practical approach has been followed in Spain, evaluating the cloud services using the LINCE methodology but obtaining a qualification mark (instead of a certification). Several vendors such as AWS, Google or Microsoft have already undergone this kind of processes.
In this talk, we want to show jtsec’s hands-on experience evaluating cloud services and discuss the main issues that have been faced and the solutions that have been found (TOE definition, Test environment, TOE identification, permission to test, etc…).
We would like also to discuss how the experience obtained using the LINCE methodology could be extrapolated (or NOT) to the CC World.
As the intricacy of Electronic Control Units (ECU) in present day vehicles has expanded, the requirement for automotive functional safety standard has turned out to be more goal. ISO 26262 standard tends to the all inclusive security hones required for planning basic car segments. We take a gander from an optimistic standpoint rehearses that will help you to plan ISO 26262-agreeable ECU programming.
UVM BASED REUSABLE VERIFICATION IP FOR WISHBONE COMPLIANT SPI MASTER COREVLSICS Design
The System on Chip design industry relies heavily on functional verification to ensure that the designs are bug-free. As design engineers are coming up with increasingly dense chips with much functionality, the functional verification field has advanced to provide modern verification techniques. In this paper, we
present verification of a wishbone compliant Serial Peripheral Interface (SPI) Master core using a System Verilog based standard verification methodology, the Universal Verification Methodology (UVM). The reason for using UVM factory pattern with parameterized classes is to develop a robust and reusable
verification IP. SPI is a full duplex communication protocol used to interface components most likely in embedded systems. We have verified an SPI Master IP core design that is wishbone compliant and compatible with SPI protocol and bus and furnished the results of our verification. We have used
QuestaSim for simulation and analysis of waveforms, Integrated Metrics Center, Cadence for coverage analysis. We also propose interesting future directions for this work in developing reliable systems.
UVM BASED REUSABLE VERIFICATION IP FOR WISHBONE COMPLIANT SPI MASTER COREVLSICS Design
The System on Chip design industry relies heavily on functional verification to ensure that the designs are bug-free. As design engineers are coming up with increasingly dense chips with much functionality, the functional verification field has advanced to provide modern verification techniques. In this paper, we present verification of a wishbone compliant Serial Peripheral Interface (SPI) Master core using a System Verilog based standard verification methodology, the Universal Verification Methodology (UVM). The reason for using UVM factory pattern with parameterized classes is to develop a robust and reusable verification IP. SPI is a full duplex communication protocol used to interface components most likely in embedded systems. We have verified an SPI Master IP core design that is wishbone compliant and compatible with SPI protocol and bus and furnished the results of our verification. We have used QuestaSim for simulation and analysis of waveforms, Integrated Metrics Center, Cadence for coverage analysis. We also propose interesting future directions for this work in developing reliable systems.
UVM BASED REUSABLE VERIFICATION IP FOR WISHBONE COMPLIANT SPI MASTER COREVLSICS Design
The System on Chip design industry relies heavily on functional verification to ensure that the designs are bug-free. As design engineers are coming up with increasingly dense chips with much functionality, the functional verification field has advanced to provide modern verification techniques. In this paper, we
present verification of a wishbone compliant Serial Peripheral Interface (SPI) Master core using a System Verilog based standard verification methodology, the Universal Verification Methodology (UVM). The reason for using UVM factory pattern with parameterized classes is to develop a robust and reusable
verification IP. SPI is a full duplex communication protocol used to interface components most likely in embedded systems. We have verified an SPI Master IP core design that is wishbone compliant and compatible with SPI protocol and bus and furnished the results of our verification. We have used
QuestaSim for simulation and analysis of waveforms, Integrated Metrics Center, Cadence for coverage analysis. We also propose interesting future directions for this work in developing reliable systems.
Web Application Security for Continuous Delivery PipelinesAvi Networks
Watch on-demand webinar: https://info.avinetworks.com/webinars/web-application-security-continuous-delivery-pipelines
Applications today have evolved into containers and microservices deployed in fully automated and distributed environments across data centers and clouds. Application services such as load balancing, security, and analytics become critical for continuous delivery.
To secure modern web applications, security policies including SSL/TLS, ACLs, IP Reputation, and WAF need to be applied quickly. We will share a reference implementation from Avi Networks.
Join this webinar to learn:
- CI/CD in the web application security context
- Challenges and solutions integrating a modern web application firewall (WAF) into the application development pipeline
- How to create processes that support both security and development requirements
This presentation discusses why cybersecurity is an issue for safety instrumented systems and will examine example architectures when communicating with the SIS.
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Mind IT Systems
Healthcare providers often struggle with the complexities of chronic conditions and remote patient monitoring, as each patient requires personalized care and ongoing monitoring. Off-the-shelf solutions may not meet these diverse needs, leading to inefficiencies and gaps in care. It’s here, custom healthcare software offers a tailored solution, ensuring improved care and effectiveness.
top nidhi software solution freedownloadvrstrong314
This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfJay Das
With the advent of artificial intelligence or AI tools, project management processes are undergoing a transformative shift. By using tools like ChatGPT, and Bard organizations can empower their leaders and managers to plan, execute, and monitor projects more effectively.
33. March 29th, 2021
Ma t h e m a t ica lly
Gu a ra n t e e d
C a n d C++ Co d e
Fabrice Derepas
Co-founder
CEO TrustInSoft
@fderepas
Formal methods for human beings
35. I am going to compute this formula
for, let’s say, 10,000 values for (a,b).
I think that I will have a good idea if
the formula holds or not!
Would that still work with larger
numbers? Did I miss any corner cases
(INT_MAX or INT_MIN)
37. (a+b)2=(a+b)x(a+b)
= a2+ab + b2+ba
=a2+b2+2ab
The right approach is to do the
following computations:
Now I know that the equation
holds for any (a,b) couple.
40. deployment on an
airplane code
Testing or Formal Verification: DO-178C Alternatives and Industrial Experience
IEEE Software (Volume: 30 , Issue: 3 , May-June 2013)
https://ieeexplore.ieee.org/document/6471965
41. NIST report
to the white
house
NIST underlines in a report to the White House a re s u lt
u n iq u e in t h e w o rld p e rfo rm e d b y
Tru s t In So ft : a mathematical assessment of absence of
buffer overflow or memory error in a stack at the core of
ARM’s mbed environment.
https://trust-in-soft.com/polarssl-verification-kit/
43. Journey to maximum quality with TIS
Boost the coverage of your tests
with generalized inputs / static
analysis
Check functional implementation
Customer test activities
with TIS
Stage 3
Stage 2
Stage 1
Customer Benefits
• Ensure implemented SW architecture and
functions behave in line with spec
• Full mathematical guarantee for safety
and security
• Mathematical guarantee that all
Undefined Behaviours are detected
• 0 false negatives
• Achieve up to 100% coverage on unit
tests
• Instant productivity: find more bugs
quicker
• Mathematical guarantee that Undefined
Behaviors resulting from discrete tested
values are detected
• 0 false positives & 0 false negatives
Existing tests with discrete
values are replayed
“dynamically” in TIS
Max quality
44.
45. • Signed Overflow (24)
• Uninitialized Variable (2)
• Uninitialized memory (1)
• Signed Overflow (9)
• Link Error (1)
• Invalid Pointer Arithmetic (1)
• Uninitialized Variable (3335 times)
• Incompatible Function Pointer (735)
• Uninitialized Variable (10)
• Uninitialized Variable (63)
• Signed Overflow (15)
• Uninitialized Variable (11)
• Signed Overflow (1)
-Rules of the game: Find UBs by replaying-existing test suits & Use a fuzzer (AFL)
-Results: After generating 10,000 test with AFL from the 44 existing ones, we found 13 UBs
Removing vulnerabilities is key when used as a live intrusion detector
2019: 13 UBs identified on Wireshark Packet Analyser
Found new bugs not caught by other tools for years
46. Journey to maximum quality with TIS
Boost the coverage of your tests
with generalized inputs / static
analysis
Check functional implementation
Customer test activities
with TIS
Stage 3
Stage 2
Stage 1
Customer Benefits
• Ensure implemented SW architecture and
functions behave in line with spec
• Full mathematical guarantee for safety
and security
• Mathematical guarantee that all
Undefined Behaviours are detected
• 0 false negatives
• Achieve up to 100% coverage on unit
tests
• Instant productivity: find more bugs
quicker
• Mathematical guarantee that Undefined
Behaviors resulting from discrete tested
values are detected
• 0 false positives & 0 false negatives
Existing tests with discrete
values are replayed
“dynamically” in TIS
Max quality
48. Compute 2^4 in a virtual machine
#define ARRAY_SIZE 10000
unsigned char mem[ARRAY_SIZE] =
{80, 7, 5, 5, 3, 5, 3, 5, 4 , 11, 2};
#define NEXT
if (pos<ARRAY_SIZE-1) ++pos; break
int main() {
unsigned int A=0, B=0, pos=0;
while (1) {
switch (mem[pos] & 7) {
// add
case 0: A+=mem[pos]>>3; NEXT;
// substract
case 1: A-=mem[pos]>>3; NEXT;
// load
case 2: A=mem[B]; NEXT;
// store
case 3: if (B<ARRAY_SIZE) mem[B]=A; NEXT;
// exit
case 4: return A;
// load and add
case 5: if (B<ARRAY_SIZE) A=A+mem[B]; NEXT;
// goto A
case 6: if (A<ARRAY_SIZE) pos=A; break;
// swap A and B
case 7: {int tmp=B; B=A; A=tmp;} NEXT;
}}}
49. Let’s run this code
$ clang vm.c && ./a.out
$ echo $?
16
50. Compute 2^4 in a virtual machine
#define ARRAY_SIZE 10000
unsigned char mem[ARRAY_SIZE] =
{80, 7, 5, 5, 3, 5, 3, 5, 4 , 11, 2};
#define NEXT
if (pos<ARRAY_SIZE-1) ++pos; break
int main() {
unsigned int A=0, B=0, pos=0;
while (1) {
switch (mem[pos] & 7) {
// add
case 0: A+=mem[pos]>>3; NEXT;
// substract
case 1: A-=mem[pos]>>3; NEXT;
// load
case 2: A=mem[B]; NEXT;
// store
case 3: if (B<ARRAY_SIZE) mem[B]=A; NEXT;
// exit
case 4: return A;
// load and add
case 5: if (B<ARRAY_SIZE) A=A+mem[B]; NEXT;
// goto A
case 6: if (A<ARRAY_SIZE) pos=A; break;
// swap A and B
case 7: {int tmp=B; B=A; A=tmp;} NEXT;
}}}
52. (a+b)2=(a+b)x(a+b)
= a2+ab + b2+ba
=a2+b2+2ab
The right approach is to do the
following computations:
Now I know that the equation
holds for any (a,b) couple.
53.
54. solution
#include <tis_builtin.h>
#define ARRAY_SIZE 10000
unsigned char mem[ARRAY_SIZE] =
{80, 7, 5, 5, 3, 5, 3, 5, 4 , 11, 2};
#define NEXT
if (pos<ARRAY_SIZE-1) ++pos; break
int main() {
unsigned int A=0, B=0, pos=0;
tis_make_unkown(mem, ARRAY_SIZE);
while (1) {
switch (mem[pos] & 7) {
// add
case 0: A+=mem[pos]>>3; NEXT;
// substract
case 1: A-=mem[pos]>>3; NEXT;
// load
case 2: A=mem[B]; NEXT;
// store
case 3: if (B<ARRAY_SIZE) mem[B]=A; NEXT;
// exit
case 4: return A;
// load and add
case 5: if (B<ARRAY_SIZE) A=A+mem[B]; NEXT;
// goto A
case 6: if (A<ARRAY_SIZE) pos=A; break;
// swap A and B
case 7: {int tmp=B; B=A; A=tmp;} NEXT;
}}}
55. solution
#include <tis_builtin.h>
#define ARRAY_SIZE 10000
unsigned char mem[ARRAY_SIZE] =
{80, 7, 5, 5, 3, 5, 3, 5, 4 , 11, 2};
#define NEXT
if (pos<ARRAY_SIZE-1) ++pos; break
int main() {
unsigned int A=0, B=0, pos=0;
tis_make_unkown(mem, ARRAY_SIZE);
while (1) {
switch (mem[pos] & 7) {
// add
case 0: A+=mem[pos]>>3; NEXT;
// substract
case 1: A-=mem[pos]>>3; NEXT;
// load
case 2: if (B<ARRAY_SIZE) A=mem[B]; NEXT;
// store
case 3: if (B<ARRAY_SIZE) mem[B]=A; NEXT;
// exit
case 4: return A;
// load and add
case 5: if (B<ARRAY_SIZE) A=A+mem[B]; NEXT;
// goto A
case 6: if (A<ARRAY_SIZE) pos=A; break;
// swap A and B
case 7: {int tmp=B; B=A; A=tmp;} NEXT;
}}}
57. SSL/TLS Without
Undefined behavior
• Using TrustInSoft Analyzer we have a report which tells how to compile, configure
and deploy mbedTLS in a given perimeter in order to be immune from all attacks
caused by CWE 119 to 127, 369, 415, 416, 457, 476, 562, 690. All bugs of those
kind were found and removed.
• Download the full report: http://trust-in-soft.com/polarssl-verification-kit
2016: NIST underlines in a report to the White House a result
unique in the world performed by TrustInSoft: a mathematical
assessment of absence of buffer overflow or memory error in a
stack at the core of ARM’s mbed environment.
58. AIS2DW12 Driver - TIS CI Analysis
• The AIS2DW12 3-axis accelerometer was selected as it had the most recent
contributions on github
• TIS Analyzer determined, simulated and cascaded the superset of all possible
inputs, code values and behaviors
• Buffer overflow identified and fixed in less than 1,5 hour (incl. the time to
get familiar with ST datasheet and driver)
• With the proposed fix and the analysis run again, TIS confirms that for all
existing tests, whatever the registers the HW contains, the driver has no
undefined behavior
• Link to this issue and new commit from ST
https://github.com/STMicroelectronics/STMems_Standard_C_drivers/issues/
75
59. Journey to maximum quality with TIS
Boost the coverage of your tests
with generalized inputs / static
analysis
Check functional implementation
Customer test activities
with TIS
Stage 3
Stage 2
Stage 1
Customer Benefits
• Ensure implemented SW architecture and
functions behave in line with spec
• Full mathematical guarantee for safety
and security
• Mathematical guarantee that all
Undefined Behaviours are detected
• 0 false negatives
• Achieve up to 100% coverage on unit
tests
• Instant productivity: find more bugs
quicker
• Mathematical guarantee that Undefined
Behaviors resulting from discrete tested
values are detected
• 0 false positives & 0 false negatives
Existing tests with discrete
values are replayed
“dynamically” in TIS
Max quality
60. ACSL:
ANSI/ISO C Specification Language
•Code is annotated using comments
•It’s based on the concept of contract
•Allows to specify functional properties
•ACSL enables to combine multiple analysis
techniques within TrustInSoft Analyzer
61. /*@requires n>=0 &&
valid(t+(0 .. n−1));
assigns nothing;
ensures result!=0 <==>
(forall integer j ;0<=j<n ==> t[j]==0) ;
*/
int check_all_zeros (int t[],int n){
int k;
/*@ loop invariant 0<=k<=n;
loop invariant (forall integer j ; 0<=j<k ==> t[j]==0);
loop assigns k ;
loop variant n−k ; */
for(k=0; k<n; k++)
if(t[k]!=0)
return 0;
return 1;
}
Checking values
in an array
9 red lines
6 black lines
From https://nikolai-kosmatov.eu/publications/talk_2015_11_24_SASEFOR_slides.pdf, thanks Nikolaï!
62. What if the math is too hard?
WHY 3
http://why3.lri.fr/
Automatic provers
Alt-Ergo, Beagle, CVC3, CVC4, E
Prover, Gappa, Metis, Metitarski,
Princess, Psyche, Simplify, SPASS,
Vampire, veriT, Yices, Z3.
Proof Assistants
Coq, PVS, Isabelle/HOL
you knew you could do the job
yourself!
C/C++
63.
64. 32
Our customers’ primary drivers
ENSURE CODE QUALITY
AND OPERATIONAL
EFFICIENCY
Where do your team’s priorities fall?
ENSURE
CODE SECURITY
ENSURE
CODE SAFETY
Boost software coverage
Reduce software verification efforts/costs
Reduce updates & critical issues handling costs
Avoid multiple certification iterations
Improve Time to Market
Perform tests on host as if they were on target
Ensure source code
vulnerabilities are detected and
removed
Ensure software does not crash
Ensure code deterministic behaviour
Ensure code does what it is supposed to
Ensure functional implementation in line
with spec
65. Not your usual
static analyzer
• Analysis starts from an entry point (like a test)
• Exhaustive coverage of inputs
• Supports full C and C++ language up to C++17
• Platform specific analysis without compiling
• Universal forward/backward debugger for
efficient bug fix
66. Journey to maximum quality with TIS
Boost the coverage of your tests
with generalized inputs / static
analysis
Check functional implementation
Customer test activities
with TIS
Stage 3
Stage 2
Stage 1
Customer Benefits
• Ensure implemented SW architecture and
functions behave in line with spec
• Full mathematical guarantee for safety
and security
• Mathematical guarantee that all
Undefined Behaviours are detected
• 0 false negatives
• Achieve up to 100% coverage on unit
tests
• Instant productivity: find more bugs
quicker
• Mathematical guarantee that Undefined
Behaviors resulting from discrete tested
values are detected
• 0 false positives & 0 false negatives
Existing tests with discrete
values are replayed
“dynamically” in TIS
Max quality