Cover Story Open Source Technologies

Cover Story CIO Perspective Open Source Technologies – FOSS in Enterprises 30 A Boon for People in All Fields 7

Technical Trends IT Industry Perspective Rationalize Your Cloud Model Interview with Mr. Deepak Using Open Source Stack 11 Ghaisas 32

Article Security Corner Information Security » Unseen to Seen with Cryptography, Enhancing Security of Websites Steganography and Watermarking 22 with Content Security Policy 38

www.csi-india.org www.csi-india.org CSI Communications | February 2014 | 1 CSI Elections 2014-2015/2016

As authorised by the Constitution section 5.7 and section 5.8, we present herewith the results of the elections conducted for the year 2014-2015/2016. The closing date for the receipt of the ballots was January 22, 2014. The results of the elections are given below: The following are declared elected: For the Term 2014-2015 (April 1, 2014 - March 31, 2015) For the Term 2014-2016 (April 1, 2014 - March 31, 2016)

[1] Vice President cum President Elect (2014-15) [8] Divisional Chair Person - Div. IV (2014-16) Prof. Bipin V Mehta Dr. Durgesh Kumar Mishra [2] Nomination Committee ( 2014-15) [9] Secretary (Kolkata Chapter - 2014-2015/2016) Prof. P. Kalyanaraman Mr. Subir Kumar Lahiri Mr. Sanjeev Kumar [10] Secretary (Bangalore Chapter - 2014-2015/2016) Mr. Subimal Kundu Mr. Vinay Krishna [3] Hony. Secretary (2014-16) Mr. Sanjay Mohapatra [11] Management Committee (Bangalore Chapter- 2014-2015) [4] Regional Vice President (Region II - 2014-16) Ms. Savitha Gowda Mr. Devaprasanna Sinha Prof. Prakash [5] Regional Vice President (Region IV - 2014-16) Dr. Saroja Devi Mr. Hari Shankar Mishra Prof. D Jayaramaiah [6] Regional Vice President (Region VI - 2014-16) Dr. Arindam Sen Dr. Shirish S Sane Ms. Manju Nanda [7] Divisional Chair Person - Div. II (2014-16) Mr. Mohan Ramanathan Dr. R Nadarajan Mr. Anbunathan Ramaiah Nominations Committee 2013-2014

Dr. Rattan K. Datta Chairman NC Prof. H R Vishwakarma Member NC Prof. A K Saini Member NC

CHAPTER ELECTION RESULTS RECEIVED FROM THE FOLLOWING CHAPTERS FOR THE YEAR 2014-2015/2016 Region1 Region2 Region3 Region4 Region5 Region6 Region7 Allahabad Durgapur Ahmedabad Balasore Bangalore Aurangabad Coimbatore Chandigarh Guwahati Bhopal Bokaro Vijayawada Goa Kozhikode Dehradun Kolkata Chittorgarh Cuttack Hyderabad Mumbai Chennai Delhi Patna Gwalior Dhanbad Mysore Nagpur Kochi Ghaziabad Siliguri Indore Raipur New Guntur Nashik Hosur Haridwar Jabalpur Rourkela Ongole Pune Karaikudi Kanpur Jaipur Ranchi Visakhapatnam Solapur Puducherry Lucknow Mhow Jamshedpur Koneru Salem Mankapur Surat Bhilai Thanjavur Noida Udaipur Trichy Gurgaon Vadodara Thiruvananthapuram Varanasi Vallabh Vidyanagar Vellore Jhansi Gandhinagar Annamalainagar Mathura Ujjain Sivakasi Rajkot Kanyakumari

Total chapters 73 Results received 22 Results not received 51 CSI Communications Contents

Volume No. 37 • Issue No. 11 • February 2014

Editorial Board Cover Story Energy Effi cient Trust Calculation in Open Source Technologies – 25 Mobile ad hoc Network Chief Editor 7 A Boon for People in All Fields Ms. Hiteishi Diwanji and Dr. J S Shah Dr. R M Sonar P Monica

Editors The Endless Journey of Practitioner Workbench Dr. Debasish Jana 8 Open Source Programming.Tips() » Dr. Achuthsankar Nair Tadrash Shah and Chintan M Bhatt 28 Intricacies of Multi- Threading in Java Resident Editor Sumith Kumar Puri Mrs. Jayshree Dhere Technical Trends Rationalize Your Cloud Model Programming.Learn(“R”) » 11 Using Open Source Stack File Input and Output-I Debasis Roychoudhuri, Biswajit Mohapatra 29 Umesh P and Silpa Bhaskaran and Mahesh Jadhav

Published by CIO Perspective Executive Secretary Research Front A Research Oriented Undergraduate FOSS in Enterprises Mr. Suchit Gogwekar Pravin Balaji Dhayfule For Computer Society of India 15 Curriculum: Design Principles and 30 Concrete Realization Rajeev Sangal Design, Print and IT Industry Perspective Dispatch by Interview with Mr. Deepak Ghaisas CyberMedia Services Limited Articles 32 Mrs. Jayshree A Dhere Social Networking: Emerging Trends, Issues and Applications 21 L Sunitha Security Corner Information Security » Unseen to Seen with Cryptography, 38 Enhancing Security of Websites Steganography and Watermarking with Content Security Policy 22 Baisa L Gunjal and Dr. Suresh N Mali Krishna Chaitanya Telikicherla and Harigopal K B Ponnapalli

Please note: CSI Communications is published by Computer Society of India, a non-proﬁ t organization. Views and opinions expressed in the CSI Communications are those of individual authors, contributors and advertisers and they may diff er from policies and offi cial statements of CSI. These should not be construed as legal or PLUS professional advice. The CSI, the publisher, the editors and the contributors are not responsible Brain Teaser for any decisions taken by readers on the basis of Dr. Debasish Jana 41 these views and opinions. Although every care is being taken to ensure Ask an Expert genuineness of the writings in this publication, Dr. Debasish Jana 42 CSI Communications does not attest to the originality of the respective authors’ content. © 2012 CSI. All rights reserved. Happenings@ICT: ICT News Briefs in January 2014 H R Mohan 43 Instructors are permitted to photocopy isolated articles for non-commercial classroom use without fee. For any other copying, reprint or CSI Report 44 republication, permission must be obtained in writing from the Society. Copying for other CSI Reports 46 than personal use or internal reference, or of articles or columns not owned by the Society CSI News 47 without explicit permission of the Society or the copyright owner is strictly prohibited.

Published by Suchit Gogwekar for Computer Society of India at Unit No. 3, 4th Floor, Samruddhi Venture Park, MIDC, Andheri (E), Mumbai-400 093. Tel. : 022-2926 1700 • Fax : 022-2830 2133 • Email : [email protected] Printed at GP Off set Pvt. Ltd., Mumbai 400 059.

CSI Communications | February 2014 | 3 Know Your CSI

Executive Committee (2013-14/15) »

President Vice-President Hon. Secretary Prof. S V Raghavan Mr. H R Mohan Mr. S Ramanathan [email protected] [email protected] [email protected] Hon. Treasurer Immd. Past President Mr. Ranga Rajagopal Mr. Satish Babu [email protected] [email protected]

Nomination Committee (2013-2014) Prof. H R Vishwakarma Dr. Ratan Datta Dr.Anil Kumar Saini

Regional Vice-Presidents Region - I Region - II Region - III Region - IV Mr. R K Vyas Prof. Dipti Prasad Mukherjee Prof. R P Soni Mr. Sanjeev Kumar Delhi, Punjab, Haryana, Himachal Assam, Bihar, West Bengal, Gujarat, Madhya Pradesh, Jharkhand, Chattisgarh, Pradesh, Jammu & Kashmir, North Eastern States Rajasthan and other areas Orissa and other areas in Uttar Pradesh, Uttaranchal and and other areas in in Western India Central & South other areas in Northern India. East & North East India [email protected] Eastern India [email protected] [email protected] [email protected] Region - V Region - VI Region - VII Region - VIII Mr. Raju L kanchibhotla Mr. C G Sahasrabudhe Mr. S P Soman Mr. Pramit Makoday Karnataka and Andhra Pradesh Maharashtra and Goa Tamil Nadu, Pondicherry, International Members [email protected] [email protected] Andaman and Nicobar, [email protected] Kerala, Lakshadweep [email protected]

Division Chairpersons Division-I : Hardware (2013-15) Division-II : Software (2012-14) Division-III : Applications (2013-15) Prof. M N Hoda Dr. T V Gopal Dr. A K Nayak [email protected] [email protected] [email protected] Division-IV : Communications Division-V : Education and Research (2012-14) (2013-15) Mr. Sanjay Mohapatra Dr. Anirban Basu [email protected] [email protected] Important links on CSI website » About CSI http://www.csi-india.org/about-csi Membership Subscription Fees http://www.csi-india.org/fee-structure Structure and Orgnisation http://www.csi-india.org/web/guest/structureandorganisation Membership and Grades http://www.csi-india.org/web/guest/174 Executive Committee http://www.csi-india.org/executive-committee Institutional Membership http://www.csi-india.org/web/guest/institiutional- Nomination Committee http://www.csi-india.org/web/guest/nominations-committee membership Statutory Committees http://www.csi-india.org/web/guest/statutory-committees Become a member http://www.csi-india.org/web/guest/become-a-member Who's Who http://www.csi-india.org/web/guest/who-s-who Upgrading and Renewing Membership http://www.csi-india.org/web/guest/183 CSI Fellows http://www.csi-india.org/web/guest/csi-fellows Download Forms http://www.csi-india.org/web/guest/downloadforms National, Regional & State http://www.csi-india.org/web/guest/104 Membership Eligibility http://www.csi-india.org/web/guest/membership-eligibility Student Coordinators Code of Ethics http://www.csi-india.org/web/guest/code-of-ethics Collaborations http://www.csi-india.org/web/guest/collaborations From the President Desk http://www.csi-india.org/web/guest/president-s-desk Distinguished Speakers http://www.csi-india.org/distinguished-speakers CSI Communications (PDF Version) http://www.csi-india.org/web/guest/csi-communications Divisions http://www.csi-india.org/web/guest/divisions CSI Communications (HTML Version) http://www.csi-india.org/web/guest/csi-communications- Regions http://www.csi-india.org/web/guest/regions1 html-version Chapters http://www.csi-india.org/web/guest/chapters CSI Journal of Computing http://www.csi-india.org/web/guest/journal Policy Guidelines http://www.csi-india.org/web/guest/policy-guidelines CSI eNewsletter http://www.csi-india.org/web/guest/enewsletter Student Branches http://www.csi-india.org/web/guest/student-branches CSIC Chapters SBs News http://www.csi-india.org/csic-chapters-sbs-news Membership Services http://www.csi-india.org/web/guest/membership-service Education Directorate http://www.csi-india.org/web/education-directorate/home Upcoming Events http://www.csi-india.org/web/guest/upcoming-events National Students Coordinator http://www.csi-india.org/web/national-students- Publications http://www.csi-india.org/web/guest/publications coordinators/home Student's Corner http://www.csi-india.org/web/education-directorate/student-s-corner Awards and Honors http://www.csi-india.org/web/guest/251 CSI Awards http://www.csi-india.org/web/guest/csi-awards eGovernance Awards http://www.csi-india.org/web/guest/e-governanceawards CSI Certifi cation http://www.csi-india.org/web/guest/csi-certifi cation IT Excellence Awards http://www.csi-india.org/web/guest/csiitexcellenceawards Upcoming Webinars http://www.csi-india.org/web/guest/upcoming-webinars YITP Awards http://www.csi-india.org/web/guest/csiyitp-awards About Membership http://www.csi-india.org/web/guest/about-membership CSI Service Awards http://www.csi-india.org/web/guest/csi-service-awards Why Join CSI http://www.csi-india.org/why-join-csi Academic Excellence Awards http://www.csi-india.org/web/guest/academic-excellence- Membership Benefi ts http://www.csi-india.org/membership-benefi ts awards BABA Scheme http://www.csi-india.org/membership-schemes-baba-scheme Contact us http://www.csi-india.org/web/guest/contact-us Special Interest Groups http://www.csi-india.org/special-interest-groups Important Contact Details » For queries, correspondence regarding Membership, contact [email protected]

CSI Communications | February 2014 | 4 www.csi-india.org Prof. S V Raghavan President’s Message From : [email protected] Subject : President’s Desk Date : 1st February, 2014

Dear Members

New team has been elected. CSI is entrusting the leadership in the hands of another set of very competent people. My successor Mohan will have a nice team to work with during his term. My best wishes to all those who were elected to the respective offi ces.

CSI Hyderabad in association with Center for Development of Advanced Computing (CDAC), a society under the Department of Electronics and Information Technology, Government of India conducted a very successful event in JNTU Hyderabad. 1400 students attended and it was a sight to see! Dr. Ajay Kumar, Joint Secretary, Department of Electronics and Information Technology presided over the function. It was all about spreading awareness about security in cyber space – a topic that has assumed global center stage after Snowden exposé. Dr. R. Rao, Vice Chancellor, JNTU was the Guest of Honor. I was the Chief Guest as well as the Keynote speaker. One could see and feel the enthusiasm of Young India. In fact, every region can do one such event in association with CDAC branches – region-wise – from this month. Shri Raju and in their region. Shri Raju, our Vice President in that region Dr. Govardhan have volunteered for February 2014. Good and Dr Govardhan, Chapter Chairman, CSI Hyderabad did a Luck – RVP and NSC. My talk will be titled – “Inspiration, fantastic job. It appeared as though they were rehearsing for Perspiration, and Innovation in Cyber Space”. It can also be CSI 2014, which is not far away. streamed on the web simultaneously. It can be archived for later use as well. Every time I address a region, I will try to We seem to have lots of Vice Chancellors helping us out! A get a “surprise” Guest with me as well. Let us work together month ago it was Andhra University and JNTU Kakinada and to make it an enriching and memorable experience for our now it is JNTU Hyderabad. We must on our part think as to Student members. Besides Ms Mini, we have two “activists” – how can we recognize them. They are our support to reach Nadarajan and Renga Rajagopal – in our midst – their concern our students in large numbers. They help our events with their for student community is remarkable. infrastructure. Above all, they deliver inspiring speeches and show unparalleled commitment to the cause of CSI. Perhaps, I hope you are familiar with National Knowledge Network we should honor such great men and honor ourselves, by (NKN). You may want to update yourself by visiting www. making them “Honorary Members” of CSI. Execom and others nkn.in. India is also establishing National Optical Fiber may want to deliberate on this suggestion. Network (NOFN). Visit www.bbnl.nic.in. Together, India will be reachable up to villages. I need ideas as to how CSI can play a Time to reﬂ ect on what is happening to Internet Governance. role in this changing scenario. Besides, can student chapters CSI should produce a position paper on Internet Governance with the help of their mentors study the impact of NKN and very soon. Not only every nation but also every citizen is NOFN in their regions? Can they do some simulations to worried about Internet Governance, especially in the post explain how education and health can be practiced in such Snowden era. May I request each one of you to send your ICT environment? Can we get our young members suggest views to Suchit in HQ, who can then collate the ideas and innovative applications that can be developed with their help? present it to me for producing a White Paper? I am sure with As we generate enough data through actual ground studies the high quality professionals in our fold, we should be able to and as we consolidate our ideas through academic analysis make a diff erence. This is an opportunity for CSI to make its and understanding, we as CSI, with the help of a long list of presence felt! renowned academic members and professional members, should convert them in to White Papers and present to Here is another opportunity for CSI, especially the Student Government. Such engagement, in my humble opinion, can members. Shri Raju is very vocal about “delivering value” to position CSI to play a vital role in nation building. student members. I agree with him. May be Ms Mini Ulanat, NSC can organize region-wise videoconference with all the Prof. S V Raghavan constituent educational institutions. It will help us “connect” President to our student members. I plan to address all our student Computer Society of India

CSI Communications | February 2014 | 5 Rajendra M Sonar, Achuthsankar S Nair, Debasish Jana and Jayshree Dhere Editorial Editors

Dear Fellow CSI Members,

We are glad to have an issue with a cover theme on Open Source Technologies. With increasing cost, changes in licensing policies like OpenStack is a collaboration of developers and cloud from server based to core-based and curtailing support on existing specialists across the globe, producing an omnipresent products with large customer base by the vendors of proprietary open source cloud computing platform for public and software are some reasons that are making organizations seriously private clouds. rethink on their IT policies and budgets for buying proprietary software and are forcing them to look for options of adopting open and Dr. Suresh N Mali, Principal, Sinhgad Institute of Technology source technologies. Generally we fi nd that some of the organizations and Science, Narhe, Pune. The third one is on “Energy Effi cient Trust that are adopting them at enterprise level are rather restricting their Calculation in Mobile ad hoc Network” by Ms. Hiteishi Diwanji, use to few applications. Associate Professor, Computer Department, L D College of Engineering and Dr. J S Shah, Director, Samarth Institute, Himmatnagar. In this issue, we start this issue with two articles under cover story section. The fi rst one titled “Technologies – A Boon for People in All In practitioner workbench section we have an article on “Intricacies Fields” by P Monica, an individual researcher, introduces readers to of Multi-Threading in Java“ by Sumith Kumar Puri, an independent open source licensing, adoption of open source in India and outside, Software Architect under Programming.Tips(). This time Umesh P use of open source in various fi elds and sectors like IT, data analysis, and Silpa Bhaskaran of Department of Computational Biology and internet, education, multimedia and research. The second article is Bioinformatics, University of Kerala cover fi rst part of File Input and by Tadrash Shah, State University of New York and Chintan M Bhatt, Output under the section Programming.Learn("R"). They will conclude Asst. Professor, CE dept., Chandubhai S. Patel Institute of Technology: the remaining part about File Input and Output in the next issue. “The Endless Journey of Open Source”. It helps readers to understand why people contribute to open source, about giants in open source Under CIO perspective we have one article on FOSS (Free and Open like Google, IBM. It mentions path-breaking examples of open source Source Software) by Pravin Balaji Dhayfule who emphasizes on how like massive open source courses and those who benefi ted from open FOSS can help organizations eliminate software licensing cost and source especially start-up companies and also explains licensing get rid of increasing dependency on proprietary software vendors through creative commons. who take advantage of the customer's need in the form of increasing Licence Fees and stringent EULA (End User Licence Agreements). OpenStack is a collaboration of developers and cloud specialists across the globe, producing an omnipresent open source cloud Under IT Industry Perspective section we have an interview with computing platform for public and private clouds. We have an Mr. Deepak Ghaisas, Chairman and Chief Mentor of Gencoval Group article under Technical Trends section from IBM contributors titled and formerly Vice-President, iFlex taken by Mrs. Jayshree A Dhere, “Rationalize Your Cloud Model Using Open Source Stack” by Debasis Resident Editor, CSIC. Mr. Deepak Ghaisas has shared his valuable Roychoudhuri, Biswajit Mohapatra and Mahesh Jadhav. experiences of working in IT industry especially in the software product business. He has provided some insight on how software Under Research Front we have an article by Dr. Rajeev Sangal, Director, product business would shape in future and what needs to be done IIT(BHU), Varanasi. He describes the design of a curriculum to support in terms of creating an ecosystem to propel Indian IT industry into undergraduate research in Computer Science and Engineering (CSE) making India IT super power. and in Electronics and Communications Engineering (ECE) which he thinks should encourage the creative expression of the student in the We have eighth article in the series of articles by Krishna Chaitanya areas chosen by him or her in the light of the goals of the institution. Telikicherla and Harigopal K B Ponnapalli from Infosys focusing on He elaborates on design principles and concrete realization of such security of the web platform in Information Security section under curriculum. He mentions about experimentation of such curriculum at Security Corner. In this issue they write about Enhancing Security of IIIT-Hyderabad for B.Tech. (Honours) program, which has been hugely Websites with Content Security Policy. successful indicating that close to 30 to 40% students are interested in research as against the expectation of only 1 to 2%. We have our regular features, crossword covering issue theme under brain teaser, ask an expert by Dr. Debasish Jana, Editor, CSI We have three articles in Article section. The fi rst one, “Social Communications and Happening@ICT covering ICT news of January Networking: Emerging Trends, Issues and Applications” is by L Sunitha, 2014 by Mr. HR Mohan, Vice President, CSI, AVP (Systems), Associate Professor, CSE, JNTU Hyderabad. The second article The Hindu. is titled “Unseen to Seen with Cryptography, Steganography and Watermarking” by Baisa L Gunjal, Amrutvahini College of Engineering As usual there are CSI Reports and CSI Chapter and Student Branch news in brief with a link to detailed reports on the CSI website. We With increasing cost, changes in licensing policies like welcome your feedback at [email protected]. Do inform us if you from server based to core-based and curtailing support would like CSIC to cover any specifi c theme in its future issue. Your on existing products with large customer base by the suggestions would be valuable. vendors of proprietary software are some reasons that are making organizations seriously rethink on their IT With warm regards, policies and budgets for buying proprietary software and Rajendra M Sonar, Achuthsankar S Nair, are forcing them to look for options of adopting open source technologies. Debasish Jana and Jayshree Dhere Editors

CSI Communications | February 2014 | 6 www.csi-india.org Cover P Monica Story Individual Researcher Open Source Technologies – A Boon for People in All Fields Introduction Adaption of Open Source in India computer based fi elds - Software plays a major role in various Government of Kerala has taken many • Operating Systems fi elds like education, IT sector, Finance, initiatives towards improving and - Unix, Linux variants, Android, Free Medicine, Bio-informatics, animation etc. publicizing the usage of Free and Open BSD Two major terms that need to be known Source Software (FOSS) and towards • Programming Languages regarding software are Open source saving money spent on licensing fees in - Python, Perl, Java, Ruby, C and Closed source software (also called the state. Kerala is the fi rst state in India • Integrated Development Environment proprietary software). Open Source to implement FOSS in the country in 2001 - Netbeans, Eclipse software is the one, which is available for and Free Software Foundation of India has • ERP use by general public without payment of started. It has started International Centre - Openbravo, Compiere, ERP5, any licensing fees. Even its source code is for Free and Open Source Software (IC- Fedena available for free of cost. Source code can FOSS) for popularizing and using FOSS in Data Processing and Analysis Kerala. Also Government of Kerala in India be studied, can even be modifi ed based on Database is used for storing large has introduced FOSS in education through the needs of user and such open source amount of data. Datawarehouse is used IT@School project. Also it provides FOSS software can be redistributed to others to integrate data collected from various training to its technical government for free of cost. Closed source software, data sources and is useful for creating employees and school teachers. however, is the one which needs to be summary out of these collected data. Indian states like Tamil Nadu, purchased from a vendor. Here users can Data mining is a technique for extracting Karnataka, Andhra Pradesh, West Bengal, use only executable code and cannot view useful information from large amount Maharashtra, Orissa, Rajasthan, Himachal the source code of the software at all. of data. Data can to be extracted based Pradesh, etc. have also joined free software In recent years there is a huge shift upon the requested query. Using historical movement in India. from the usage of proprietary software to data, analysis can be done about future Life Insurance Corporation (LIC) of open source software among the public prediction. These predictions are very India has already started migrating to Red and industrial users due to many reasons much useful for improving the business Hat Linux on its desktops and servers. like non dependence on any specifi c decisions. Making use of open source vendor, low cost / free of cost, copyleft Adaption of Open Source by tools helps save money both in academic license agreement, security and so on. Foreign Countries institutions as well as in industries. Following are some of the open source History German City of Munich, Venezuela, Malaysia, Ecuador, United States White tools for data processing and analysis - Richard Stallman worked on a project • Database Management System called GNU project, a free software House, Government of Jordan, Brazil, France, etc. have started migrating from - Mysql, PostgreSql, Ingres foundation for developing and improving • Data Mining the open source community on September proprietary software to open source software. - R, Weka, Rapid Miner, Orange 1983 at MIT. The fi rst product developed • Extract Transform and Load (ETL) under GNU project was the Unix operating Open Source Software for - Talend, CloverETL, Pentaho system, which is the base for developing Various Fields variants of Unix based operating systems. Many software programs have evolved as Internet Technologies To add to the chain, now-a-days many a result of Open source movement. There Internet is the interconnection of various programmers contribute their programs to are various software packages available in networked computers. Learning, exchange the open source community and there are variety of fi elds. Few of them are discussed of knowledge, communication from any many forums for helping the programmers here under diff erent categories. and every part of the world, etc. have to get their doubts clarifi ed in any open become possible due to the invention of source technologies. IT Sector / Computer Related Fields the Internet. World Wide Web (WWW) In these fi elds lot of money is spent also called web consists of many Licensing in Open Source on purchasing licensed operating documents which are linked with each GNU off ers General Public License (GPL) systems(OS) and other needed software other. Following are some of the open as a license for all open source software. packages. It will be a big issue if they use source softwares available in this fi eld - Recently GPL version 3 is adapted. It a pirated copy of proprietary software. At • Scripting Languages must be agreed upon by the user while present, many companies have started - PHP (Hypertext Preprocessor), Java installing open source software in user migrating from proprietary software Script, Groovy, Jython system, which specifi es various terms to open source software and started • Application Servers and conditions of usage of software. utilizing their saved money for other - Glassfi sh, JBoss, Resin As against this, all proprietary software useful activities. Following are some of the • Web Servers follows vendor’s copyright licensing policy. open source software packages used in - Apache , Lighttpd, Jigsaw

CSI Communications | February 2014 | 7 • Web Browser - Openoffi ce - OpenShot Video Editor, Kdenlive, - Chrome, Mozilla, Safari • Text Editors Blender VSE, Avidemux • Web publishing - Vim, Emacs • Audio Editing - Audacity, Wavosaur - WordPress, Sourceforge.net • Image Editing - GIMP, Paint.NET • Search Engine Research - Isearch, Namazu, Sciencenet, Serious research is going on in various Conclusion SWISH-E ﬁ elds right from pure sciences to applied Several surveys indicate that usage of technologies. Many research papers FOSS has increased a lot over the years Education are now available free of cost through as compared to previous years and it As you will all agree there is no age limit Open Access Journals. Research groups will increase greatly in the future. Also it for learning. Today vast information is on speciﬁ c topics are formed and all has helped organizations save spending available over internet and can become recent issues can be discussed through money on proprietary software. As of available using variety of keywords. it. Based on the research area researcher today there are many job opportunities Using such information knowledge can can choose appropriate open source available in open source technologies and be obtained on respective topics. Many tool for implementing their ideas. these are likely to grow in future. educational institutions have started Typesetting Software like LaTeX helps the initiatives by giving awareness to their References researcher to concentrate on the content [1] List of Open source software, September 20, students about use of open source preparation without bothering about the 2013. http://en.wikipedia.org/wiki/Open_source software. They are also providing hands- documentation alignment. [2] Open Source Movement, September 21, 2013. on training and experience to students http://en.wikipedia.org/wiki/Open-source_ Multimedia movement by developing tutorials on open source [3] GNU General Public License, September 21, software and creating forums for clarifying In the current scenario animation plays 2013. www.gnu.org/licenses/gpl.html students’ doubts. Following are some of a vital role in education, entertainment, [4] Open source in government, September 23, 2013. advertisement, movies, multimedia http://opensource.com/government/12/9/ tools used in education - economic-impact-open-source-india • Web Content Management etc. Similarly audio, video and image [5] Adaptation of open source by governments, - Wordpress, Joomla, Drupal editing has a major role in television, September 23, 2013. http://en.wikipedia.org/ • e-Learning Content Management advertisement and movies. Following are wiki/Adoption_of_free_and_open-source_ software_by_public_institutions System some of the tools available - [6] LIC opts for Linux, September 23,2013. http:// - Moodle, ATutor, eFront • Animation - Beamer, KToon, K-3D www.networkmagazineindia.com/200607/ • Offi ce suite • Video Editing casestudy01.shtml n

MS. P. Monica, B.E., M.E., has worked as Assistant Professor in the Department of Computer Science and Engineering at Periyar Maniammai University, Thanjavur, Tamil Nadu. She has 8 years of academic experience. She has presented papers in various conferences and has organized various workshops. Her research interest is Data Mining. She is Associate life member of CSI. About the Author

CSI Communications | February 2014 | 8 www.csi-india.org Cover Tadrash Shah* and Chintan M Bhatt** *Master student, State University of New York Story **Asst. Professor, CE dept., Chandubhai S. Patel Institute of Technology, CHARUSAT

The Endless Journey of Open Source The open source developers are the people with a very strong belief that knowledge and information is for sharing. Philosophically the idea is indeed wonderful, and now the idea has taken the entire software industry, including the giants, by a storm. Also people have started using open source softwares because they have more control over it (simply because they can modify what they want to best suit their needs), contribute to making a software better, some consider it more stable, robust and secure (simply because anyone can modify the bug they found and redistribute a better version), it is fi xed very easily and frequently, and because of its distributing policy you can be assured that tools of software you use won’t disappear or change when creators stop working on it (because you hone the code). Before we move to discuss further, we must clear the notion that we addressed earlier. Usually we feel open source is free. It was. This is a common misconception. Some creators may charge for the software they built. In some cases, these creators (developers) fi nd it more lucrative to charge even more as they are allowing you the access to the code. Fig. 1[6] Usage and interpretati on of open source The top reasons (as provided by Open Source Business Conference survey[3]) individuals or organizations choose open So this time we talk of Open Source. We the source code (the programs that build source software are: all know that Open source as been around the software) and gives you the freedom • Lower cost for a while since. The usual term that to change the code and even redistribute • Security was used for it, by far, was FOSS – Free and use the software and/or program • No vendor 'lock in' (Lock-in is a and Open Source Software. But when it freely without any copyright infringement situation in which customers are was FOSS, did we ever look on the Open issues. The Red Hat Community of dependent on a single manufacturer Source aspect of it? Most of us would opensource.com defines it was “Open or supplier for some product (i.e., agree to disagree; our concern was always source refers to something that can be a good or service)/products, and modified because its design in publicly FREE. So let us dive deeper in this open cannot move to another vendor accessible”. Open Source is no more source world. When the corporate and without substantial costs and/or just a development model but has software giants like Oracle, Microsoft, inconvenience) now grown into entire Open Source Apple, Google and many more are into it • Better quality Movement over the internet. We shall we cannot deny the necessity to have a talk about these too in the later parts of Some additional benefi ts are security, bird’s eye view to it. the article. Open source can be divided aff ordability, transparency, perpetuity, Introduction into 3 C’s: interoperability, fl exibility, localization etc. According to simplest Wikipedia • Code (Linux, Apache, MySQL, PHP, Giants in Open Source definition, Open Source is a development Ruby) What began with a simpler movement model that promotes universal access via • Collaboration (Backbone of open among, perhaps, few individuals have source – IRC (Internet Relay Chat), free license and also universal distribution taken giants in its embrace. The biggest Version Control Systems, Mailing including subsequent improvements. In visible breakthrough in open source lists, Wikis, Blogs etc.) simpler terms, it is a software where in software was UNIX, followed by Linux. • Community the developers also allow you the access to And Linux Operating Systems is not

CSI Communications | February 2014 | 9 all. The biggest bang in the mobile of the agenda of open source movement courses come from almost all the elite technology, Android devices, are all mentioned above. universities at a single stop. Meaning of running a specifi c version of Linux kernel. MOOC is illustrated in Fig. 2. Path Breaking Open Source This makes Android also an open source CSI has also partnered in a movement project from Google. Examples that began at IIT-Bombay called Spoken The biggest example is the Android mobile There are many more things that Tutorials (spoken-tutorial.org) which operating system which has the biggest Google has developed and put in open focuses on generating open source market as well as technical success. There source domain. For example Google teaching material in form of audio-video are some debates as various regarding Course Builder is a framework that for teaching the open source software. It is whether to call android an open source allows you to create your own free online spear-headed by Prof. Kanan Moudgalya or not (http://www.eweek.com/blogs/fi rst- teaching course just by putting the content of IIT-Bombay. Archive of this partnership read/is-android-really-open-source.html/). in the placeholders. The ‘g-soc” (Google and more details are available at - http:// And open source is not just about the Summer of Code) is another movement spoken-tutorial.org/CSI.pdf softwares. There are wonderful hardware by Google where brilliant student coders projects which are in open source. The one Who Benefi tted? sit and develop the open source programs with maximum potential is the Arduino[5]. French Armed force said that after they for various purposes in their summer There are absolutely no limits to what switched their 3700 PCs from proprietary vacations. It has over 50 million lines of this little hardware can do. It provides the Operating systems to Ubuntu they could code already and is counting-adding to its easiest interfacing with a PC. The parent of cut down the cost by 40%. number each summer. Arduino is named Raspberry Pi. There are The free DBMS MongoDB is now the Considered the most constricting various reports that people have developed king in the New York City startups whose software-hardware company, Apple, is servers on this small Raspberry Pi device total worth is 1.2 billion dollars. (Source: also now into open source world. Usually (http://venturebeat.com/2013/11/10/arkos- Bloomberg). we feel that Apple devices and software secure-google-alternative/) – i.e. a server on Reports have said that Facebook is restrict you to using the specifi c hardware an open source hardware.. Being an open world’s largest open source company. for specifi c software and allows just a source, the programs for this hardware And Facebook is also now focusing on the few customizations. Apple too has a (which essentially comprises of a micro Facebook Mobile coming to the market reasonable collection of open source controller) are also available in open source. which they want to be open source i.e. they programs. OS X 10.9 is an open source Let us mainly focus on the software will be sharing things with the developer on opensource.apple.com. That was aspect of open source. The SourceForge is community. something unexpected! also a one stop solution these days for all Another giant product-based the open source softwares. Let us quote Licensing company Adobe has a little collection a few other examples – the LaTex[1] high- With the open source coming up to of open source projects in HTML and quality typesetting system which is the rampantly there were issues regarding the Javascript. Adobe does contribute too de facto standard for the communication Intellectual Property rights which need many open source projects like PHP, and publication of scientifi c documents, to be addressed. Because the design and Apache, Webkit and many others. LibreOffi ce which is a total replacement of the programs (code) was all open source IBM does a lot in open source. There MS Offi ce, Content Management Systems anybody can use it to their advantage. Say is over 150 open source projects that IBM like Wordpress, Joomla, Drupal, Magento for example, someone developed a code work towards which can be discovered and many others which are changing the and someone else uses it directly in his on ibm.com/developerworks/opensource. way web development is done, SciLab which some commercial product or service and Microsoft has a movement called is an open source alternative to MatLab, makes money. This cannot be called fair. Microsoft Openness where they focus Blender begin a #D Rendering open source There were such issues coming and hence on areas apart from just conventional counterpart of Maya and many others. there was a need to address this concern. open source projects like open source And yet again, it is not just software. Thus a concept of Creative Commons clouds and open source in government. There are open source teaching material has been come. It allows you to share your It was also surprising to see Microsoft available now. The Class2Go is a Stanford knowledge with the world. Especially, developing tools, under this movement, to platform for putting its course content in this age where all the information is be working with java, Moodle, MongoDB, in open source which is now an open available digitally, copying is very common. Linux and many other already existing source software framework too. With To protect the intellectual property and open source softwares. the rise of Massive Open Online Courses mention of credits to the original knowledge And it is not just these corporate. (MOOCs)[2] all the elite universities has holder creative commons has designed The world’s most renowned organization joined the movement by providing their some licenses which can be reviewed like NASA has entered the open source course material openly to all. Perhaps it at http://creativecommons.org/licenses/. world. Their motive to be in the open all began with the OCW of MIT. Harvard There are number of diff erent licenses source world is to improve their software and MIT lead the wagon with the edX which the knowledge holder (creator) can quality via community peer review. They platform. Yet other successful platforms choose as per his needs. These licenses are the ones who take real advantage of are Udacity by UC Berkely. Coursera is also allow someone to use someone else’s the open source movement in the interest the most followed MOOC where the open source content for his commercial

CSI Communications | February 2014 | 10 www.csi-india.org Fig. 2: Meaning of MOOC advantage with a due credit to the creator. • Eclipse Public License can be found at http://opensource.com/ So, in a sense, it a balance between the “all life/13/8/stealing-ideas. Getting started on Applications rights reserved” setting and the copyright open source is simplest to begin as an open Today widely used open source softwares/ law. As said, these licenses used can allow source user. When you get more and more the content to be copied, distributed, systems are Apache HTTP Server, intrigued into open source you can begin edited, remixed and built upon – all within osCommerce, Mozilla Firefox, GNU/ as a tester or a community tester and then the boundaries of copyright law. Some Linux/Unix operating system, Android, you can later grow to be an open source examples[4] are as follows: Asterisk (PBX) for Voice over IP etc. developer. Let us re-iterate yet again “open” • Apache License 2.0 Ingres, MySQL, Alfresco for is a state of mind. • BSD 3-Clause "New" or "Revised" Enterprise Content Management System, References license micropayment systems like ﬂ attr and paypal are used of business purpose. [1] http://www.latex-project.org/ • BSD 2-Clause "Simpliﬁ ed" or [2] http://en.wikipedia.org/wiki/File:MOOC_ "FreeBSD" license Conclusion poster_mathplourde.jpg [3] Irina Guseva (@irina_guseva) (2009- • GNU General Public License (GPL) Hence, seeing applications of Open source • GNU Library or "Lesser" General 03-26). "Bad Economy Is Good for Open across all various domains – we can say that Source". Cmswire.com. Retrieved 2012-03-25 Public License (LGPL) “open” is a state of mind. With “openness” [4] http://opensource.org/licenses • MIT license in mind and working in an open source [5] http://arduino.cc/ • Mozilla Public License 2.0 [6] http://www.gagful.com/2996/please- world you realize that you can no more • Common Development and register-to-continue-using-the-software. be afraid of someone stealing your ideas. Distribution License html n A wonderful read about the same thing

Tadrash Shah obtained his bachelor’s degree, B.E. in Computer Engineering from Gujarat Technological University and currently pursuing Master’s Degree at State University of New York - Stony Brook. He stood ﬁ rst in his college in Degree Engineering. He has published two research papers and a book in his undergraduate level. He is interested in the research in the subjects like Algorithms, High-performance computing and Databases. He has worked and undertook projects at IIT-Gandhinagar, IIT-Bombay and IIM Ahmedabad.

Prof. Chintan M Bhatt received B.E. and M. Tech. Degrees from Gujarat University (CITC (now CSPIT)) and Dharmsinh Desai University in Computer Engineering. He is a member of CSI, AIRCC (Academy & Industry Research Collaboration Center) and IAENG (International Association of Engineers). His areas of interest include Data Mining, Web Mining, Networking, Security and Software engineering. He has more than 3 years of teaching and research experience. About the Authors

CSI Communications | February 2014 | 11 Technical Debasis Roychoudhuri,* Biswajit Mohapatra** and Mahesh Jadhav*** *IBM Certified Senior Architect and Enterprise Solution Architect of Business Modernization IBM, India **IBM India Competency Head for Global Specialized Application Modernization and Conversions & Migration Competency Trends ***Cloud Architect, IBM, India

Rationalize Your Cloud Model Using Open Source Stack Introduction Cloud computing environment, we would the Apache license, without making a As we embarked into 2014, one of the like to keep here a defi nition of cloud as signifi cant investment, any practitioner key focus areas of large industry and simple i.e. sharing of resources to achieve can leverage it, build on it, or submit business organization is to simplify and rationality and economies of scale. It’s changes back to the project library. rationalize their computing environment very similar to a utility modelling e.g. OpenStack community (www.openstack. through various means; simplifi cation household electricity or telephone bill org) strongly recommends to use the of IT infrastructure to reduce complex based on user’s usage. Cloud service open source product line which is an open maintenance overhead, standardization model largely defi ned as Infrastructure development model. It is a collaborative of IT landscape with a standard set of as a Service (IaaS), Platform as a Service way of building a common standards and operating environment i.e. a combination (PaaS), Software as a Service (SaaS). removing the proprietary lock-in for cloud of hardware, software, network and There are some other service defi nitions as customers. This defi nitely helps creating services. ‘Cloud’ is an industry buzz word, well such as Business Process as a Service a large ecosystem across the various representing a solution for standardization (BPaS), Desktop as a Service (DaaS) and cloud service providers and cloud service and simplifi cation of IT environment. many more. However we will keep our integrators. For example, OpenStack is Cloud computing is gaining its popularity discussion in the context around IaaS and a major contributor in one of the largest progressively to unite the service and PaaS and how open source modelling can payment service providers; PayPal (www. technology variance into a common set of simplify the cloud Infrastructure services. paypal.com), by enabling a private cloud principles. The details in this paper is based on our that helps the company’s developers There are many cloud deployment implementation experience, leveraging quickly respond to its customers’ architectures available in the market with open source cloud stack a.k.a. OpenStack increasing demands and constantly various players that off er cloud services, in various IT environments. changing needs, while developing a stable but wining the customer business in platform for customers to pay for their What is OpenStack purchases. More details can be found in today’s competitive market is becoming OpenStack is a collaboration of developers a tough challenge for all service providers. http://www.openstack.org/user-stories/ and cloud specialist across the globe, paypal/. Some of the tallest ask is to standardize producing the omnipresent open source the cloud architecture framework itself cloud computing platform for public and Open Source Cloud Stack to allow customers the fl exibility to move private clouds. It is currently supported by A simple cloud environment can be between cloud vendors seamlessly, Platinum, Gold, and Corporate Sponsors described by introducing an open source keeping the cost of the service off ering of the IT industry. IBM is a platinum cloud deployment model as shown in within competitive rates and innovate member of OpenStack foundation, who Fig. 1: new features to keep customer interested provides a signifi cant contribution in The above architecture is based on a without reinventing the wheel. funding, promoting and adopting the principle of three building blocks for cloud Today, the strategic demand in IT OpenStack model. environment such as: market is to use open source products to Compute is responsible for all creation keep the service off ering cost attractive Benefi t of OpenStack of virtual servers, where customer’s and standardized. Cloud computing All of the programing and micro code applications will be hosted. caters open source products to build for OpenStack is freely available under open standards for cloud architecture framework. Now when we correlate open source stack into cloud computing, let us take a look into the basics of cloud computing before we venture into open source modelling. ‘Cloud’ is a term wisely and loosely defi ned in several places, in general, where data processing and storage takes place without a physical presence of a particular hardware or computing environment located from user’s perspective to carry out the work. There are numerous defi nitions of Cloud computing found in Fig. 1: (source: htt p://www.openstack.org/soft ware ) IT journals or internet, in the context of

CSI Communications | February 2014 | 12 www.csi-india.org Networking provides a communication The components of OpenStack architecture is described in the table 1 below: channel within cloud environment as Component Project Code Description well as outside world for customer applications. Dashboard Horizon A web-based front-end UI for managing open stack services. Storage holds all the customer application data and customer image catalogue as Identity Keystone A centralized identity service that provides authentication and authorization for other services, and manages users, storage repository. tenants, and roles. Let us understand the components OpenStack Quantum A networking services that provides connectivity between available behind the building blocks of Networking interfaces of other OpenStack services. OpenStack, illustrated in Fig. 2. Let us start with a small and simple Block Storage Cinder A service that holds the customer data. thought. Ever felt like creating your own Compute Nova A services that launches and schedules networks of private cloud on your desktop or laptop? machines running on nodes. Or, just wanted to explore what the Image Glance A repository of virtual server’s templates for rapid cloud software really does? If you think provisioning for customer. there’s too much cost involved for these initiatives, think again, because open Object Swift A central storage repository for customer to store and source is there to rescue. Storage retrieve their data as needed like a drop-box. Metering Ceilometer It’s required for service provider for billing the customer on Build Your Own Private Cloud their cloud resource usage e.g. a household electricity bill As we described the building block and based on monthly usage. various components supporting the cloud model, it’s a time for us to look into the Orchestration Heat It provides an orchestration of customer profi le to automate basic requirements to create our own and manage the service life cycle. private cloud environment. Table 1 Hardware Intel x86 (VT enabled). In most cases, SUSE Linux Enterprise Server (SLES), KVM (Kernel-based Virtual you would need one to three physical openSUSE, Debian and Fedora can be Machine) as a Selected Option to machines, which can be from any vendor used for cloud platform. Build a Cloud Computing Platform to run cloud controller, network controller Study of Open Source Hypervisors The key reasons for selecting KVM and Compute node services. We will Hypervisor is the backbone behind the out of other studied hypervisors was discuss these services in subsequent virtualization and a key ingredient of its enterprise class performance and sections. cloud computing deployment model. We fl exibility, however following features could Operating System made a comparative study of various be common across other hypervisors. Common fl avour of Linux such as Ubuntu, Hypervisors under GPL and it’s shown in • No vendor-lock – All Enterprises Red Hat Enterprise Linux (RHEL), CentOS, the table 2: prefer the fl exibility and choice rather

Fig. 2

CSI Communications | February 2014 | 13 Name Host CPU Host Operating Guest OS(s) License System (OS) Intel x86, AMD64, IA-64, PowerPC 64, Linux Various Linux distributions GPL SPARC/64

X86, x86-64, IA64 NetBSD, Linux, Solaris FreeBSD, NetBSD, Linux, Solaris, GPL Windows XP & 2003 Server

Intel/AMD processor with x86 virtualization, Linux Linux, Windows, FreeBSD, Solaris GPL IA64, s390, PowerPC

X86, AMD64, IA-64, Alpha, PowerPC/64, Linux Various Linux distributions GPL PA-RISC/64, SPARC/64, ARM, S/390, MIPS

Intel x86, AMD64, IS-64, PowerPC 64, Linux Various Linux distributions GPL SPARC/64 X86, x86-64, PowerPC Linux Linux GPL

X86-64, SPARC No host OS Windows XP, 2003 Server (x86- GPL 64 only), Linux, Solaris Table 2

than expensive lock-in to one vendor Virtual Networking Walrus, a cloud storage application technology. To optimize network communication compatible with Amazon Simple Storage • Cost of ownership - KVM is present among virtual machines (VMs), you need Service (Amazon S3). It uses Operating in existing Linux kernel today. Market a virtual switch. The most commonly used System as Ubuntu, RHEL, CentOS, SLES, analysis shows that KVM is ~39% is known as Open vSwitch. It is the default openSUSE, Debian and Fedora. Eucalyptus cost eff ective over a period three switch in the Xen Cloud Platform and also supports various hypervisors such as years TCO compared to competition supports Xen, XenServer, and KVM. VMware, Xen and KVM. (e.g. VMWare). Study of Various Open Source Cloud OpenNebula is also a very well-known • Enterprise Class Performance - In Management Software open source product; it supports private SPECvirt benchmarks test between cloud construction and the idea of hybrid a popular virtualization technology OpenStack is most popular open source project running in current market. It has clouds. It uses the Operating Systems as VMware and KVM, KVM showcased OpenNebula, which is included in Debian a higher performance and more backing of IT giant ﬁ rms like IBM, HP, Cisco, Redhat etc. It supports most of wheezy, Ubuntu Natty. It also supports number of a virtual machines running Xen, KVM and VMware as a hypervisor. on a single host. When it’s running the popular virtualization layers such on IBM platform, it published 94% as but not the least KVM, VMware ESX, Xen Cloud Platform (XCP) is another open better virtual machine consolidation Microsoft Hyper-V. source Cloud environment which supports capability than the nearest Eucalyptus is one of the popular open full release of the Xen Cloud Platform. This competitors. source packages for building cloud includes Xen hypervisor and it supports • Security - It uses the SELinux security computing infrastructures. Its Interface is guest Operating Systems such as Redhat, feature of Linux which provides compatible with Amazon EC2. It includes Debian, CentOS and SuSE. Mandatory Access Control (MAC) security between virtual machines. This supports cloud off ering companies with multiple customers to provide advanced security protection in the cloud environment. Security-conscious enterprises can create secure, open virtualization IT environments and private clouds, and save money on virtualization security tools. • Flexibility - KVM off ers a greater ﬂ exibility in terms of allowing to manage with various management tools compared other studied hypervisors. Fig. 3

CSI Communications | February 2014 | 14 www.csi-india.org Some of the other known products OpenStack Dashboard. It also runs Summary are OpenQRM for an automatic, rapid portions of the OpenStack Compute We understand that market especially deployment, monitoring and high- service such as the API server, for large enterprise business is led by availability and Nimbus which is the scheduler, conductor, console proprietary cloud service vendors for compatible with Amazon APIs. authenticator, and VNC service. a various reasons such as brand value, Building OpenStack Cloud model Finally, it hosts the API endpoint for immediate vendor support, complex the OpenStack Network service. In collaboration with client’s organizations integration program etc., however open source technologies continues to be strategy, we realized that client wants to • Network Controller – It delivers driving innovation in cloud computing enjoy enterprise class performance with the bulk of the OpenStack Network technologies such as Infrastructure lower cost, fl exible, scalable solution for services such as DHCP, layer virtualization, cloud management, big rationalizing their computing environment. two switching and layer three data etc. As industry is focusing on To address this requirement, an IaaS cloud routing, fl oating IPs, and metadata standardizing the cloud infrastructure, off ering based on OpenStack with KVM connectivity. service model, service integration, open can be built. • Compute Node – It runs the source will continue to be considered The diagram shown in Fig. 3 OpenStack Compute service as well as seamless standardized model for represents an OpenStack Cloud as the OpenStack Network service cloud modeling and proprietary service Deployment Model to build private cloud agent. This server also manages an providers will be more innovative and environment. OpenStack-compatible hypervisor open to collaborate across products than OpenStack provides a great fl exibility such as KVM. This server will creating a shell of single of point of failure. with respect to how its individual services host the actual virtual machines can be hosted e.g. the services that run (instances). References on the Network Controller can easily be This paper is based on authors’ own industry installed on the Cloud Controller. There Integration with Enterprise Cloud experience of cloud consulting with various is other fl exibility such as OpenStack When we think of open source, most clients and business partners along with Image service can be installed on its own of the time it lacks the interoperability their real life implementation experience server (or many servers to provide a highly with leading enterprise cloud. There are of building end-to-end cloud model using availability service). quite a few open source cloud stacks various open source products such as The above diagram shows an available in the market, but their ability OpenNebula, OpenStack etc. However implementation view i.e. operation model to integrate with the industries renowned for this study, following reference points of cloud environment using OpenStack. cloud solution off ering is a big question. are considered. More technical details It shows three basic components of the Integration with enterprise cloud allows, on various open source cloud computing cloud deployment model: customers greater simplicity and fl exibility environment can be found below: • Cloud Controller – It provides all to manage their private or public clouds, [1] www.opennebula.org functionality of the cloud except taking full advantage of the stability, [2] www.eucalyptus.com hosting capability of a virtual effi ciency, performance, scalability, and [3] http://www.openstack.org [4] http://en.wikipedia.org/wiki/OpenStack machines or providing network security of enterprise cloud. OpenStack [5] http://www.xenproject.org/developers/ services. This server will host the Supports integration using the API’s to teams/xapi.html OpenStack Image service, the popular enterprise cloud off ering such [6] http://www.spec.org/virt_sc2010/ OpenStack Block Storage service, the as Amazon EC2, S3,Rackspace, IBM, HP, [7] http://www-03.ibm.com/systems/ OpenStack Identity service, and the Dell, Oracle for an easy migration path. virtualization/kvm/whykvm.html n

Debasis Roychoudhuri is an IBM Certifi ed Senior Architect and Enterprise Solution Architect of Business Modernization in IBM India. He has 16 years Industry experience, encompassing roles across the verticals, specializing in application infrastructure design, server consolidation and workload migration from legacy IT environment to various virtualized and cloud environment. He has been instrumental in IBM Global Delivery for developing several cloud computing initiatives such as open source Cloud integration with IBM software, enabling client and business partners in various cloud environment. He is involved in several cloud education initiative in various universities and engineering institutes as part of IBM University Relationship program. He is also Certifi cation Review Board member for Architecture Review Board (India). He is currently supporting large fi nancial and mining organization of Australia as a lead architect, modernization. He can be reached at [email protected]. Biswajit Mohapatra is an IBM Certifi ed Consultant and Global Integrated Delivery Leader for IBM AMS Business Application Modernization (BAM) practice. He is IBM India Competency Head for Global Specialized Application Modernization (AM) and Conversions & Migration (C&M) Competency. He has 17 years of multi-functional experience in the IT industry spanning across consulting, defi ning technology roadmap, solution architecting, off ering incubation, technology innovation, solutioning, capacity and capability development, establishing practice based teams, large account management. His current responsibility includes growth of Application Portfolio Rationalization, Application Analysis and Implementation Roadmap, Business Rules Extraction, Porting, Conversion, Restructuring, Re-engineering, Consolidation, Web Enablement, Legacy to SOA and Cloud Modernization Business. He can be reached at [email protected]. Mahesh Jadhav is Cloud Computing Infrastructure Architect working for Business Application Modernization practice in IBM Global Delivery. He has more than 13 years IT industry experience spanning across designing infrastructure architecture, datacentre relocation, server consolidation, migration, IT landscape discovery, transformation planning and implementation to cloud. He is involved in building Open Cloud model using open source products such as OpenStack and KVM. He is currently working as Cloud Architect for IBM Australia to implement IBM Smart Enterprise Cloud+ (SCE+) for multiple large enterprise engagements in ANZ region. He is holding multiple IT certifi cation such as Microsoft Certifi ed system Administration (MCSA), VMware Certifi ed Professional (VCP), Redhat Certifi ed Technician (RHCT), IBM Certifi ed AIX Operator, IBM Tivoli product certifi cation. He can be contacted at [email protected]. About the Authors

CSI Communications | February 2014 | 15 Rajeev Sangal Research Director, IIT(BHU), Varanasi Front A Research Oriented Undergraduate Curriculum: Design Principles and Concrete Realization

Curriculum making is always a diffi cult Research Orientation and Human and build things. One should be able to exercise – with much material to be covered Qualities capture this enthusiasm and lead the in a limited period of time. However if the Many students, when they enter student in fulfi llment of his or her dreams. goals and the overall direction is clear, it engineering, are full of enthusiasm to It would also indicate to the student that helps in making curricular choices. Here, understand new areas, to build systems the fulfi llment of dreams also requires hard we describe the design of a curriculum and to experiment and play with them. work, and that it can be a journey of joy. to support undergraduate research in For some, it might be a passing fancy Catching the Enthusiasm – Can I Computer Science and Engineering (CSE) but the real question is whether this and in Electronics and Communications Build a Talking Robot Here enthusiasm can be tapped so that it leads If a new student asks whether he can build Engineering (ECE). Such a curriculum has to exploration and sustained pursuit by been implemented and is in operation a robot or a talking machine or a wireless the student. If nurtured, what can follow network, we should be able to answer him at IIIT-Hyderabad. We discuss what is the development of a deeper interest in or her as yes (provided, of course, there is choices need to be made for a research the chosen area or topic of study. faculty in that area). If the student further oriented undergraduate curriculum, and The curricula of BTech programs asks when can he start, we should be able as an illustration, how these choices were in CSE and ECE at IIIT Hyderabad to answer now, and most importantly, implemented at IIIT Hyderabad in case of were designed, in part, to capture this draw a step by step plan for the student CSE and ECE. enthusiasm of the student at an early to purse his or her passion. This would Goals of Education stage, and channelise it towards research require project work in conjunction with The goal of the UG program in right at the undergraduate level. relevant courses. The curriculum should engineering is to produce students with It is also recognized that it is not come in support of such a plan. It would three qualities: suffi cient for a student to be good in a mean the ability to schedule relevant A. Analytical ability (ability to analyze narrow area of study, but there must be courses to aid the research passion. given situations), a multifarious development of human And here lies the curricular challenge. B. Building ability (ability to design with qualities in his personality. If one keeps Diff erent students might want to pursue creativity), and this as an equally important aspect, diff erent areas and therefore may have to C. Caring and character (sensitivity to several new elements become a part of do diff erent courses. Diff erent courses will others and courage to act on one’s the curriculum. have their own pre-requisite requirements. beliefs) In fact, the pursuit of the above How can the curriculum support courses two aspects (research orientation and in many diff erent areas at an early stage? These are the ABC of education. They are human qualities) should not be carried The only way out is to build fl exibility in not to be construed in a narrow disciplinary out in an isolated manner, but in a closely the curriculum and to structure it suitably. sense, but in the widest possible context intertwined manner. Research orientation Therefore, the challenge is to provide of life and living. A and B pertain to “how cannot stand on its own without the the student with fl exibility in scheduling to do” and C pertains to “what” and “why” student receiving a larger view of life and courses and yet satisfy the pre-requisite of life. society, and gaining an understanding chain of courses! This challenge was They include learning of skills and of human aspirations, social good, and eff ectively solved in the curriculum design concepts in the discipline and allied enrichment of nature. at IIIT-H, and the important elements in areas, understanding of society and the the solution are given below. individual in the larger social context, Guiding Principles for Research development of sensitivity towards other Orientation Layered Learning – Practice– human beings and nature, and the ability The curriculum should encourage the Theory–Practice to feel and refl ect about oneself. creative expression of the student in the To develop a good grasp of the subject in Certain meta-skills are also very areas chosen by him or her in the light of the student, usually the theory is taught important, for example, learning to deal the goals of the institution. For example, and the student is asked to apply it in with unstructured situations, ability to students entering engineering studies in a diverse settings. This is done thru home empathize, communicate, and learning-to- research oriented technology institution, assignments within a course. When done learn. Since this paper is about curricular should be encouraged to do research well, it develops good analytical ability design and not about the goals and their and undertake design. In fact, many among the students. Usually this is inter-relationships, a discussion on these students join such an institution with the what distinguishes the good institutions aspects is left for another time and place. enthusiasm to learn about technology from others.

CSI Communications | February 2014 | 16 www.csi-india.org However, this is not suffi cient to database access, graphic user interfaces, etc can be classifi ed as fl exi-core. While develop a “deeper” understanding. Such an software systems analysis & design etc. they would have a recommended place application of the theory when done only And this is before they have done a full- in the curriculum schedule, they can be through home assignments and exercises, fl edged courses on computer networking, postponed or preponed by the student takes place in narrow contexts and does database management systems, user to be able to do a relevant course for the not develop problem solving ability in real interfaces and software engineering. In research stream at an early stage. For life wherein one has to apply the theory the third course in the workshop sequence example, a student wanting to do research covering topics spanning many diff erent (in the 3rd semester), every student does on distributed systems, can take up courses. One way to address the above is a project – usually building a complete courses on queuing theory and advanced through projects as part of courses as well end-user application. The entire faculty, operating systems between 4th to 6th as independent projects in the curriculum. and not just the course instructor(s), semester, and delay the fl exi-core courses Perhaps, all universities have the fi nal participate in providing and guiding the on Artifi cial Intelligence and Compilers year BTech project, but it is too little, too projects. The experience is thrilling for the to later semesters. Similarly, a student late. Theory and practice should come in student, in building a life like application wanting to work in Natural Language layers, several layers within the 4-year and see it work. Ability to solve real life Processing can take AI and Linguistics curriculum. problems through skills (to use tools and courses early, and delay DBMS and To develop the design and synthesis power tools) creates a great sense of Computer Networks. ability, the above is not enough. It is empowerment in the student. also important to learn to deal with There is a sobering side as well. Many BTech (Honours) - Beacon Lights unstructured situations. It should develop students get a feel of limitations of the for Research intuitions and creative ability. One way systems they have built. Their attention A student interested in doing research in an of achieving it is to reverse the theory is also drawn to a need for concepts. area or stream within the undergraduate and its practice and move to practice Later on when they do the proper theory program must realize that it requires and then theorize, in other words, to courses (for example, in computer adequate preparation in terms of course explore through practice and follow with networks, DBMS, user interface, software work, self reading and focused work. To theory. One should expose the student engineering and compilers, etc.), they make all this visible to the student and to problem areas, ask them to apply their appreciate the relevance of theory, and then to recognize those students, who mind to come up with solutions, without see at least the direct need of some of the successfully complete it, a special degree waiting for the theory to be taught. There concepts (e.g., synchronization, normal is given called BTech (Honours). As a part is another benefi t in this approach. When forms of data, automata, etc). This acts as of the degree, the student is required to the student learns theory later, he or she a motivation to learn theory, in general. choose a stream to register for project is able to appreciate the importance of These layers are repeated in the overall credits from 5th to 8th semester. He is concepts because he or she has already academic setting. When the students do also required to do stream courses from implemented or built things and has felt the next layer of practice, the learning is 5th to 7th semester which help in building the need. (This matches with the urge in deeper and more intense, and so on. the requisite background along with the projects. (For a list of streams and the today’s youth to ask “why” before doing Flexibility in Curriculum – Lean Core or learning anything. The practice helps courses that constitute it at IIIT-H, see provide such a question naturally. The and Flexi-Core Appendix 1.) courses or theory provides the answer.) It has been mentioned earlier that a Thus, the curriculum opens out to At IIIT-H the principle of layered research oriented curriculum requires support a student interested in pursuing learning has been adopted and the space for elective slots during the early an area. It allows him or her to pursue curriculum is designed accordingly. It years. There are two ways to achieve this, courses relevant to his or her research implements both the idea of layers and and perhaps both can be pursued while area at an early stage, and postpone other the idea of developing intuitions through making the curriculum. courses to later. practice-theory–practice. First, the set of compulsory courses For the BTech (Honours) degree, there should be “lean”. Before deciding to is an additional academic requirement of Skills Imparted Early – put a course in the core or among the doing projects (worth 8 credits or 2 course Using Power Tools required courses, it should be carefully equivalent) beyond what is required of A very important part of layered learning evaluated whether it ought to be there. all BTech students. This is rightly so, as in practice-theory-practice is to impart Considerations for required courses are it requires the students to put in extra skills. These skills allow a student to build many, ranging form disciplinary integrity eff orts for a coveted degree. things based on imagination. Accordingly, to pragmatic needs, but the core must be special sequence of courses were kept lean. Addressing Student Concerns – designed at IIIT-H called IT Workshop Second, one needs to bring in the Making it Work and EC Workshop courses which allow concept of fl exibly scheduled core (or While the above issues are the key a student to do rapid prototyping using fl exi-core, in short). Flexi-core consists to implementing a research oriented software tools and hardware platforms as of required courses, but which can curriculum, there are some practical the case may be. For example, a sequence be scheduled fl exibly by the student, factors that need to be handled. First, of 3 courses in software tools and scripting particularly by those students who wish while a student might be willing to in the fi rst three semesters of BTech in to pursue a research stream. In CSE for postpone some fl exi-core courses, he CSE, introduce the student to scripting, example, Database Systems, Computer should not feel handicapped because he Unix utilities, socket programming, Networks, Compilers, Artifi cial Intelligence has not yet learnt the requisite skills which

CSI Communications | February 2014 | 17 one’s peer would have learnt. Besides, candidates for initiating convergence and partitioning, through separate courses in some of the skills might be required to can be made a part of the core. For example, Physics, Chemistry and Biology aff ects build prototypes for one’s own research. CSE core curriculum could include Digital such an integrated view adversely. Science The separation of skill based workshop logic1, Basic Electronic Circuits and should come as an integrated whole. courses (already described in section Signals & Systems, and ECE core must Integrated courses, if suitably designed, 3.3) play a crucial role in addressing such include Programming, Data Structures develop a holistic view, while at the same a student concern. and possibly Discrete Mathematics. This time being rigorous. would make it possible for the students Second, for the student to choose General Engineering – Complex a stream intelligently, suitable exposure to take relevant advanced courses across needs to be provided. (Even though the disciplines with relative ease. Systems Courses in general engineering should student has made a much bigger choice Making Convergence Work – Flexi- of a branch at admission time with much give a fl avor regarding other engineering less real information, our attempt here Core to Bouquet Core disciplines to the student. They would is to provide some real exposure and Here comes another diffi culty. If the new show how simplifying assumptions are experience for making a more informed material in the convergent curricula has made in dealing with real life engineering choice.) This is accomplished by making to be covered, which is as much as two to problems. Domain knowledge is imparted it possible for the student to take a fi rst three courses, the curriculum becomes too to give the student an understanding of course in his or her stream right in the 4th packed with compulsory courses. In other a diff erent kind of problem solving as semester. If the student has not decided words, the core becomes fat and starts compared with science. on his stream area, he or she can try out crowding out the space for electives. Over the years, mankind has fi rst courses from a couple of streams. And without early electives, (as early attempted to build complex systems This provides a semester long exposure to as in the 4th semester), the research through engineering, they span large the student about the area. This practically oriented curriculum would not work. Thus, geographical area, or high density means that in the curriculum there should convergence can elbow out the research networks on micro devices. Plethora be at least two elective slots or more in the orientation. of inter-dependencies among diff erent 4th semester. The answer to this is to introduce aspects have to be taken into account in The summer internship after the 4th bouquet core. Like fl exi-core, the bouquet the design, building, and maintenance semester provides yet another exposure core courses can be scheduled fl exibly by of complex systems. Examples are to the area or stream to the student, this the student. However, unlike the fl exi-core, urban town planning with spaces for time on doing a project in the area. So not all courses in the bouquet core need to living, work, outdoors, education, health, when the student makes a formal choice be taken. Doing a limited number (say, 6 entertainment and logistics; river water of the stream at the beginning of the out of 10 courses) is suffi cient. It is based basins with man made dams and micro 5th semester, it is based on some real on the philosophy that if a student does water sheds; electric grids with mega experience. the substantial majority of the bouquet power plants, connected to large number Third, the curriculum for BTech core, the parts not taken by him or her of loads with complex monitoring for (Honours) is a strict superset of the either get covered thru peer learning or effi ciency or robustness; etc. BTech curriculum. If a student in BTech are left for self-learning. One has to resist Role of computational models in (Honours) feels that he or she has made the temptation of teaching too much! design, running, and repair of complex During the major revision of its a wrong choice of area or does not wish engineering systems has become crucial curriculum in 2008, IIIT-H went from to be in the research stream, he or she can today. Therefore, it is important to convey fl exi-core to bouquet core. always come out of it and stop doing the computational aspects with the domain extra work. He or she still qualifi es for the Breadth in Science and Engineering knowledge. IIIT-H has introduced “integrated normal BTech degree. We have discussed so far on the research science” courses and course on “complex At IIIT-H, it has been seen that 30- orientation in the context of the discipline engineering” as core course for all 40% of the BTech students opt for BTech (CSE or ECE). This section focuses on students of CSE and ECE. Computational (Honours). Seldom do they drop the option. imparting the breadth of knowledge in aspects are given special emphasis. Convergence of CSE and ECE – science and engineering. In fact, research orientation could also be developed in a An interesting aspect of this curricular Circuits and Programs chosen area outside of CSE or ECE. design is that the research orientation Increasingly today, a software engineer which brings in depth in a chosen area of needs to understand the hardware device, Science Courses – Understanding CSE or ECE does not entail cutting down and the hardware engineer needs to Mysteries of Nature breadth in science and engineering in a understand and write software. A number The natural science courses impart a substantial way. The depth is achieved of new developments in hardware and breadth of knowledge to the student. by early scheduling of relevant courses in software co-design are expected to bring They not only help the student gain an the area within CSE or ECE rather than by the traditional CSE and ECE even closer understanding of nature but also illustrate cutting breadth. together in the future. how one can think and reason about the It is also possible for the interested The curricula for BTech in CSE and mysteries of nature along with an exposure student to choose a stream in a BTech in ECE need to be brought closer to methods and techniques used. computational domain area. At IIIT-H, together. Even if total convergence may The student should get an integrated computational domain streams are not come about, certain courses are prime view of understanding nature. Early Computational Natural Science,

1A new course called Digital Logic and Processors, as a part of convergence, is now taught to students of both CSE and ECE at IIIT-H. It replaces the Digital Logic course

CSI Communications | February 2014 | 18 www.csi-india.org Bioinformatics, Spatial Informatics, Human Values courses address this Research, typically in the same discipline Intelligent Buildings, Computer Aided aspect. The goal of these courses is not (CSE or ECE). The fi fth year is entirely for Structural Engineering, etc2. to preach values, but allow the student to MS dissertation to do original research. discover values already within himself or The student in the dual degree Humanities – Life and Living in herself. The discovery begins with drawing program chooses an area as a stream in Society attention of the student to the self, but his or her 5th semester, as a normal part As the students come into engineering, then allow him or her to explore and of BTech (Honours). It is straight forward more narrowly focused then ever before, experiment. Experimentation also leads therefore to continue to work in the area in both in their interests and training, it has to connecting with real life, and observing the fi fth year and produce a solid piece of become imperative to strengthen the one’s thoughts and feelings. work in the thesis. Humanities course off erings. Human Values courses at IIIT-H Students can either choose the dual The humanities courses provide get conducted in small groups through degree at UG admission time or can opt to understanding regarding the human being discussions and relate to the self. Issues switch from 4-year single degree to dual and the society. They could be off ered in discussed pertain to self esteem, peer degree by their 6th semester. The dual such a way as to relate to contemporary pressure, relationships in family, feelings degree program as an option to switch has issues in life and society, rather than of trust, respect, aff ection, society and been running successfully at IIIT-H ever as disciplinary courses. For example, the self, nature and human being, etc. since its inception in 1998. they could draw the attention to human these are to be observed in oneself and Trans-Disciplinary Programs sensibilities through art, literature, and explored further through self observation Science and mathematics entered human values. They can also try to connect and experimentation in real life. engineering education in a big way in the the student to the larger social context. Jeevan Vidya as a humanistic- 1960’s leading to what began to be called Humanities projects is another way philosophy forms the base of the Human science based engineering. Similarly, to bring studies in humanities close to Values courses at IIIT-H, which are a part computing has entered the practice of their lives. These may include visits and of the core courses. A slow but sweeping engineering today. The practice as well surveys of nearby communities. Reading change has come about in the atmosphere as the theory in engineering is likely to courses by which a student reads classics of the institution. during the summer could also be started. be recast today. Therefore engineering Six courses or about 15% of the Projects – Layered Learning Again education is likely to undergo a change curriculum at IIIT-H is devoted to the Independent Projects are an important like it did in the 1960s but this time based Humanities. Course off erings vary from part of layered learning. While projects on computing. However, these changes art, dance literature (in Hindi, Telugu and within a course are important and would not be limited to engineering English) to courses in sociology, work contribute to learning of the material but would aff ect other domains as well, and life, political and economic thought, within the course, independent projects including the humanities. education, philosophical thought (e.g., can straddle material from several To help create such a synthesis, IIIT-H Indian and Greek thought), dharma and diff erent courses. They permit a synthesis has started three 5-year trans-disciplinary constitution, non-violence, humane across courses. programs leading to the following dual society, etc. BTech project (typically, over the degrees: Great emphasis is placed on the fi nal year) is a part of most undergraduate a. BTech in Computer Science, MS in Humanities. Its importance is brought engineering curricula. At IIIT-H, the BTech Computational Natural Science out to students at IIIT-H at every major project is over 6th and 7th semester, thus b. BTech in Computer Science, MS in opportunity by the university’s leadership. allowing for an intervening summer for the Computational Linguistics As a result, students and alumni with students who wish to overreach. It also c. BTech in Computer Science, MS in engineering background have started makes 8th semester available to those Exact Humanities joining PhD in Humanities (though the students who wish to write a research These are integrated programs in which numbers are small). paper, or convert their implementation the study of the domain starts right from into a usable software, and is great for Human Values and Self – The Human the fi rst year, and is woven with the study transfer of knowhow to the new students, of CS. They start research oriented project Core who wish to continue the project. work from 6th semester onwards, leading Courses in sciences and engineering Students in the BTech (Honours) to a thesis in the fi fth year. are externally oriented as they study program do project(s) through 5th to The programs started in July 2009, nature or how to engineer. Most courses 8th semesters. These at times result and are full of synergy. The students in Humanities today have also become in substantial work leading to research enrolled in the program are enjoying and externally oriented - where they study publications. hopefully, in time to come, will help create society or its aspects as an external the new synthesis. The results of running object. The emphasis in such courses is Integrated Dual–Degree these programs will be reported in due on analysis and/or building of artifacts Programs – Continuing the course of time. or systems (the AB of education). Caring Research Momentum and character (the C of education) is A natural extension of the research Outcomes at IIIT-Hyderabad largely missed. There is a need therefore oriented undergraduate program is the A curriculum based on these principles has to have space in the curriculum to allow 5-year integrated dual degree program. been in operation at IIIT-Hyderabad since the students to explore and develop their It leads to two degrees at the end of its inception in 1998. In 2008, a major self, leading to caring and character. fi ve years, BTech (Honours) and MS by review was done which resulted in some

2There are also 5-year integrated dual-degree “trans-disciplinary” programs spanning CSE and the respective domains (science, engineering and humanities) which are discussed later

CSI Communications | February 2014 | 19 amount of redesign of core courses, greater positive regarding their ability to deal nature and wastage of physical resources convergence of CSE and ECE, introduction with unstructured problems. Perhaps, (in particular, electricity and water) is of bouquet core (instead of fl exi-core), a “research aptitude” rubs on others another area of impact. Role of money and major revamp of Humanities courses and through peer learning even when they career choices are much discussed among some structuring of elective slots. It was have not participated in sustained the larger peer group but no immediate followed up in 2009 with the introduction research directly. Industry which produces change in their decisions is visible at this of trans-disciplinary programs. products or engages in R&D hires most of time. Overall there has been a change What have the outcomes been? the undergraduate students out of IIIT-H. in institutional environment towards BTech (Honours) program has been An increasingly larger number of students relaxation, more open discussions, and hugely successful. It was thought that only is also going for higher studies. perhaps greater academic seriousness. It 1% to 2% students would be interested in There was apprehension when can be said that a seed has been planted, research. But the numbers are close to the program started that students are it can be judged later as to how well it 30% to 40%. It has led to the creation of specializing too early. Perhaps they are sprouts. large research groups with critical mass choosing a stream when relatively young, in the institution. Three of the research however it is not coming at the cost of Summary We have described a research oriented groups are the largest in this part of the breadth. The option to quit the BTech undergraduate curriculum and the issues world. Language Technology research (Honours) program at any time, has which arise in its design. The major design group is 130 strong, spanning natural allayed these initial fears. (The student principles were: language processing, search and speech. also has the option to change stream, if a. Catching the enthusiasm of students Computer Vision group is 90 strong. And done early.) – Empowering them to build or to do these groups have been created in a new Dual degree programs in the same research. institution only about a decade old. discipline bring greater commitment to an b. Layered–learning – Starting from Besides critical mass, it has also solved area. But correspondingly students have practice and intuitive understanding the problem of lack of critical continuity of greater facility to change their stream, and going to theory with its manpower in research groups. By critical as more time is available to satisfy the abstractions, and repeating it in layers. continuity is meant that continuity of the academic requirements, in case of a c. Structuring the research option group activity is maintained because all change. However, the sociological problem through streams as a part of BTech the important members do not all leave at which arise when relatively weaker (Honours). the same time. students opt for the dual degree program to d. Breadth in science and engineering Where there is a paucity of PhD gain admission into a prestigious institute, covered through a set of courses, students, most research gets done through but do not do as well needs to be handled. which emphasize integrated view MTech students. But MTech is a 2-year (Incidently, trans-disciplinary programs of their respective domains and program in which the fi rst year goes in are doing extremely well but they are too familiarize the student with their preparing the student. Therefore, one year young to be evaluated at this stage.) methodology. is available for thesis work. This means Humanities courses initially evoked e. Humanities courses woven into the that when new students start on their the response from students that they had curriculum to explore relationship to research all the old ones have left or about thought these subjects were “over with” life and society. to leave. It becomes impossible to maintain after their school education. After all, f. Human Values course to focus on the continuity of research within a group. engineering curricula in most institutions self, including thought and feelings, The research oriented have no humanities courses. But soon but without preaching’s and dos and undergraduate program solves the this view changed. They found them to don’ts. problem of critical continuity eminently be exact and rigorous but diff erent. Many as the BTech (Honours) students spend students enjoy them. The major issues which came up and were two years in the research stream, leading Incidently, response towards science handled were: to a clear overlap of one year between the courses was similar – how would these be (i) Flexibility in curriculum was old students and the new. Dual degree useful to me? The fi rst integrated science introduced at an early stage to students further deepen the links across course generated the response “Do I apply handle diff erent course requirements batches as they spend three years as part Physics while solving this problem or do I for diff erent streams. Flexi-core and of the research groups. apply Chemistry?” But slowly they see a bouquet core were introduced to At IIIT-H, a result of all this has more holistic view. Some BTech students provide the requisite space at an been not only research publications but even switch over to science, but the early stage. also system building, both for research numbers are very small. (ii) Skill courses were specially designed and applications. Transfer of technology Human Values courses were fi rst as separate workshop courses to to industry has also begun to happen introduced in 2005. The group discussions impart skills early. because of the critical mass and critical have been seen as a place where they (iii) Humanities courses were introduced continuity. can discuss their concerns about life to expose students to issues in wider Those students who do not take and living with their faculty mentors and society and human sensibilities. the research option (that is, do not take group members. The students say that the Human Values course was introduced the option of BTech (Honours)), are course has helped them, for example in to focus on self and apply in one’s also recognized by industry for their controlling their anger and understanding life - namely, in thought, feelings, high degree of skills. Feedback is also their relationships. Sensitivity towards behavior and work.

CSI Communications | February 2014 | 20 www.csi-india.org Outcome of the research oriented between CSE and ECE was given a greater Engineering Degree at CMU, Proc. of IEEE 13, 9 curriculum has been exceptional. By push by RN Biswas. Integrated science (Sept. 1995). [3] Gaur R R, Rajeev Sangal, G P Bagaria, A Foundation providing critical mass and critical courses were designed by Krishnarajulu Course in Human Values and Professional Ethics, continuity, it has facilitated the emergence Naidu originally, and by Harjinder Singh Excel Books, New Delhi, 2010. of strong research groups. Breadth in later. Engineering courses for complex [4] Karukstis, Kerry K., and Timothy E. Elgren, (Eds.), Developing and Sustaining a Research- general and humanities in particular has systems were proposed by KS Rajan. Supportive Curriculum: A Compendium of helped shape the student thinking towards Humanities courses were structured by Successful Practices, Council on Undergraduate broader and more humane outlook. Navjyoti Singh. Research, 2007 (http://www.cur.org/ The importance of domains and IT publications/compendium.html). Acknowledgement [5] Ramancharla, Pradeep Kumar, Rajeev Sangal, was originally emphasized by Raj Reddy Abhijit Mitra, Navjyoti Singh and Kamalakar The research oriented CSE curriculum was and Narendra Ahuja, which eventually led Karlapalem, An Experiment on Introducing implemented at IIIT Hyderabad in 1998, to the development of trans-disciplinary Human Values Course in Undergraduate right from the inception of the Institute. Curriculum of Engineering Education. Northeast programs. American Society of Engineering Education Many of the ideas presented here evolved Finally, thanks go to the exceptional Conference, April 03-04,2009 University of through experimentation. They led to the faculty and the enthusiastic students at Bridgeport. http://www.iiit.ac.in/~sangal/fi les/ development of fl exi-core and workshop IIIT-H who made the curriculum a reality. papers/2009_75.pdf courses, fi rst of which were taught by the [6] Sangal, Rajeev, A Research-Oriented (Prepared: October 2011 Author's current Undergraduate Curriculum in Computer Science, author. address: Director, IIT(BHU), Varanasi) Communications of Computer Society of India, A number of people have January 2008, (Originally written in 2002). URL: contributed to the development of ideas References http://web2py.iiit.ac.in/publications/default/ [1] ACM: The Computing Curricula Computer download/article.pdf.8a71d2da-9e6c-4536- presented here. Kamal Karlapalem as Science Volume, http://www.acm.org// 9678-5c7d4f61c763.doc Dean (Academics) carried the core education/curricula/ComputerScience2008.pdf [7] UG Curriculum 2008, IIIT Hyderabad, 2008. ideas forward in the curriculum revision [2] Director, Stephen W, Pradeep K Khosla, Ronald (http://www.iiit.ac.in/academics/curriculum) A Rohrer, and Rob A. Ruenbar, Reengineering of 2008. PJ Narayanan introduced the the Curriculum: Design and Analysis of a [Sample curriculum will be published in the next issue of idea of bouquet core. Convergence New Undergraduate Electrical and Computer CSIC as a continuation of this article.] n

CSI Communications | February 2014 | 21 L Sunitha Article Associate Professor, CSE

Social Networking: Emerging Trends, Issues and Applications

Web site dedicated to social networking Yelp announced their entrance into the 2. My Flickr and Happy Flickr: Every social is meant for communicating informally location-based social networking space network lets us upload lots of pictures. We with other members of the site, by posting through check-ins with their mobile. can choose how big we want each photo messages, photographs, etc. Social to be and how we want them arranged. Major Issues in Social Networking networking has emerged as a practice of Since the images are hosted on the Flickr expanding one's business and/or social Privacy website we need to create a free account contacts by making connections through Privacy with social networking services has and upload our photos. raised growing concerns. Users of these individual’s interactive websites with services need to be aware of possibility 3. iLike: We fi nd that Facebook and message boards, chat rooms or using of data theft and/or viruses. However, MySpace let you add snippets of your the ability to leave comments and have large services, such as MySpace and favorite song to your profi le. We wish discussion with other people. Popular Netlog, often work with law enforcement more apps would follow iLike's tune. social networking sites that are primarily agencies to try to prevent issues over the used for socializing include Facebook, 4. Graffi ti: We start with a blank canvas, a control of data. Information that is altered MySpaceFriendWise, FriendFinder, Yahoo! palette of colors and a brush. Once we've or removed by the user may in fact be 360, Orkut, Classmates and LinkedIn. created our oeuvre, we can save it to our retained and/or passed to third parties. profi le, and then hit the replay button to Emerging Trends This danger was highlighted in case of watch it get automatically redrawn on the While the popularity of social networking controversial social networking site. page. You will be amazed at the elaborate consistently rises, new uses for the Privacy on social networking sites can be and detailed drawings. technology are frequently being observed. undermined by many factors. For example, Emerging trends in social networking are - users may disclose personal information, 5. Text Twirl: Scrupulous may be the best sites may not take adequate steps to known word game on Facebook, but it's 1. Real-time web and location-based protect user privacy, and third parties not the only one. If we are in a mood for service: Real-time web allows users to may frequently use information posted on a diff erent kind of mind bender, try Text contribute content, which is broadcast social networks for a variety of purposes. Twirl (available here on Facebook and also to other users as and when it is being on MySpace). This is how it works: we get uploaded - the concept is analogous to live Data Mining six letters, and we use them to construct radio and television broadcasts. Twitter set Through data mining, companies are able as many diff erent words as possible within the trend for "real-time" services, wherein to improve their sales and profi tability. two minutes. users can broadcast to the world what With this data, companies create 6. Bubble Town: Just hold down your they are doing. Another real-time service customer profi les that contain customer mouse button, then "shoot" bubbles at focuses on group photo sharing, wherein demographics and online behavior. A other bubbles onscreen by releasing the users can update their photo streams with recent strategy has been the purchase and button. Another good game to challenge photos while still at the event venue. production of "network analysis software”. with friends guides an underwater diver 2. Cloud computing: Companies have Security: Access to information through dangerous terrain using only the begun to merge business technologies Many social networking services, such space bar on your keyboard. It's lot trickier and solutions, such as cloud computing, as Facebook, provide users with a choice than it sounds. with social networking concepts. Instead of who can view their profi les. This 7. BuyBooBuy and ProductPulse: If we of connecting individuals based on social prevents unauthorized user(s) from can't shop without a second opinion, interest, companies are developing accessing other users’ information. To edit check out BuyBooBuy on Facebook. Post interactive communities that connect information on a certain social networking a photo of the item you like, and other individuals based on shared business service account, the social networking site users will give it a thumbs-up or -down. needs or experiences. requires you to login or provide password. Since both of these applications have been 3. Foursquare: It allows for users to "check- This prevents unauthorized user(s) from launched in past few months, neither has in" to places that they are frequenting at adding, changing, or removing personal many subscribers yet, but we're pretty specifi c moment. information, pictures, and/or other data. sure they'll catch on. 4. GPS in phones to create a location- Applications 8. Doppler: Lots of people use maps on based user experience: Though in real- 1. Entourage and Friends At A Glance: their Facebook profi les to show you where time space, this is also a location-based Facebook and Friends at a Glance on in the world they are. Doppler helps you social networking site, since events MySpace let you see thumbnail images of meet up with friends who may be going to created by users are automatically hundreds of your friends at once. (or already live in) one of your upcoming

CSI Communications | February 2014 | 22 www.csi-india.org destinations. For now, this widget is communicate with all our contacts at once becoming objects of scholarly research. available only on Facebook, and you need including people who aren't on your social Social networks are providing a diff erent to sign up on the Doppler website to make network but can receive text messages way for individuals to communicate the app work. It doesn't look like much, on their phone. digitally. These communities of hypertexts but it's a lot smarter than many of the Conclusion allow for sharing of information and other travel apps we have seen. So, where Web-based social networking services ideas, an old concept placed in a digital will you be going next? make it possible to connect people who environment. 9. Twitter: Update your status when you share interests and activities across References are away from your computer with Twitter, political, economic, and geographic [1] en.wikipedia.org/wiki/Social_network a text message–based moblogging service. borders. Through e-mail and instant [2] en . wikipedia.org/wiki/Social_ To get started, sign up for an account on messaging, online communities are networking_service the Twitter site. If you use Facebook, you created. Facebook and other social [3] http://en.wikipedia.org/wiki/Social_ can add the app to your proﬁ le page, networking tools are increasingly networking_service#Features n

Lingam Sunitha received her MCA from Kakatiya University in 1999, and M.Tech (CSE) from JNTU, Hyderabad in 2009. She is now working as Associate Professor and also pursuing Ph.D in Computing Science and Engineering from JNTU Hyderabad, India. Her area of specialization is Data mining. About the Author

CSI Communications | February 2014 | 23 Baisa L Gunjal* and Dr. Suresh N Mali** Article *Amrutvahini College of Engineering Sangamner, Ahmednagar, Maharashtra **Principal, Sinhgad Institute of Technology and Science, Narhe, Pune

Unseen to Seen with Cryptography, Steganography and Watermarking Security concerns have grown Cryptography Example ‘stegnalysis’. The generalized fl ow of tremendously in past few years all over Two general ways of cryptographic stenographic technique is shown in Fig. 2. the world. Cryptography, steganography technics are: substitution ciphers and In actual implementation, secret message and watermarking are widely used transposition ciphers. The example processing (text processing) and original techniques for information hiding in cryptographic message with substitution cover processing (image processing) secured communication across internet cipher is given in table 1 where each phases are applied before applying to and mobile transmission. Cryptography character of plain text is replaced with ‘stegosystem encoder’ to increase number scrambles information so that it cannot other character with key=5. of security levels. be understood. Stenography attempts Plain Text: abcdefghijklmnopqrstuvwxyz Steganography Example to prevent suspecting the existing of Cipher Text efghijklmnopqrstuvwxyzabcd The well-known historical example of data by unintended recipient. Digital steganography message sent by German image watermarking provides copyright Plain Message: “silence is solicited” spy is given in table 2, where signifi cant protections by hiding rightful information Cipher Message: vlohqfh lv vrolfl whg confi dential message is hidden in given for declaring ownership. The aim of this Table 1: Example of cryptography with stegnography message. article is to present basis and comparative substi tuti on cipher study of cryptography, stegnography and Stenography Message: watermarking used in information hiding. Stegnography The word steganography is derived from “Apparently neutral’s protest is thoroughly Cryptography discounted and ignored. Isman hard hit. Greek words ‘stegnos’ meaning ‘covered’ Blockade issue affects pretext for embargo on Cryptography is science of using and ‘grapy’ meaning ‘writing’, defi ning it as by-products, ejecting suets and vegetable oils” mathematics to encrypt and decrypt ‘covered writing’. It is the art and science Hidden Message: sensitive information so that it cannot of writing hidden messages so that no read by anyone other than intended one apart from the intended recipient “Pershing sails from NY June 1” recipient. It keeps private information knows the existence of the message. It Table 2: Example hidden message in protected from unauthorized access. It is is achieved by concealing the existence stegnography message process of converting plain text into cipher of information within cover. The cover text using special keys at transmitting or carrier may be text, image, video, Watermarking end and converting back cipher text to audio, etc. Stenographic techniques are plain text at receiving end as shown in implemented either is spatial domain Original Cover Fig. 1. The cryptographic techniques are using Lease Signifi cant Bit’ insertion like Watermarked implemented using secret key, public algorithms or in frequency domain using Watermark Image key and hash functions. Cryptography is Watermark various transforms like discrete Cosine Embedding based on mathematical algorithms which transform, discrete Wavelet transform Key need prior knowledge of algebra, algebraic etc. The attempt of fi nding presence Channel geometry, number theory, probability of secret content by visual analysis or Watermark theory and statistical inference. statistical by algorithmic analysis is called Extraction Cryptanalysis is the science of analyzing Watermarked Recovered Image and breaking cryptographic secured Watermark Original cover communication by using combination of Original Cover analytical reasoning, mathematical tools Secret pattern fi ndings etc. Message Stego Image Fig. 3: Generalized operati on fl ow in watermarking Plain Text Cipher Text StegoSystem It is the *#$%&/@( Encoder Encryption art,science *-) Confidentia Algorithm l Meet at %77 #& Key Channel As shown in Fig. 3, watermarking 3.a.m.in 3. w.u.* Hall No: 1 %s## *+:1 technique includes ‘embedding It is the StegoSystem algorithm’ and ‘extraction algorithm’. Key art,science Decoder Channel f iti The embedding algorithm embeds *#$%&/@ Recovered StegoImage Confidenti (*-) Message Decryption watermark logo into cover image to from al Meet at %77 #& Algorithm 3.a.m.in 3. w.u.* ‘watermarked image’. The ‘extraction Hall No: 1 %s## *+:1 Cover Image algorithm’ extracts watermark logo Plain Text Cipher Text from ‘watermarked image’. Robustness Fig. 1: Generalized operati on fl ow in Fig. 2: Generalized operati on fl ow in against various attacks, perceptual steganography cryptography transparency, high embedding

CSI Communications | February 2014 | 24 www.csi-india.org information hiding capacity and number may be visible or invisible depending upon Breaking Steganography or of security levels combinely determines requirement of given application. Watermarking System quality of watermarking technique. Identifi cation Type Robustness means, watermark should Cryptography messages can be identifi ed Detecting Extracting Disabling not be disturbed significantly though Embedding Embedding Embedding by human naked eyes but they are Information Information Information watermarked image undergoes under undetected. Stenographic and invisible any attack. Thus, robustness is a watermarking information is hidden while; measure of immunity of watermark Passive attacker Active attacker Active attacker visible watermarks are embedded as per decide whether Try toextract Try to destroy against attempts to image modification cover contains embedded embedded application. embedding information information and manipulation like compression, filtering, rotation, scaling, resizing, Use of Alteration or Scrambling Fig. 6: Breaking the system in cropping etc. Imperceptibility means Methods steganography and watermarking perceived quality of cover image should In cryptograph keys are used for be preserved in presence of watermark alteration of messages so that they degraded. Hence, it is always challenge also. Quality watermarking technique should remain undetected. Stenography for developer or researcher to achieve all should be capable to hide maximum and watermarking methods may use these quality parameters simultaneously. watermark information in host image. scrambling methods like Arnold transform, Simultaneously, it should be difficult for magic square and other techniques for Robustness attacker to detect watermark. message scramble to increase security Watermarking Example of message to be embedded. Because of scrambling the message cannot be Perceptual Capacity Sample LSB based spatial domain Transperancy (Payload) read even after extraction. For example, watermarking is given in Fig. 4 and image comes to original state after illustrated in Fig. 5. certain number of iterations when Arnold Fig. 7: Confl icti ng quality concerns in steganography, watermarking

Watermark 1: Consider example pixel value of cover Image as 143. The binary of 143 is ::10001111 High capacity information hiding’ parameter Embedding 2: Make it’s 4 LSB 0, giving ::10000000. The equivalent decimal is 128. 3: For watermark example pixel value is 36. The binary of 36 is ::100100 is more essential in steganography than 4: Right shift watermark by 4 bits giving: 000010 The binary equivalent of is ::2 watermarking. There are total 26 Image 5: Add 128+2 resulting decimal value::130. The binary equivalent is::10000010. Quality Measures (IQM) given in[11], which Watermark 6: The bits of watermarked Image are leftshift by 4 bits giving extracted watermark are categorized as: Extraction =>00100000. Decimal equivalent is ::32 Extracted Watermark i) Pixel diff erence based measures ii) Correlation based measures iii) Fig. 4: Sample LSB based watermark processing Edge based measures iv) Spectral distance based measures i.e. Fourier Cover 143 143 143 1 0 0 0 1 1 1 1 transform is applied to it. If image comes to magnitude and or phase v) Context Image 143 143 143 1 0 0 0 1 1 1 1 original state after 300 iterations, we can based measures vi) Human visual 143 143 143 1 0 0 0 1 1 1 1 143 143 143 1 0 0 0 1 1 1 1 scramble it any number of times between system (HVS) based measures. The Original 36 36 36 0 0 1 0 0 1 0 0 2-299 and embed it in cover image. quality of ‘watermarked image‘ can be Water- 36 36 36 0 0 1 0 0 1 0 0 validated using these measures. Some mark 36 36 36 0 0 1 0 0 1 0 0 Breaking the System 36 36 36 0 0 1 0 0 1 0 0 Cryptographic system is broken when examples IQM those can be used in Water- 130 130 130 1 0 0 0 0 0 1 0 attacker can read secret message. Breaking steganography and watermarking marked 130 130 130 1 0 0 0 0 0 1 0 techniques are listed in table 3. Image 130 130 130 1 0 0 0 0 0 1 0 of stenographic and watermarking 130 130 130 1 0 0 0 0 0 1 0 schemes either passive or active attacker Design and Implementation Extracted 32 32 32 0 0 1 0 0 0 0 0 can break security system in 3 stages as Water- 32 32 32 0 0 1 0 0 0 0 0 General cryptographic techniques mark 32 32 32 0 0 1 0 0 0 0 0 shown in Fig. 6. are implemented using transposition, 32 32 32 0 0 1 0 0 0 0 0 Generalized Quality Considerations: substitution or RSA methods. The stenographic and watermarking Fig. 5: Illustrati on of LSB based watermark Good quality cryptographic techniques processing ensures confi dentiality, integrity, techniques are implemented in spatial authenticity, non repudiation, access domain (e.g using ‘Least Signifi cant Bit’ control while good quality stenographic insertion) and transform domain (e.g. Comparative: Cryptography, and watermarking techniques ensures using Fourier, Cosine, Wavelet, Ridglet Steganography and Watermarking robustness, imperceptibility, high transforms). Way of Information hiding information hiding capacity and number Increasing Information Hiding Cryptography hides contents of message of security levels. In fact, robustness, Capacity perceptual transparency and capacity are from attackers but not existing of message, Cryptographic techniques support steganography hides very existence of quality requirements those confl ict each high information hiding capacity by message. But, existence of watermark is other as shown in Fig. 7. If we try to achieve increasing length of original information declared openly. Watermarking technique any one of them, rest of parameters get in which message is hidden. It is always

CSI Communications | February 2014 | 25 Sr. Image Quality Sr. Image Quality military applications, telephonic voting Stegnography tools File Operating No Measures(IQM) No Measures(IQM) system to maintain confi dentiality, [Year] Format System 1 Maximum 7 Sorted Maximum anonymous digital cash systems StegoDos [1990] BMP DOS Diff erence Diff erence implemented in help operations during Stool [1994, 2006] GIF Windows 2 Structural 8 Weighed spectral natural calamities like fl oods, health Content distance Mandelsteg [1999] GIF DOS care services using cell phone, internet 3 Cross correlation 9 Normalized EzStego [2000] GIF Independent absolute error or ATM, banks and law fi rms, digital data Hide and Seek [2001] JPEG DOS 4 Spectral 10 Angle standard storage and communication in clouds Magnitude deviation etc. Stegnographic techniques can be Hide4PGP [1999] BMP DOS, OS/2 5 Image Fidelity 11 Spectral Phase used in confi dential communication and WhitenStorm [1994] PCX DOS 6 Angle Mean 12 Normalized Mean secret data storing, digital certifi cation Steganos [2007] BMP Windows Square error used for protection of data alteration, Nameer [2007] JPEG Windows Table 3: Example image quality measures access control schemes for content distributions like video fi lm distribution Table 4: Example steganography tools with fi le challenging issue with cryptographic and by music companies, media database formats and OS watermarking techniques to try for hiding systems like photos, music, movies, maximum amount of message information. Multimedia Message Service (MMS) etc. [6] M Kamran, and Muddassar Farooq,” An If capacity in increased in steganography Watermarking techniques are effi ciently Information-Preserving Watermarking and watermarking, it aff ects robustness used in copyright protection, remote Scheme for Right Protection of EMR Systems”, IEEE Transactions on and perceptual transparency. sensing, military image processing, multimedia achieve management, Knowledge and Data Engineering, Vol. 24, No. 11, pp. 1950-1962, Nov. 2012. Attacks Handling telemedicine applications for medical Cryptography attacks include brute force [7] Ying Yang , Xingming Sun , Hengfu diagnosis, treatment patient care Yang, Chang-Tsun Li , “A Contrast- attacks (cipher text attacks), man-in- technology used for teleconsultation, Sensitive Reversible Visible Image the-middle attack, correlation attacks, telesurgery, teleradiology etc. Watermarking Technique”, IEEE dictionary attacks, timing attacks Transactions on Circuits and etc. Stegnography and watermarking Acknowledgments Systems for Video Technology, attacks include: scaling, compression, We are also thankful to Amrutvahini Vol:19 , Issue: 5, pp:656 – 667, rotation, noise addition, fi ltering, resizing, College of Engineering(AVCOE), May 2009. [8] Ehsan Nezhadarya, Z Jane Wang, and geometric transformation etc. Sangamner, A’nagar, Sinhgad Institute of Technology and Science(SITS), Rabab Kreidieh Ward,” Robust Image Existing Algorithms or Tools Watermarking Based on Multiscale Narhe, Pune and Padmashree Dr. Gradient Direction Quantization”, IEEE Existing Cryptographic tools and D.Y. Patil Institute of Engineering and algorithm: Public Key Infrastructure Transactions on Information Forensics Technology(DYPIET), Pune for technical and Security, Vol. 6, No. 4, pp.1200-1213, (PKI) tool, PGP algorithm, RSA algorithm. support during this work. Dec. 2011. Existing example steganography are given [9] F A P Petitcolas, R J Anderson and M G in table 4. References Kuhn, “Information Hiding - A Survey”, Example watermarking tools include: [1] Sheeba K, “A Journey through Proceedings of the IEEE, vol. 87, no. 7, pp. Watermarktool, WebWatermarks, PicMarkr, Cryptography”, CSI Communications, 1062-1078, July 1999. Vol 37,Issue 2, pp:37-38, May 2013. WatermarkLib, WatermarkImages, JACo, [10] Tsung-Yuan Liu, and Wen-Hsiang [2] Andrew S Tennenbaum, “Computer Tsai,” Generic Lossless Visible uMark etc. Almost 146 steganography Networks”, Prentice Hall of India, 2003. Watermarking—A New Approach”, IEEE and watermarking tools are given with url [3] http://www.heinz-repp.onlinehome.de/ Transactions on Image Processing, Vol. given in[4]. Hide4PGP.htm 19, No. 5, pp. 1224-1235, May 2010. [4] http://mozaiq.org [11] Ismail Avcibas, Nasir Memon, Bulent Application Areas [5] N Provos and P Honeyman, “Hide and Sankur, “Steganalysis Using Image Cryptographic methods are used Seek: An Introduction to Steganography,” Quality Metrics”, IEEE Transactions in number of applications including IEEE Trans. on Security and Privacy, Vol. 1, on Image Proecssing, Vol 12, No:2, exchanging sensitive information in pp. 32-44, 2003. Feb 2003. n

Baisa L. Gunjal is pursuing Ph.D in University of Pune and working in Amrutvahini College of Engineering Sangamner, A’nagar, MS. She has 15 years teaching experience and she is working on research project funded by BCUD, University of Pune. She has more than 15 International journals and conference publications including IEEE computer society, CSIC. She is recipient of ‘Lady Engineer Award-2012’ from ‘Institution of Engineers’ and Student branch coordinator, ‘Computer Society of India’ at AVCOE Sangamner, A’nagar, MS.

Dr. Suresh N. Mali has completed his Ph.D and presently working as Principal, Sinhgad Institute of Technology and Science, Narhe, Pune, India. He has written 3 technical books and having more than 25 national and international publications including ACM, CSIC. He is member of ‘Board of Studies’ for Computer Engineering in various universities like University of Pune, Shivaji University, Kolhapur, MS, India. He has also worked as member of ‘Local Inquiry Committee’ on behalf of UoP. He is member of IEEE, life member of ISTE and his research interests are information security, data hiding, signal processing, digital multimedia communications and Steganography. About the Authors

CSI Communications | February 2014 | 26 www.csi-india.org Ms. Hiteishi Diwanji* and Dr. J S Shah** Article *Associate Professor, Computer Department, L D College of Engineering **Director, Samarth Campus, Himmatnagar

Energy Effi cient Trust Calculation in Mobile ad hoc Network Mobile ad hoc network is considered to as the subjective probability by which 5) Calculating trust based on direct be the fl exible and low cost synonym of an individual, A, expects that another observation that is taking the value the infrastructure based internet. Pure individual, B, performs a given action on from immediate neighbours and mobile ad hoc network means there which its welfare depends. McKnight & calculating trust based on indirect is no infrastructure to implement the Chervany (1996) defi ned the “Decision observation that is getting the network and there is no central authority Trust” as the willingness to depend information about distant nodes from to establish routes, manage transmission on something or somebody in a given the nodes those are the neighbours of and for controlling the movement of situation with a feeling of relative security, immediate neighbours. nodes. “Daknet” has been deployed in rural even though negative consequences Available Approaches for Trust India that uses ad hoc network to provide are possible. Trust is dependent on the Calculation asynchronous digital service where reputation of the system. Establishing trust in ad hoc network is a villagers get aff ordable internet services. Josang (2009) defi nes aspects of challenge as they are self organized. In the “Daknet” project like the postman, trust that include trust scope, functional 1) Pirzada et. Al(2006) described dak vehicle is mounted with access points trust, referral trust, direct trust and the TRUST COMPUTATION. Trust using 802.11b based technology to provide indirect trust. Trust scope is a function computation involves an assignment broadband connectivity in rural areas that the relying party depends on and of weights (representing utility or which in turn can provide services such as trusts. The trusted party performs the importance factor) to the events that E-mail, voice messaging. function in case of Functional trust. In were monitored and quantifi ed. The As the wireless transmission is case of Referral trust, the trusted party assignment is totally dependent on not limited to the end nodes connected recommends a party that can perform the type of application demanding to the wire as in case of wired network the function. Direct trust is the result of the trust level and varies with state so any one can intercept the message direct experience. Indirect trust is derived and time. All nodes dynamically passing in the air. In case of mobile ad from recommendations. Trust measure assign these weights based upon hoc network the nodes themselves are μ can be defi ned as Binary (Trusted, their own criteria and circumstances. responsible for establishing the routes, not trusted), Discrete (strong, weak, These weights have a continuous forwarding and delivering the packets. trust, distrust), Continuous (percentage, range from 0 to +1 representing the Many times the node can behave selfi shly τ probability, belief). Time is a time stamp signifi cance of a particular event, and do not forward the packets in order when trust was assessed and expressed. from unimportant to most important. to save energy. The malicious behavior This is needed as trust is built with time The trust values for all the events may lead to dropping of packets which and also decreases with time. from a node can then be combined in turn decreases the throughput. The Challenges for establishing trust using individual weights to determine selfi sh behavior of the node can disrupt calculation techniques. the aggregate trust level for another the network. The cryptographic security 1) Trust is not transitive and it is node. We defi ne this trust T , in node does not help in this case. The routing subjective. In MANET, node A trusts y, by node x, as Txy and is given by the level problems can be solved by trust and node B, node B trusts node C but it following equation: reputation based system. is not necessary that node A trusts Trusting other people for the day node C. The trust is subjective for Txy = [Wxy(i ) × Txy(i )] to day transactions is inherent nature of example, node C is trustworthy if it is human beings. Trust is derived based on route request for establishing a route where Wxy(i ) is the weight of the ith trust reputation of that person. In case of wired but it is not trustworthy in case of category of node y to node x and Txy(i) is network following the link which other forwarding the data packets. the situational trust of node x in the ith friends or relatives are using, is called 2) Establishing the initial trust value is trust category of node y. The total number trusting the friends and relatives. In case also diffi cult. of trust categories n is dependent on the of social networking, becoming friend 3) Mobile nodes always have energy protocol and scenario to which the trust of somebody’s friend means trusting constraints. So apart from route model is being applied. somebody. In the mobile ad hoc network request, route reply, packet 2) S Buchegger et al(2003) gave trust computation is useful in deciding forwarding, transferring trust values an approach based on Bayesian the relay nodes in case of forwarding also consume energy. theory. Initially distribution Beta(α, the packets. 4) Data structure for maintaining the β) - prior Beta(1,1) the uniform Components of Trust trust value and frequency of updating distribution on [0,1] – represents Two defi nitions of trust are given. Gambetta the data structure is also need to be absence of information about which θ θ (1990) defi ned the “Evaluation Trust” considered. will be drawn. represents the

CSI Communications | February 2014 | 27 probability that node i thinks that if its rating deviate no more than 25%, t is 3) Calculating the trust values for node j will misbehave so θ should be set to 0.75. subsequent communication. represented as an index of i and j but Analysis of above Techniques index has been omitted. 1) Election of the coordinator with In scheme of Pirzada et. Al(2006) , the New observations with s observed highest energy level. mobile nodes used event notifi cation misbehaviors and f observed correct In the IEEE 802.11 this step will be for trust calculation. For a mobile node behaviors. The prior is updated to α := α+s incorporated with MAC layer. While keeping track and generating notifi cation and β: = β+f. If θ is true unknown value, transmitting the beacon signal apart of that event, changing its own data is constant, then after a large number of from time stamp and other managerial structure and informing others will spend observations(n), α ∼ nθ, β ∼ n(1-θ) and information, node will attach its energy energy. In the scheme of S.Buchegger Beta(α, β) becomes close to a Dirac at θ, in joules. Beacon signal will be given to et al(2003), the mobile nodes need to as expected. all the nodes in the ad hoc network. If consider μ - the discount factor. Assuming any of the receiver has higher energy In case of Reputation rating that this is a mobile ad hoc network which level, it will try to reserve the medium, • R , defi ned by two numbers(α’, β’). is likely to change the topology or even i j next time send the beacon. This will It is updated on 2 types of events addition and deletion of nodes will take continue till no node with higher energy (1) when fi rst hand observation is place then this scheme involves too much is heard. The energy is transmitted in updated (2) when a reputation rating computation, which will not be useful in joules. So a coordinator is chosen in the published by some other node is the said cases. So though computation is synchronization phase. copied. robust, it is not energy effi cient. • α’ := μα’ +s and β’ := μβ’ + (1-s). 2) Establishing the initial trust value Technique for calculating trust based Initially all nodes are assumed to be • R i,j := Ri,j + wFk,j where Fk,j fi rst. hand information i gets from k about j. on subjective logic trustworthy so they will have trust value 1. • Result of deviation test decides We propose our trust calculation model 3) Calculating the trust value for whether i considers k trustworthy. based on Markov chain model and for subsequent communication. • Let F , = (αF,βF) and R , = (α,β). energy effi ciency we propose topology As trust is the term taken from social k j i j engineering, we always trust the nearer or |E(Beta(αF,βF))-E(Beta(αβ))|≥d based power save protocol at network where d is a positive layer. Markov model is helpful as calculating neighbourhood nodes for the transmission contant(deviation threshold). If trust is a random process and memoryless- as our emotional mind suggest that trust deviation test is positive, the fi rst useful as mobile ad hoc nodes have memory the nearer though betrayal is always done hand information is considered constraints. The next state that is trust value by the known person. So we will give more is dependent on the current state (current trust value to the neighbouring nodes and incompatible and not used. Else Fk,j is incorporated. values of trust as per the observations of less to the distant nodes. the other nodes in the network) not on the Analysis of the scheme In case of Trust rating sequence of trust values that preceded it. 1 • Node i thinks that there is a We use this statistical model, as our system 2 parameter Φ such that node j gives is dependent on one or more random 1 1 4 false reports with probability Φ the variables mainly number of packets dropped 1 1 1 1 prior Beta(γ,δ). and energy drained in forwarding the • The trust rating T, is equal to packets. We calculate statistical inference as i j 1 (γ,δ)=(1,1) initially node is trustworthy but it may have 3 1 • s=1 if deviation test succeeds and a random behaviour and it may decide to s=0 otherwise. drop the packet intentionally or it is running 1→2 indicates the trust established in γ δ γ γ out of energy and dropping the packet. In a • T i,k = ( , ) is updated by := v +s case of packet forwarding from 1 to 2. and δ :=vδ +(1-s) Here v is a discount random walk on the number line probability 2→1 indicates trust established in case of factor for trust of trust varies between 0 and 1. We denote packets from 2 to 1. belief(b),disbelief(d), and uncertainty(u) Initially node 1 has energy level α, The scheme used squared error loss for and according to subjective logic b+d+u=1. θ Φ node 2 has energy level β, node 3 has the deviation from the true and ; this For all cases if a node trusts another node α β energy level γ, node 4 has energy level δ. amounts to considering E(Beta( ’, ’)) for fully, it would be represented as 1. θ γ δ Φ α δ γ β and E(Beta( , )) for . In mobile ad hoc routing, in case of < < < • Node i classifi es the behavior of reactive protocol the nearer neighbours Then node 2 will be the coordinator. If 2 node j as usually are selected for routing, so there or more nodes having the same highest α β regular if E(Beta( ’, ’))

CSI Communications | February 2014 | 28 www.csi-india.org If node 1 wants to initiate 0 0 1 0 4) For the scalabilty of the scheme, the transmission and destination is node 4, nodes should form a cluster and each the reactive routing protocols will choose 0 0 0 0 cluster coordinator will identify the → → X(0) = [1 0 0 1] P= the path 1 3 4. Initially state of the 0 0 0 0 trusted nodes. trust matrix is References 1 1 1 1 0 0 0 0 [1] Gambetta (1990). “Can We Trust Trust?” Trust: Making and Breaking Cooperative Relations, 1 1 1 1 For the communication between 1 to 4 Basil Blackwell, Oxford, 1990, pp. 213-237. P = node 3 is trustworthy we need to check [2] Mayer, R C, Davis J H, Schoorman F D (1995). 1 1 1 1 “An integrative model of organizational trust”. the row of source node. Academy of Management Review. 20 (3), 1 1 1 1 Next time the If node 1 wants to 709-734. initiate transmission and destination is [3] McKnight D, Chevany N (1996). “The Meanings The row 2 and column 3 suggests that node 4, the 3 number node is trusted so of Trust,” Carlson School of Management, University of Minnesota, Technical Report TR the trust value for transmission between In response to route request,route reply 94-04, 1996. 2 and 3 is 1. Having trust value 1, the must include node 3. [4] Buchegger S, Boudec., J -Y L (2003). “A communication will take place. For some reasons the trusted node Robust Reputation System for Mobile Ad- hoc Networks,” EPFL IC Technictal Report The state x(0) represents the is not able to deliver the packet, the trust IC/2003/50. node selection [1 0 0 1] where first value will be complemented and then [5] Pirzada and Mcdonald(2006) Trust and last column indicates the source route error will be generated. Establishment In Pure Ad-hoc Networks and destination. When packet is Wireless Personal Communications (2006) 37: Security Aspect of the Scheme 139–163 DOI: 10.1007/s11277-006-1574-5 C _ delivered the destination will inform Springer 2006. coordinator node. 1) Selecting a coordinator is done [6] Bamberger, Walter (2010). "Interpersonal Trust For every transaction the with the beacon message so there – Attempt of a Defi nition". Scientifi c report, will not be an overburden on the Technische Universität München. Retrieved intermediate nodes selected if 2011-08-16. successfully delivers the packet, keeps communication. [7] Hashim A, Kamalrulnizam A, Adebanjo A, the trust value if it is 1, otherwise would 2) This scheme uses complement Kayhan Z (2012).” A Survey of Energy-Aware complement the trust value by applying operation so it is not computationally Routing and MAC Layer Protocols in MANETS: Trends and Challenges” Network Protocols and A A heavy so will not drain much of the the subjective logic. w = -wx . The Algorithms ISSN 1943-3581 2012, Vol. 4, No. 2. reputation value of intermediate node is battery resource. [8] Gopinath S, Sureshkumar N, Vijayalakshmi G, 1 if it successfully transmits the packet. 3) The scheme will save against the Natraj N A, Senthil T, Prabu P (2012). “Energy rushing attack as any other node try Effi cient Routing Protocol for MANET” IJCSI Since this is an ad hoc network, reputation International Journal of Computer Science Issues, building is not done extensively as in to reply faster than the trusted node, Vol. 9, Issue 2, No 1, March 2012 ISSN (Online): case of wired network. it would be identifi ed. 1694-0814. n

Hiteishi Diwanji is working as Associate Professor (Information Technology) in L.D.College of Engineering. She has done her masters in computer engineering. Her area of interest is information security and mobile ad hoc network. She is currently pursuing her Ph.D from Gujarat Technological University in the area of trust and reputation management in mobile ad hoc network. She has written book : Computer Programming and Utilization.

Dr. J S Shah was a Professor in Computer Engineering and retired as a principal of Government Engineering college, Patan. He did his Ph.D in parallel computing. His area of interest is software engineering and quantum computing. Currently he is working as a Director, Samarth institute, Himmatnagar. About the Authors

CSI Communications | February 2014 | 29 Four good reasons to JOIN WE INVITE YOU TO JOIN Take part in various forums and discuss, Computer Society of India your favourite topics A professional body guiding Indian Make a contribution on National level through Join us Information Technology Industry our open exchange of ideas seminars Share your specialized knowledge and with colleagues Receive new information on developments in the ﬁ eld via regular conferences, become a member seminars, workshops etc.

I am interested in the work of CSI . Please send me information on how to become an individual/institutional* member Name ______Position held______Address______City ______Postal Code ______Telephone: ______Mobile:______Fax:______Email:______*[Delete whichever is not applicable] Interested in joining CSI? Please send your details in the above format on the following email address. [email protected]

CSI Communications | February 2014 | 30 www.csi-india.org Practitioner Sumith Kumar Puri Workbench Independent Software Architect Programming.Tips () » Intricacies of Multi-Threading in Java

We will present the core concepts and intricacies of multi-threading in Java as an intriguing paradigm for parallelism. Few terms fi rst. In general, thread is a light-weight process as concurrent unit of execution of a task ! having more eff ective context switching mechanism than processes and " # memory space sharable among the threads under same process as well as "! $ its own. The critical section of the code needs controlled access by multiple $ concurrent threads that can access some shared resource. Semaphore is a construct that is used to control access to a shared resource by several %% &' ( () threads. Mutex is a synchronization construct that allows mutual exclusion * + to access shared resource among contending threads. Monitor is a synchronization construct that allows both mutual exclusion and the ability * *,, to wait for a condition to be true. Deadlocks may occur among concurrent - . threads while one thread is waiting to get hold of a resource while is held by &) $ another thread indefi nitely. Deadlocks should be prevented from occurring ' by proper handling of the shared resources so that no thread indefi nitely $ $ /- 0* - waits. The techniques involved in preventing deadlock conditions from ) !!- ( 1 /- 1 arising constitute Deadlock Prevention. $ $

Thread States in Java + * *22 - . &) $ ' $ $ /- 0* - ) !!- ( 1 /- 1 $ $

- . ) !!- ( * $ Thread Interfaces or Classes in Java $ In Java, a thread can be created either by implementing Runnable interface or extending the Thread class. The run() method needs to be overridden # 3/ ( when implementing the Runnable interface.. # start(), Lock Status: Can Acquire Locks; This is the method called to ! $ schedule a thread to run. Once scheduled and a CPU cycle is available, the / thread actually runs. A running thread may get blocked, waiting for some %% //-/ & 4 ! + resource, or sleep that takes a thread to waiting/sleeping/blocked state, $ where from this gets ready again when the sleep or wait gets over. The $ wait() method causes the current thread to pause execution and move to a wait state. The notify() method notifi es an arbitrary thread that is waiting 3/ ( to obtain a lock on the current shared object. The notifyAll() counterpart of this method notifi es all threads that are waiting to acquire a lock on the ! shared object. The synchronized keyword is used to control access to the $ critical section of the code. Alternatively, it is the implementation of Thread / %% //-/ & 4 Monitors in Java. The synchronized keyword can be applied to both static ! + methods or to instance level methods or blocks. Mutex is not inherently $ supported in Java. $ Case Study: Design a multi-threaded system that has a shared Further Reading JDK 7 Documentation on Condition, http://docs.oracle. resource that can take only two values; 0 or 1. It should have two methods, com/javase/7/docs/api/java/util/concurrent/locks/Condition.html one each for incrementing and decrementing that are called by two threads concurrently. One of the threads can only constantly increment Java 6 Thread States and Lifecycle, http://www.uml-diagrams.org/ and another can only constantly decrement. Their operations should be examples/java-6-thread-state-machine-diagram-example.html mutually exclusive. Thread Interfaces or Classes in Java"-wait(), notify() and notifyAll() are Solution: It is a simplifi ed version of the Producer-Consumer problem. part of the Object Class in Java. n

Sumith Kumar Puri is an Independent Software Architect. He graduated as a Bachelor of Engineering [Information Science and Engineering] from Sri Revana Siddeshwara Institute of Technology, Bangalore, India. He has nine years of progressive software development experience. He is a Professional Member of the IEEE, Association for Computing Machinery and the Computer Society of India. His current interests are in Data Mining and Enterprise Software Architecture. About the Author

CSI Communications | February 2014 | 31 Practitioner Umesh P and Silpa Bhaskaran Workbench Department of Computational Biology and Bioinformatics, University of Kerala Programming.Learn("R") » File Input and Output-Part I R provides various functions for reading and writing data to/ from See the following example: fi les. In this issue we shall look at some commonly used read and write commands in R. scan ( ) scan ( ) imports or reads data of same mode directly from the console or from a fi le and returns a list or a vector. For rectangular type data or data frame, scan( ) is not used widely. Its syntax is as below: scan(fi le = "", what = double(), nmax = -1, n = -1, sep = "", quote Fig. 1: Usage of cat ( ) = if(identical(sep, "\n")) "" else "'\"", dec = ".", skip = 0, nlines = 0, na.strings = "NA”, fl ush = FALSE, fi ll = FALSE, strip.white = FALSE, When the fi rst cat ( ) statement is executed the elements in x quiet = FALSE, blank.lines.skip = TRUE, multi.line = TRUE, comment. is written to the newly created newfi le.txt separated by tab. The char = "", allowEscapes = FALSE, fi leEncoding = "", encoding = second cat ( ) statement will append the elements in x to the "unknown", text) already written fi le with items separated by new line. The output Most of these arguments are common to almost all input/output will appear as below. commands. A brief description of the important arguments are listed in the below table.

Argument Description fi le name of a fi le to read data values from what type of data to be read nmax maximum number of data values to be read skip Number of lines of the input fi le to skip before beginning to read data values nlines maximum number of lines of data to be read fl ush takes logical value: if TRUE, scan will fl ush to the end of the line after reading the last of the fi elds requested fi ll takes logical value: if TRUE, scan will implicitly add empty fi elds to any lines with fewer fi elds than implied by what Fig. 2: Exported data strip.white If sep argument is white space, strip. White should specify whether read. Table remove extra leading and trailing white space from character fi elds. Another two commonly used input and output commands in R are readLines( ) and writeLines( ) resp. readLines ( ) simply reads the quiet if FALSE, scan() will print how many items have been read text of lines into R. The readLines ( ) function accepts a URL or fi le Table 1: Arguments of scan ( ) name as its fi rst argument, and it returns a vector with as many elements as there are lines from the input source. Its syntax is Cat ( ) readLines(con = “newone.txt”, n = -1L, ok = TRUE, warn = TRUE, cat ( ) function simply exports data to the fi le specifi ed. It can encoding = "unknown") also be considered as concatenating the items given as input. The Here con is the connection object which is the fi le name. The syntax is argument ok says whether we have to read the end of the cat(…, fi le=”", sep=” “, append=FALSE) connection before n>0 lines are read. Warn is to give a warning if Description the EOL is missed from a text fi le. … Object to be written writeLines( ) write lines of text to a fi le specifi ed in its argument. The syntax is File fi le name to which the data is to be written. If it is not specifi ed the output will be printed to the writeLines(text, con=””newone.txt”,) console. The argument text indicates the line of text to be written into the Sep The delimiter of the writing data fi le specifi ed. Append Returns the logical values TRUE or FALSE Here we gave an overview on the general fi le input/output depending on whether the writing data has to commands using in R. In the next issue we shall discuss on how to be appended to the existing fi le. read and write data from text fi les and spreadsheets. n

CSI Communications | February 2014 | 32 www.csi-india.org Pravin Balaji Dhayfule CIO Perspective Information Technology Solutions Analyst

FOSS in Enterprises Eliminating the Software Licensing Cost and Piracy

Abstract they have purchased. As discussed earlier, beyond the limit too is unethical (especially IT infrastructure plays a crucial role in although the hardware becomes the to take advantage of one's needs). It is the technical development of an enterprise. sole property of the purchaser, software common business formula of demand v/s Increasing dependency on proprietary doesn't. Interestingly even after paying supply, not limited to software industry. software applications and tools has a hefty amount, the user has to obey the We fall victim to many such situations encouraged vendors to take advantage vendor as long as he/she wants to be able in day to day life right from commodity of the customer's need in the form of to use the (proprietary) software. goods to services. However what comes to increasing Licence Fees and stringent There are many acts that may lead to software rescue is an alternative. EULA (End User Licence Agreements). piracy. Some of them are: There are alternatives (although Thanks to FOSS (Free and Open Source • Sharing the software licensed for not that comfortable as the previous Software), enterprises can now free single use for installation on multiple option) to opt for. Thankfully in the world themselves from the exorbitant licensing systems of software, there is something called as costs as well as stringent restrictions of • Performing reverse engineering of FOSS (Free and Open Source Software). the EULA. a proprietary software to know its FOSS provides wide range of alternate internals options for the expensive proprietary Introduction software. FOSS applications are driven by Information Technology has penetrated • Reselling the purchased software to others (without proper reseller community instead of mere vendor. Being across the enterprises to become its released under the free licence, FOSS integral part. Nearly every employee in license) • Cracking the trial or demo edition applications are not restricted from being an enterprise will be found operating a shared and installed on multiple systems. computer system for performing his/ of software to avoid the licence her daily activity. As the number of purchase So All the Freeware Applications employees increase, so does the number Reasons (or Excuses) for Software are FOSS? of computer systems. The computer Piracy This is one of the greatest misconceptions system although appears to be a physical While ignorance or negligence towards among the users. Many relate FOSS device, but in terms of cost, it accounts timely action has seldom been a tradition, applications to the freeware (free of to be cheaper than the abstract software many users wrap it with their excuses. charge) applications available on the web. residing within it. The software comes Some common excuses leading to First of all it is important to understand with a price tag attached to it, and along software piracy are: the philosophy behind the term Free. with the number of systems the cost of • I have purchased the software, what The term free in Free and Open Source (using) the software multiples. is the problem when I install it on my Software, does not mean Free of Charge. Generally user of proprietary other computers? It actually is meant for Freedom. Unlike software may assume to be its owner, • I have already spent a huge amount the proprietary software that restricts the since he/she has paid for it. This is where on my hardware, now just to make it users from using it as per their will, FOSS they misunderstand the EULA. As per functional, why do I need to pay extra? allows the users to: EULA, the users do not own the software, • I had purchased the software, it is • Install and share the software with they have paid for the permission to use just that I have lost the license in the others freely the software. The vendor reserves the accident that lead to ﬁ re in my offi ce • Render services for the software either right to deny the user the right to use the • It is just a software and not a physical free of charge or at premium cost software, if he/she fails to comply with the entity, how is the vendor at loss when • Being Open Source (i.e. source code is EULA. Many vendors even monitor the I copy paste the software on other available for public) professionals can usage of the software and may lock it if systems? look inside the code and customise they ﬁ nd users misusing the software. • My hardware vendor gave it to me, I the software it as required freely A user may often (unknowingly did not install it, go and ask him! • Users are even free to fork (i.e. or deliberately) replicate or install the • My hardware vendor told me that the entirely create a new software based proprietary software purchased for single software is complementary with the on an existing one) use onto multiple systems, thus accounting hardware I purchased from him While a freeware is closed source and may him/her for committing software piracy. The excuses go endless. On being caught, even contain spyware (or malware), FOSS is safe due to its transparency. What Accounts to Software Piracy? however the excuses come to no rescue from being penalised. Software Piracy has been a point of There is no Support for FOSS concern since the past. Users assume So What is the Solution? Applications the expenditure and ownership of the Software piracy is not just illegal, but even This again is a myth spread by the software to be similar to the hardware that unethical. However charging for something promoters of proprietary applications.

CSI Communications | February 2014 | 33 Since FOSS is built on Community FOSS Alternatives for Proprietary Conclusion Support, there is wide knowledge base, Software It all depends on the mindset whether to mailing lists and active support forums Following is the list of some FOSS switch to FOSS or not. Although not all for almost all the FOSS applications. alternatives for proprietary software applications may have an alternative, but it is In fact, the discussions on forums and mailing lists contain solutions to common Proprietary Software FOSS Alternative problems faced by users. In addition to support forums and MS Windows GNU/Linux or FreeBSD based Desktop Operating mailing lists, the FOSS applications also System, such as: come along with issue reporting websites •FreeBSD where testers and users can fi le issues •GNU and bugs directly to the vendors/primary •Debian development team of the software. •Ubuntu How Do They Manage the Expenses •Fedora When the Software is Free? •OpenSuse The expenses are managed in many forms. MS Offi ce •OpenOffi ce Some of the prime ways of maintaining •LibreOffi ce the expenses are: •Lotus Symphony • Donations from user community and Adobe Photoshop •GIMP supporters •Krita • Sponsorships from the corporates •Cine Paint • Volunteering in terms development Adobe Illustrator/Corel Draw •InkScape and maintenance 3D Studio Max / MAYA •Blender • Premium support/subscription Internet Explorer •Mozilla FireFox services (similar to other commercial •Google Chrome software) Yet the core philosophy is dedication and Microsoft Outlook •Evolution will to help selfl essly are the prime reasons •Thunder Bird why these FOSS applications are alive. Microsoft Sharepoint •Alfresco What About Professional Services? •Drupal This is where FOSS wins over other MathLab •SciLab proprietary software. Unlike other AutoCAD •Archimedes proprietary where the paid support •FreeCAD monopoly lies with software vendor (or •BRL-CAD its authorised partner), FOSS applications MS SQL •MySQL are not bound to monopolistic economy. •PostgreSQL Based on the budget and requirements, •SQLite there are many vendors and support professionals to select from. These The list is infi nite, however a categorised worth giving out a try. At least trying to use days due to stringent economy many list of FOSS alternatives can be obtained the applications alongside. It won't be a quick organisations are exploring the options at http://www.osalt.com website. transition, but gradually as one uses the new in FOSS. application, it is easy to get along. n

Pravin Dhyfule is an Information Technology Solutions Analyst serving in the industry since 12 years in Corporates such as Accenture, Digite, Core Education & Technologies Ltd. Throughout his tenure in the industry he has been contributing his technical skills in areas such as Software Solutions Analysis, Technical Documentation and User Manual authoring, Corporate Technical Training for wide area of technical topics, Providing Free and Open Source Software solutions to the industry etc. About the Author

Kind Attention: Prospective Contributors of CSI Communications - Please note that cover theme of future issue of CSI Communications is planned as follows - • March 2014 – Indic Computing Articles and contributions may be submitted in the categories such as: Cover Story, Research Front, Technical Trends and Article. Please send your contributions before 20th February for consideration in March 2014 issue. For detailed instructions regarding submission of articles, please refer to CSI Communications September 2013 issue, where Call for Contributions is published on the backside of the front cover page. [Issued on behalf of Editors of CSI Communications]

CSI Communications | February 2014 | 34 www.csi-india.org IT Industry Mrs. Jayshree A Dhere Perspective Resident Editor

Interview with Mr. Deepak Ghaisas Mr. Deepak Ghaisas is Chairman & Chief Mentor of GENCOVAL Group. Formerly he was Vice Chairman of iFlex India. iFlex Solutions (formerly called CITIL - Citicorp Information Technologies Industries Ltd.) is known for its core banking software solution named FLEXCUBE. The company was acquired by Oracle during the year 2006. Deepak was one of the founding members of iFlex in 1993. It was his strategic, fi nancial and operational acumen that drove the company into a true Indian multinational. Starting with a $1million capital, the market cap of i-fl ex in BSE, reached $4 billion, reaching over 130 countries around the globe with a revenue over $ 0.5 billion. Deepak is the fi rst Indian CFO to win the prestigious CFO Asia award. He has been contributing to industry as: • Executive Member of the NASSCOM Executive Council. • Vice President of the Maharashtra Economic Development Corporation (MEDC), a governing body who actively participates in the decision-making process for the economic development of the State of Maharashtra, India • Member of the IT Committee of CII , IMC • Member of the Committee of the Indian Institute of Bankers constituted for the purpose of drafting the curriculum for Information System Audit course for bankers. • Member of the Internet Banking Committee of the Reserve Bank of India, which formulated guidelines on Internet banking and security in India. Deepak is also on advisory Boards of various management institutes. He is on Board of various companies such as Shoppers Stop (Leading Retailers), USV Ltd. (Pharma Industry), Camlin Ltd (Consumer Goods). Deepak is a qualifi ed Chartered Accountant, Cost Accountant and Company Secretary and alumnae of London Business School. He is also a thought leader in building future scenarios and in the area of disruptive innovation. Last 20 years, Deepak is teaching at various Management Institutes in India and abroad as a visiting faculty. For someone who genuinely believes in constant learning and teaching, it does not come as a surprise when he makes it a point to take a class on Finance or Management, by interacting with students and sharing his experiences, whenever time permits him. He has also passion to get to grass root level people in rural India and understand their problems and views and advise various NGOs in their work. He is also on the Board of NGO Companies and runs his own Charitable Trust. Deepak is also a die-hard music lover, and continues to play the Tabla whenever he fi nds the time. As Chairman of Gencoval Group, Deepak leads strategy development, visioning and conceptualisation of breakthrough business models for GENCOVAL, in cutting edge biotech area of Healthcare industry. At Gencoval, he is working on bringing new inventions and innovations in Healthcare Bio Tech area to this part of the world and working on curative, diagnostics and delivery side of the healthcare. His vision in GENCOVAL is to generate companion value for our healthcare companions by creating diff erentiated solutions to ignite transformation in their business, provide knowledge-driven access to business synergies and Collaborating with innovators and investors to build new business ventures. Under Gencoval, he leads the Company Stemade Biotech P. Ltd. ( www.stemade.com) where company is involved in founding ecosystem in India, Middle East and Far East Country for Mesenchymal stemcells derived out of teeth. This is the fi rst time that such technology is used in the region. His other companies include HealthBridge, involved in healthcare delivery systems and GCV Life, in getting innovative diagnostic systems in Indian market. It was pleasure to meet Mr. Deepak who readily off ered to share his thoughts for the CSIC readers. Here are the details of what he has to say about various aspects of IT industry in India and its future.

Q. IT industry in India is mainly service with Tata Unisys. We had seen IT service be in product segment. To be in product industry as we see big ﬁ rms mainly providing companies and how they function. By segment, you need to select a vertical. IT services and there are very few purely the time we thought of doing business Service companies are mostly like bania software product companies. In this situation separately, there were about 300 IT shops. They do everything and are in all what made you select a path of being a service companies already in business. sorts of vertical sectors like telecomm, software product company? Certainly we did not want to become just retail, insurance etc. In this situation, Ans: Earlier all of us, who started iFlex, another service company. Everyone was you do not develop domain expertise in were working with IT service companies talking about moving up the value chain any particular area. We have to choose mainly with Tatas. Other partners were then. Now to move up the value chain and domain, if we have to be in the product working with TCS while I was working in turn to create more value you need to business and we chose banking. In 1994,

CSI Communications | February 2014 | 35 India was certainly not a market for our of market share of the entire world’s IT the fi rst time to implement a product, you product. Europe, USA and Japan are the spending, then you are not super power require lot of customization in the product. places where there was the market. So we at all and to become superpower you With 2nd, 3rd and 4th implementation, had to understand how banking is done need to have these kinds of products like customization becomes lesser and lesser. there and their requirements. Fortunately Windows, Oracle coming from India or Later, you have a country specifi c version. we received 40% equity from Citibank. made in India. Then it can be said that you And of course within a country also In fact our earlier company was called are a superpower. customers do look for customization. Citicorp Information Technology (CITIL). Now because capital funding is now Q: How is package customization looked at We chose banking and decided to be available, Americans, Japanese are also from the perspective of solution provider? Is a product company. We wanted to be looking up to India. Our country produces it good for reputation building? Is it revenue diff erent from typical service company 2 lac engineers every year. With such a generating or creating drain on resources? Is and create value for company much more great intellectual base, today I would say it it pain in the neck or is it a revenue earning than what a typical service company does. is much easier to start and run a company aspect or what is it like? and it is happening also. But people are Q: Was the trajectory as a software Ans: I would say both of it is true – it’s good not following the model of creating ERP product company very diffi cult to start with? as well as a pain at times. Let me explain. (Enterprise Resource Planning) packages Did it require huge capital investment? We used to look at it from 3 points of or creating core banking solutions etc. Ans: Obviously it was a tough task. We view. One type of customization is about They are creating small niche products. had to invest money before we could best practices. A bank which has adopted Today considering the fact that start selling the product. So we continued some wonderful things in their processes resources are available in the cloud, you to have some portion of revenue from for which we have to do customization, can seat at home and do a product. You do services. Initially we had kept a limit of we used to call it universal customization, not require an offi ce to create a product. 25% revenue from services to take care which will help all banks in the world. What you require is basic imagination and of regular cash fl ows. That’s how you have Therefore this type of customization idea. Funding is done automatically, if your to manage a company. And those days would get into next version of our product. idea is worth it. we did not have venture capitalists to put Second type of customization is region in money. At that time it was diffi cult to Q: What is the degree of customization specifi c customization. Say in Mexico, the start a product company. Today it is not that clients generally expect when they go in way in which exchange market is done is so diffi cult. Today there are investments for off -the-shelf software solutions like your entirely diff erent than the way it is done available like angel capitals, venture IT business was providing? in say Paris. So regions have specifi cs of capitals, private equity funds and so Ans: This is a very good question. Banking carrying out transactions or particular on and each one is ready to fund your is one of the most regulated industries area of banking. It becomes region specifi c venture. Those days we used to chase in the world after civil aviation. Every customization that is useful for all banks venture capitalists to fund us. Today government wants to regulate banking. in that region. Simple example is that venture capitalists chase ideas. Moreover, core banking remains the of Islamic banking. It’s a diff erent way To do a product business today, what same wherever it may be in the world. of banking. Now does banking change? you need is great ideas, which will click Customization comes in terms of multi- No, but the workfl ows change, banking in the market. If you have great ideas, lingual facility e.g. if package is to be products change. Whatever customization today it is much easier to start a company. implemented in Japan or China or Europe, happens is then good for all Islamic banks When I was chairman of product forum you need to provide screens and reports in in that region. Third customization is in NASSCOM, there were around 300 their respective local languages. Secondly, customer specifi c customization. We product companies in India and they have central bank reporting of every country is used to charge separately for customer grown by now. Many are from people who diff erent and this requires customization. specifi c requirements. We used to share have come back from USA. These are all Third type of customization comes region specifi c customization that would small shops trying to create products. because of changes in business processes. happen. We would typically spread the When I say product, what I mean is you No ERP system can claim that the cost of region specifi c customization over own the intellectual property of your product is the best and no improvement next 5 banks or so and give discount to creation and then you license it to your at all is required. The way banking was them. The generic customization which customer. Today the way technology is done 10 to 15 years back was diff erent. covers the best practices in the world, we moving, a simple small application to be With time, banking business itself is used to adopt in our next versions. used on mobile phone (app as it is called) changing dramatically. Twenty years We used to tell banks that do not try to also has value. When I was in NASSCOM, back there was only investment bank or customize to such an extent that you end we used to give awards every year at the only retail bank or only corporate bank. up automating your current processes into hands of prime minister to encourage Lot of consolidation is now happening in product but take best practices available young entrepreneurs to start something banking business itself. So to that eff ect in the product to your banking processes of their own. The idea was that some day you need to make changes in software to and improve them. Every bank thinks that we will have Oracle and Microsoft coming align it with changing business scenario. they have adopted best practices in the up from India. If you consider India as This type of customization continues to world and no one else has them but that is superpower of IT and you have only 4 – 5 % happen. When you go into a country for not always true.

CSI Communications | February 2014 | 36 www.csi-india.org Q: What would you advice clients who a kind of loyalty program for customers. and do kind of business process re- look for such solutions and subsequent So I said as a bank you give me credit engineering (BPR) exercise. I am not customization? I am asking this question points based on my balance. Whether I saying that everything in product is right. because we have heard horror stories of ERP want to take demand draft or I want to There might be some tweaks required implementations where customers went in open LC or whether I want to do some here and there but try to keep it to the for too much customization and ultimately trust work, let me decide as a customer. minimum. failed? What did it take to convince the We had a product called loyalty program My experience with customers is clients and gain their confi dence? product. I told the bank to start a loyalty that lot of convincing is required while Ans: Idea in taking a product in my view program. They can defi ne the eligibility providing them with a product like core is that products have collective wisdom themselves e.g. for more than 10000 it banking solution. Indian banks have major in their functionality. Banks need to look is a silver customer, more than X amount problem because many of them do not with open mind at this embedded wisdom, it is a gold customer and then for some have long tern planning. Chairman is which is available in the product and try more it a platinum customer etc. This typically there only for 2 or 3 years. So he to adopt that for their own organization. way 900 products are now converted is not interested in making major changes There may be 1 or 2 areas, where they may to 3 products. But it took almost a and overhauls. There is a fear like what need some changes. I am not saying that month for us to negotiate that with the if he does something and later on some every product is the best but that is where customer bank. inquiry comes. So he would say better do generic thing comes in. What I would say is mindset change it later rather than now. I shall give a simple example without is required here. Moreover, it is also more Q: What made you merge your software naming the bank. One of the big banks of a human resource problem, a kind of product business with a bigger IT player? was off ering 8000 banking products. Not-My-System syndrome. In a start- Was there no brighter future or you saw Suppose, for example, we have a scope up bank it is very easy to implement a better opportunities in other upcoming for 100 products in our package. So this product. There is no data conversion sectors? Where would your business had means 7900 products creation is the required. No system is currently available been if you were not to give up? customization required. When we actually and this makes it easier to establish a Ans: When you reach a certain size in looked at these 8000 products, we system based on the product. Older terms of business, you have to look at what realized that 90% of them were almost banks have this problem of mindset the end game is going to be. Obviously we dormant or at the most were off ered in 1 or change. The older it is more complicated could have continued going. Citibank at 2 branches in some part of rural area. Thus is the problem. Employees are old people, that time i.e. in 2006-7 was looking for actual working products were really less. who have used blue pen and red pen to exit from their investment. They wanted In advanced countries and in advanced fi ll the ledgers etc. All of a sudden if they to monetize their investment. No investor banks we have seen and faced a situation are given this new task, then there is a usually stays for 13 or 14 years. Therefore, where boss of the bank would tell regional problem for them. You may not believe it we started looking for alternatives for country specifi c offi ces that if software but in 1989, there was union & banking enabling their exit. We looked at 6 to does not provide a particular product then management agreement, which said that 7 alternative methodologies like doing stop off ering that product. Worst case every employee working on terminal ADR, off ering in Indian market including scenario is when bank demands that give should get 300 rupees as hardship management buyout etc. And after us all products that we currently have. In allowance. Now today banks as well as evaluative various options, this Oracle such a situation, you have to negotiate their employees are demanding core deal was the best option that we could with the customer bank. banking product. They want to be like the get. We looked not only at Oracle but also I can give one ground level example next bank because they know now that at 3 or 4 more companies who could have of negotiation. One bank was off ering without such a product, bank itself will been potential buyers of iFlex. Ultimately, a product like - if you have more than be in trouble. That is the mindset change Oracle won the deal. Oracle’s strategy 10000 rupees in your account, then bank that has happened due to changes in also was after selling databases they will give you one demand draft free. Now the environment. As private banks came wanted to off er vertical specifi c solutions. that is a product. I told chairman of the in e.g. banks like ICICI, HDFC etc., they Today it seems that it was the right thing bank, consider a situation that I have changed the whole environment. to do then. 10000 rupees in my account in the bank Today I would advice customers If we were to continue, business but I never draw demand draft. So this who are acquiring products like this, that would have grown at similar rate. We facility is totally useless for me. Now like they should consider this occasion as were number one top selling product for that, bank had some 600 products. What an opportunity to change their business core banking solution. We could have it actually meant was that it was basically processes, review them, improve them continued to do the same thing. Today I would advice customers who are acquiring products like this, that Q: Why have there not been purely they should consider this occasion as an opportunity to change their business software product companies in India or very processes, review them, improve them and do kind of business process few for that matter? re-engineering (BPR) exercise. I am not saying that everything in product is Ans: Now product companies are coming right. There might be some tweaks required here and there but try to keep it up in India. But obviously earlier that to the minimum. was not the case because Indian IT was making money in those days by providing

CSI Communications | February 2014 | 37 services. You hire a guy on Friday and start billing on Monday. This was the ... today smaller product companies have more and more value proposition situation. If that is the situation why and I will recommend that one should look at it. Secondly, it requires lesser should one invest in a risky business investment and hence has lesser risk. Therefore more and more people will be which requires lot of investment and attracted to that. there is no guarantee of success? So companies would prefer to stick to low long term perspective, we need to move based etc. Like that did your product also go risk high income business. Dollar is going up in the value chain. through upgradations and generations? up and obviously business bottom line is Q. How have changes in technology Ans: Oh yes. Technology keeps on changing also up. impacted the IT industry as such, especially and as it matures keeps on getting adopted Q. How has IT industry in India changed software product companies? in products. Fortunately our competition over the last few decades? Are there Ans: You don’t need to create ERP at the time when we started was such that changes in the nature of services rendered, packages anymore but there are so all the products that were in the market in expectations from clients, in markets world many small products that are being were old products - mainframe based or over etc.? manufactured. I will give an example. In AS/400 based or Unix based etc. But web Ans: Nature of services is changing. automobile industry everyone does not based banking was not even envisaged at Engineering services are coming up. manufacture cars but they manufacture that time. We started realising that these KPOs (Knowledge Process Outsourcing) parts and accessories for cars. Today IT are going to be the ways banking would are coming up. I would say industry is product companies that create products work in future. So basic architecture of changing. More of off shoring is happening. ERPs etc. have reached that level. If you our product was made in such a way that We started with onsite services and now take an example of Microsoft Windows, these kind of changes can be adopted lot of work gets done from off shore. So there are many components which quickly. I will give couple of examples of industry is changing but not at the pace have been manufactured by many other this. Enabling web-based solution is one I would like to imagine. Actually after people that have gone into it. And this example. Multi-channelling is another 30 years in IT industry, we should have is a constant process. It will keep on classic example. Today no one needs to either Oracle or Microsoft from India. That happening. Technology evolution has go to a bank branch anymore. You work has not happened. So we continue to have made this possible. So I can create a on internet, you work on mobile phone, the same business model of arbitrage level software part or component and sell it to you use all kinds of channels like ATMs or process which is unfortunate. It is making either Oracle or Microsoft, which will fi t process that are available in supermarkets money but not growing at the same rate as in their requirements and in their product. and so on. Today I can go and buy mutual it was in earlier years. They will be more than happy to take it fund through ATM. Thus you start looking at variety of these channels as a branch. Q. Recent December quarter ending results rather than developing it themselves. of IT companies show rise in revenue and as Consider Maruti and other car Q. While conceptualizing a software compared to other sectors IT industry seems manufacturers. They don’t manufacture product, its architecture needs to be planned to have done well. What would you say everything that goes and fi ts in their cars. in a specifi c manner. What was the thought about that? So, today smaller product companies have behind your product’s architecture? Ans: That is because our market is more and more value proposition and I Ans: Basically you have to be fl exible. You export market. Other economies in the will recommend that one should look at have to adopt Architecture which will world are in trouble or are coming out it. Secondly, it requires lesser investment provide kind of fl exibility. Architecture of trouble. So they have more pressure and hence has lesser risk. Therefore more that was adopted for our product was on cutting costs and off shoring is one of and more people will be attracted to n-layer architecture. Any number of layers the ways of cutting costs. Then there is that. Moreover, Indians are not good at can be added to that. There is middleware this Geopolitical situation. The moment marketing and at packaging. So going and concept. Middleware does not care who American presidential election comes, selling on your own in the US market is a is going to use its services. The moment everyone pounces on off shoring. But if major hurdle for them. But if you give a you have to add POS as an identity, POS their companies have to survive, they part which is private labelled to somebody can be connected to it provided you have have to off shore. So in a particular year of like Microsoft or Oracle or Amezon or any right switches available in the middleware. elections not many jobs come up, but once other established company there, then The moment it comes to middleware, election is over jobs start coming up. Also you don’t have to market it. You keep on it remains the same. That’s the way I won’t say it’s a healthy growth from long getting royalty for every sell. You can keep architecture is done for the product. term perspective. Unless we grow in the on upgrading your part or component and Product conceptualization is quite value chain, stickiness with the customer keep on bringing out its new versions. diff erent than conceptualization for client will always be a question. Fortunately, Obviously this has become possible specifi c software. Packaging is even more China and Russia are not matching us because of technological changes. diffi cult for product. today. But in BPO (Business Process Q. Product companies usually bring Q. When customized solutions are Outsourcing) space, Philippines have multiple versions of their products. E.g. SAP developed thought process is diff erent than overtaken us. Luckily, their population went through multiple versions. Earlier there when it is done for creating product? Is that is nothing to match with ours and so was mainframe-based solution, then there one of the reasons why no products were scalability is question for them. But from was client/server version and later then web made by Indian IT companies in the past?

CSI Communications | February 2014 | 38 www.csi-india.org hardly matters. Point is that productivity is Why American companies became great? Why did silicon-valley become very important. Whole idea behind CMM the silicon-valley? They had local support there. The whole ecosystem was is about the quality process to create created – which includes infrastructure, mindset, capital funding, human good quality and therefore productive resources and all that. Entire ecosystem created there helped them. environment. But if your mindset of quality is bad and you have ‘chalta hai’ kind of attitude, Ans: Well! I would have made that ecosystem. Not only in IT but also in then CMMI etc will hardly help. And we have statement if there were failures noted pharmaceuticals, they have made great still this attitude in our entire ecosystem. in the past. But people did not go in for innovations. We are nowhere near that. So far as succeeding as a group is developing products. I don’t remember How many Indian companies’ ADR are concerned, I do not agree with that what services companies that created products traded on US exchange? A few are listed is said. We understand the importance and failed. But Look at Tally. Tally is very but traded means investors are interested of working as a group. We can work successful as an accounting package. in your stocks. collectively and succeed. Our own company Even TCS had product called Ex, an Q. Recently we hear about big Indian iFlex is a classic example of that. But, of accounting package. But it did not catch IT companies acquiring and/or looking to course, again it is not suffi cient that mere up. Either they were earlier in time or acquire product companies including the one company succeeds. It has to happen they did not market it well. They are start-up ones. Will Indian IT companies across the industry. It is not there even in basically not a product company. But Tally be able to grow on value-chain by such Bangalore. Where is the system? Where is a product company. So to succeed in acquisitions? is the infrastructure? How much traffi c is product business, your DNA has to be Ans: There are no major acquisitions there all over? How much chaos? Look at of a product company. Making money that I have heard about. If TCS acquires California, Stanford and Sanjose. They are is one thing and everyone makes that. Microsoft or SAP probably it will help still so beautiful. Today also new companies Mr. Murthy had made a statement in them. But that is not the way people are are coming up there even in biotech fi eld and 1994 or 95 that one day his company’s thinking today. I love Ratan Tata because all that. Now imagine I am in Kolkata on a 30% revenue will come from products. he thought of acquiring Jaguar. This summer day trying to catch a tram or train to But it hasn’t gone beyond 5% even today. thinking is required now. If you want to reach my offi ce. How can I think innovation? Not that company is not growing, they are become super power in the world, these My entire energy is exhausted in reaching growing. But their company culture is that acquisitions need to be of that scale. You offi ce. That itself is so much struggle. As of service business. just can’t create another SAP and start against that when I am in management Q. You said that India is not software super selling it. TCS acquired a small Australian school in France, near Paris, I am surrounded power as is perceived sometimes. But do you product called FNS or so but it is a very by beautiful green woods around. While I am think we have the potential to be one? regional specifi c small company and walking onto the institute in the woods, I can Ans: India is not an IT super power at all. compared to TCS it is nothing. For TCS size think of something brighter and innovative. If your mindset is of arbitrage and make it does not matter. So even management That’s where the innovation comes. Not in money on arbitrage level cost benefi t, time to such products is not given. If the summer of Kolkata. With that kind of then you cannot dream to be a super somebody goes and acquires SAP, then it infrastructure, you can’t think innovation, power. I would say potential is there. is something. Or they could buy Peoplesoft because 99% of your eff orts are expended Indians are doing very well all over. In the or so. Our people have reached that size in reaching offi ce. You are sweating, either USA, a guy of Indian origin can become now. They have reached billion dollars tram is not on time or there is some strike chief of Harward. Today 24% employees a quarter. If they do acquisition of big going on somewhere and all that. By the time of Microsoft or of Oracle are Indians. size, then they will be considered serious you reach you are literally exhausted. That is So as for Indians potential is there. But product players in product business but what I say that there has to be a supportive neither the Indian IT service companies if they acquire 200 or 300 million dollar ecosystem for industries to prosper. have that mindset, which will make them company, it hardly matters to anybody. Q. What is the future of IT industry in superpower, nor there is a supportive Q. How far CMM and CMMI certifi cations general and to be specifi c for India in the ecosystem created for this purpose help software service companies? They say context of both world economic dynamics which will propel them towards that Indian culture does not adapt to process as well as in the context of changes in goal. Why American companies became culture easily, as we believe in being technology e.g. Cloud computing picking great? Why did silicon-valley become individual heroes rather than succeeding as up fast which is impacting infrastructure the silicon-valley? They had local support a group. In that light, does the certifi cation investments, ubiquitous computing due to there. The whole ecosystem was created actually enable the organization to enhance proliferation small hand held devices etc.? – which includes infrastructure, mindset, its collective maturity to handle software Ans: I would say IT industry future is capital funding, human resources and projects? bright. But I just say that IT has to grow all that. Entire ecosystem created there Ans: Basically CMM and CMMI are for up the value chain. In the context of helped them. Where are venture capitals service companies. I believe Microsoft technological changes, it hardly matters. in Powai? You can’t just have malls and is at level 1. Today level 5 is given minimum Whether I am giving mainframe coding multiplex theatres. Entire ecosystem has required for any international company or cloud computing, I am giving services. to exist to support the industry. Israel is a in service business and 85% of level 5 What is important is whether your classic example of extremely supportive companies in the world are in India. But it mindset has changed or not. Are we

CSI Communications | February 2014 | 39 Q. What advice would you give to those Every innovative technology need not be market savvy. There is a typical looking for leveraging outsourcing strategically? bell-shaped curve called Gartner graph. The moment new technology comes Ans: World has become a connected world. in, there is hyper interest in it and then it starts slowly tapering down. Later I would say consider the world services it comes to its realistic worth and fl attens. Every technology has that trend. such as infrastructure management, Ultimately aff ordability of that technology is also important. network management etc. Think of what is the total spending of the world on such creating infrastructure for the world? third of entire GDP is going to be in services. How much of it can come to That’s the question. Can there be a server servicing, assuming 30% agriculture, India? Now for Cloud Computing, can I drome in Indian soil where entire world’s 30% manufacturing and 30% services. manage the world’ s cloud requirement in cloud is managed? Can someone think Can we grab this 30% service market of India? Young people should start thinking like that? If yes, then it has some meaning. the world for India? Which industry leader like this. Then there is a hope that some Otherwise just as you worked in Y2K, or political leader in India is thinking like movement will happen. If I start doing now you will work in cloud computing. this and driving strategies towards it? If coding for cloud computing it has no That is just one more thing for which you that happens, I will say that IT industry meaning. It does not add value. are doing coding. You are not working in has bright future. But just Infosys stock any specifi c domain and basically you are going up or TCS stock going up, is not Q. Recently, Marketing Director of doing only coding. Whether you do it in going to be great future or rather need McKinsley & Co, while talking on technology cloud computing or in ERP or in Y2K, it not be great future. disruption, said that technology is moving 3 to 5 times faster than management. I don’t hardly matters so far as your mindset is Somebody taking a long term stand as know whether to be excited or paranoid. In concerned. Unless this mindset changes, a country and developing entire ecosystem this context, how do you think world would long term success is diffi cult. which includes both infrastructure as well as mindset will be able to make it happen. change in future? Q. Outsourcing has received strategic I think Chinese leaders had that vision of Ans: Technology is changing is right. The importance for organizations especially in making China a manufacturing base for the question is ‘Is the technology useful for case of IT outsourcing due to several reasons world. Where is our vision? Look at what human beings and for markets?’ Gone like fi erce competition, companies wanting our leaders are talking. It is all rubbish. are the days when newer and newer to focus on core competency, special skill Nobody is talking this about what India technology used to come and used to be set requirement of IT, changing technology should look like in 2025 or 2020. Are we thrown at you and you have to start using landscape, attrition in the fi eld of IT etc. In moving to do something about it? Back in it. Customers today and younger people fact we witness these days that some newly the year 2002, I remember I reached Kuala are more aware of what they are getting founded organizations build their IT backbone Lumpur (KL) in Malaysia and saw a huge, and they are capable of rejecting what with the help of strategic IT partners. What is new airport, which was almost empty. they do not want. your take on this trend? There were hardly 2 or 3 fl ights. It was Q. How should one prepare as an individual Ans: Outsourcing will continue and it considered as 2nd or 3rd largest airport in as well as business for changes happening so will grow. But you have to understand the world. When inquired, I was told that rapidly? geopolitical situation, world trade scene it was built as a part of prime minister’s Ans: Today only I read that Facebook has and discussions going on in the context vision for 2020. They were creating an become addictive and in another 5 years of globalization. If they expect us to buy airport which will be useful even in 2020. time it will go away. Every innovative IBM and Microsoft products, they should By that time they planned to move the technology need not be market savvy. allow our people to go there on visa. If traffi c hub to KL. Now because nearby There is a typical bell-shaped curve they start curtailing number of visas, that Singapore has small land, Singapore airport called Gartner graph. The moment new means they are putting barriers. That is has limitations for making it big. Air traffi c technology comes in, there is hyper interest where our negotiations should go and as will grow and KL being close, just half an in it and then it starts slowly tapering down. American products can grow in India, they hour away, it would have the potential of Later it comes to its realistic worth and should allow our people to work there. becoming air traffi c hub in that part of the fl attens. Every technology has that trend. To avail of the growing outsourcing, world. Now somebody had that vision and Ultimately aff ordability of that technology there needs to be big thinking. Who is created infrastructure for future. Where is is also important. I think cell phone is a thinking today as to what India would be our vision? Do you hear any politician, any miracle not miracle but classic example. in 2025? Will it become a hub of services economist, any intellectual talking like this When I fi rst started using cell phone, 35 in the world? Demographically if you see, about India. If somebody thinks like this, rupees a minute was the cost of a call while population in the entire world on western then I would say why Indian IT industry, ‘Vadapav’ was costing 50 paisa. Today side is growing older. There are few entire India has bright future. Normal ‘Vadapav’ is 35 rupees and cell phone call children, decreasing young population. economic rule is that any industry in the is 50 paisa and because it is 50 paisa, cell Many will grow old in coming 10 to 15 long term cannot grow more than GDP phone’s adoption has become rampant. years. Now who will service them? China growth of a country. If you are growing Whole idea of disruptive innovation is is in manufacturing segment. So don’t at 4%, then where is the bright future? based on aff ordability. One of the theories go and compete with them because it is Unless of course your defi nition of bright says that big companies cannot come up useless. They are already in that place. itself is low, e.g. my company’s top line has with disruptive innovation but they can Now can you do that in servicing? One grown so I believe we have grown. adopt it. n

CSI Communications | February 2014 | 40 www.csi-india.org Krishna Chaitanya Telikicherla* and Harigopal K B Ponnapalli** Security Corner *Research Associate, Security and Privacy Research Lab, Infosys **Principal Research Analyst, Infosys, India

Information Security » Enhancing Security of Websites with Content Security Policy Abstract: This article is the eighth in the series of articles, focusing on security of the web platform. In our previous articles, we have discussed how cross origin interactions happen on the web, the security loopholes present in the web platform by design, dangerous consequences of attacks such as XSS, Clickjacking and also HTTP declarative policies. With this background, in this article, we shall discuss about Content Security Policy (CSP), a new HTTP declarative security policy enforced by modern web browsers to ﬁ ll some of the security gaps in the web platform. CSP is an opt-in, defense-in-depth security mechanism and can be easily implemented by web administrators to strengthen the security of their websites.

Introduction and related security By design of the World Wide Web, problems. Techniques webpages are allowed to load content such as fi ltering and (images, scripts, stylesheets etc.) sanitizing JavaScript, from third party servers without any creating secure restrictions. Modern websites benefi ted JavaScript subsets, from this freedom by incorporating third enhancing browser party content such as Google Analytics, architectures by social plugins (Facebook Like, Tweet incorporating strict etc), thereby enhancing user experience. isolation techniques etc. However, lack of restrictions on HTTP were proposed. However, requests happening in a webpage led to each of these solutions several attacks such as Cross Site Scripting had shortcomings (XSS), Data exfi ltration, Clickjacking etc. related to usability, In a typical XSS attack, an attacker backward compatibility, injects malicious JavaScript code into a steep learning curve for vulnerable website. When a genuine user developers etc. Content browses the infected page, the injected Security Policy [1, 2], script gets executed in the user’s browsing which was proposed by context, which leads to dangerous researchers at Mozilla consequences. One of such consequences in 2010, addressed Fig. 1: Workfl ow depicti ng how CSP restricts unintended HTTP requests is stealing of sensitive data (e.g., cookies) the shortcomings of and exporting it to attacker-controlled previous solutions and ensured that it solves server (e.g., via form submission). information and this is where CSP content injection related security issues. This is known as data exfi ltration. In a shows its signifi cance. CSP helps web Clickjacking attack, a malicious page tries How Content Security Policy Works administrators in applying restrictions on to embed a genuine page in an invisible The workfl ow in Fig. 1. depicts the HTTP content that can be embedded in their web iframe and overlay it on top of fake targets. transactions happening in a typical pages. Web administrators can confi gure When users click on fake targets, their webpage and shows the role of CSP. CSP as directives (a set of rules) via HTTP click is hijacked by the invisible iframe. In Consider a webpage obtained from a response headers (arrow 2 in Fig. 1). all the above cases i.e., XSS, exfi ltration genuine server (G), by accessing the URL Browsers parse the directives and enforce and Clickjacking, either third party content http://genuine.tld (arrows 1 & 2 in Fig. 1). restrictions on every HTTP request made was included into a web page or data is Note that “tld” stands for Top Level by the corresponding page. E.g., If http:// exported from a webpage. Since there are Domain e.g., .com, .org etc. The page genuine.tld confi gures CSP such that it no restrictions on what content can be may contain resources such as scripts, allows content only from the origin http:// included in a webpage and what content stylesheets which may be loaded from partner.tld, an attacker’s attempt to inject can leave, the aforementioned attacks are trusted third party servers like P (arrows malicious script and exfi ltrate sensitive possible and are diffi cult to mitigate. Note 3 & 4). An XSS vulnerability in a webpage content to http://evil.tld will be blocked by that the above attacks are possible in spite of G could result in injection of malicious browsers enforcing CSP (arrow 5 in Fig.1). of the core security mechanism built into code, which tries to exfi ltrate (or send out) Figure 2 shows a screenshot of browsers i.e., Same Origin Policy. sensitive data to an evil server, E (arrow 5). Content Security Policy confi gured Over the last decade, web security Clearly, the absence of restrictions on Facebook.com via HTTP response researchers have proposed several on content coming in and leaving a headers. Details about the directives in defenses to mitigate content injection webpage leads to exfi ltration of sensitive the policy will be explained shortly.

CSI Communications | February 2014 | 41 Fig. 2: Snapshot of HTTP response headers of Facebook.com (captured via Chrome’s developer tools)

CSP Base Restrictions they are allowed to be made (e.g., allow will defi ne the origins for unspecifi ed When CSP is confi gured on a page, certain requests only to self and http://partner. directives. Confi guring “default-src: *” restrictions are enforced by a supporting tld). Below are a list of directives in CSP: is as good as not confi guring CSP at all. browser by default. • font-src: specify origins which can So web administrators can start with i) Inline scripts will be disabled: One of serve fonts this directive and tighten their website’s the main problems in preventing XSS is • frame-ancestors: specify which security by adding additional restrictions. diff erentiating between inline scripts origins can embed the protected Reporting: Apart from enabling content written by developers (e.g., onclick, page via iframes restrictions with the help of directives, • frame-src: specify which origins onload event handlers, code within CSP also provides a way of notifying the can be embedded via iframes in the