CSIC July 2013

CSI Communications | July 2013 | 1
w
w
w
.
c
s
i
-
i
n
d
i
a
.
o
r
g

I
S
S
N

0
9
7
0
-
6
4
7
X

|

V
o
l
u
m
e

N
o
.

3
7

|

I
s
s
u
e

N
o
.

4

|

J
u
l
y

2
0
1
3
`

5
0
/
-
Cover Story
An Approach for Robust Electronic
Trading Platform 7
Cover Story
Business Challenges of Multi Channel
Commerce and Solutions 10
Technical Trend
E-Supply Chain Management Using
Software Agents 13
Security Corner
Information Security
How Browsers Isolate Content Securely 35
201, Centaur Building, Nr. Vijay Cross Roads,Navrangpura, Ahmedabad 380 009(India)
Tel. (Off.): +91 79 2644 6065, 2656 8076 E-mail: comadahd@gmail.com Web: www.comad.in/comad2013
Hosted by
Computer Society of India Ahmedabad Chapter
ESTD. 1965
19th International Conference
on Management of Data COMAD 2013
19th - 21st December, 2013 Ahmedabad, India
COMAD has served as the premier international conference of databases in India for more than two decades now.
The first COMAD was held in 1989. The conference covers the areas of databases, data mining and information retrieval.
The conference website is at
Submissions of high quality papers in all areas of databases,
data mining and information retrieval are sought.
The submissions are handled only through the Easychair website at
https://www.easychair.org/conferences/?conf=comad2013
http://comad.in/comad2013/
COMAD 2013 will also have a set of keynotes and tutorials which will be announced later.
Papers due
Notification
Camera-ready
Important Dates
Venue:
Ahmedabad Management Association(AMA),
Ahmedabad, Gujarat
Dates
19th to 21st December, 2013
Organizers
Bipin V Mehta,Ahmedabad University
bvmehta@aesics.ac.in
Nikos Mamoulis,University of Hong Kong
nikos@cs.hku.hk
Arnab Bhattacharya, IIT Kanpur
arnabb@cse.iitk.ac.in
Harshal A. Arolkar,
Chairman, CSI, Ahmedabad Chapter
harsharolkar@yahoo.com
T V Gopal,Anna University
gopal@annauniv.edu
General Chair
Program Chairs
Organizing Chair
CSI Division-II Chair
: 12th August, 2013
: 30th September, 2013
: 21st October, 2013
Contents
Volume No. 37 Issue No. 4 July 2013
CSI Communications
Please note:
CSI Communications is published by Computer
Society of India, a non-prot organization.
Views and opinions expressed in the CSI
Communications are those of individual authors,
contributors and advertisers and they may
difer from policies and of cial statements of
CSI. These should not be construed as legal or
professional advice. The CSI, the publisher, the
editors and the contributors are not responsible
for any decisions taken by readers on the basis of
these views and opinions.
Although every care is being taken to ensure
genuineness of the writings in this publication,
CSI Communications does not attest to the
originality of the respective authors content.
2012 CSI. All rights reserved.
Instructors are permitted to photocopy isolated
articles for non-commercial classroom use
without fee. For any other copying, reprint or
republication, permission must be obtained
in writing from the Society. Copying for other
than personal use or internal reference, or of
articles or columns not owned by the Society
without explicit permission of the Society or the
copyright owner is strictly prohibited.
Published by Suchit Gogwekar for Computer Society of India at Unit No. 3, 4th Floor, Samruddhi Venture Park, MIDC, Andheri (E), Mumbai-400 093.
Tel. : 022-2926 1700 Fax : 022-2830 2133 Email : hq@csi-india.org Printed at GP Ofset Pvt. Ltd., Mumbai 400 059.
Editorial Board
Chief Editor
Dr. R M Sonar
Editors
Dr. Debasish Jana
Dr. Achuthsankar Nair
Resident Editor
Mrs. Jayshree Dhere
Published by
Executive Secretary
Mr. Suchit Gogwekar
For Computer Society of India
Design, Print and
Dispatch by
CyberMedia Services Limited
Cover Story
7
Trading Platform
Nitin Singh Chauhan and Ashutosh Saxena
10
Commerce and Solutions Inevitable
Shifting to the New Paradigm but
Challenges to Overcome
Sushil Paigankar
12
Best Practices for E-Business Projects
Sreerekha Bakaraju
Technical Trend
1 3
E-Supply Chain Management
Using Software Agents
Prashant R Nair
Research Front
1 7
Public Service Delivery System &
E-governance
Dr. S P Kulshrestha
20
Inverted Pyramid Approach for
E-Mail Forensics Using Heterogeneous
Forensics Tools
N Sridhar, D Lalitha Bhaskari and P S Avadhani
Articles
23
Unleashing Android Over Linux
Host Created Under Virtual Box
Trilok Kumar Saini

26
GNU/Linux on Aakash
Sachin Patil and Srikant Patnaik

Practitioner Workbench
30
Programming.Tips()
N-Tier Application Development
Architecture using ASP.NET
Trushali Jambudi
31
Programming.Learn(R)
Data Structures in R
Umesh P and Silpa Bhaskaran
CIO Perspective
32
Interview with Mr. Jason Gonsalves,
Vice President - Corporate Planning
and IT, Performance Coatings
Division, Kansai Nerolac Paints Ltd.
Mrs Jayshree A Dhere
Security Corner
35
How Browsers Isolate Content Securely
Krishna Chaitanya Telikicherla
PLUS
Security Corner: IT Act 2000
Mr. Subramaniam Vutha
38
Brain Teaser
Dr. Debasish Jana
39
Ask an Expert
Dr. Debasish Jana
40
Happenings@ICT: ICT News Briefs in June 2013
H R Mohan
41
CSI Report 42
CSI News 43
CSI Communications | July 2013 | 4 www.csi-india.org
Important Contact Details
For queries, correspondenceregarding Membership, contact helpdesk@csi-india.org
Know Your CSI
Executive Committee (2013-14/15)
President Vice-President Hon. Secretary
Prof. S V Raghavan Mr. H R Mohan Mr. S Ramanathan
president@csi-india.org vp@csi-india.org secretary@csi-india.org
Hon. Treasurer Immd. Past President
Mr. Ranga Rajagopal Mr. Satish Babu
treasurer@csi-india.org ipp@csi-india.org
Nomination Committee (2013-2014)
Prof. H R Vishwakarma Dr. Ratan Datta Dr.Anil Kumar Saini
Regional Vice-Presidents
Region - I Region - II Region - III Region - IV
Mr. R K Vyas Prof. Dipti Prasad Mukherjee Prof. R P Soni Mr. Sanjeev Kumar
Delhi, Punjab, Haryana, Himachal Assam, Bihar, West Bengal, Gujarat, Madhya Pradesh, Jharkhand, Chattisgarh,
Pradesh, Jammu & Kashmir, North Eastern States Rajasthan and other areas Orissa and other areas in
Uttar Pradesh, Uttaranchal and and other areas in in Western India Central & South
other areas in Northern India. East & North East India rvp3@csi-india.org Eastern India
rvp1@csi-india.org rvp2@csi-india.org rvp4@csi-india.org
Region - V Region - VI Region - VII Region - VIII
Mr. Raju L kanchibhotla Mr. C G Sahasrabudhe Mr. S P Soman Mr. Pramit Makoday
Karnataka and Andhra Pradesh Maharashtra and Goa Tamil Nadu, Pondicherry, International Members
rvp5@csi-india.org rvp6@csi-india.org Andaman and Nicobar, rvp8@csi-india.org
Kerala, Lakshadweep
rvp7@csi-india.org
Division Chairpersons
Division-I : Hardware (2013-15) Division-II : Software (2012-14) Division-III : Applications (2013-15)
Prof. M N Hoda Dr. T V Gopal Dr. A K Nayak
div1@csi-india.org div2@csi-india.org div3@csi-india.org
Division-IV : Communications Division-V : Education and Research
(2012-14) (2013-15)
Mr. Sanjay Mohapatra Dr. Anirban Basu
div4@csi-india.org div5@csi-india.org
Important links on CSI website
About CSI http://www.csi-india.org/about-csi
Structure and Orgnisation http://www.csi-india.org/web/guest/structureandorganisation
Executive Committee http://www.csi-india.org/executive-committee
Nomination Committee http://www.csi-india.org/web/guest/nominations-committee
Statutory Committees http://www.csi-india.org/web/guest/statutory-committees
Who's Who http://www.csi-india.org/web/guest/who-s-who
CSI Fellows http://www.csi-india.org/web/guest/csi-fellows
National, Regional & State http://www.csi-india.org/web/guest/104
Student Coordinators
Collaborations http://www.csi-india.org/web/guest/collaborations
Distinguished Speakers http://www.csi-india.org/distinguished-speakers
Divisions http://www.csi-india.org/web/guest/divisions
Regions http://www.csi-india.org/web/guest/regions1
Chapters http://www.csi-india.org/web/guest/chapters
Policy Guidelines http://www.csi-india.org/web/guest/policy-guidelines
Student Branches http://www.csi-india.org/web/guest/student-branches
Membership Services http://www.csi-india.org/web/guest/membership-service
Upcoming Events http://www.csi-india.org/web/guest/upcoming-events
Publications http://www.csi-india.org/web/guest/publications
Student's Corner http://www.csi-india.org/web/education-directorate/student-s-corner
CSI Awards http://www.csi-india.org/web/guest/csi-awards
CSI Certication http://www.csi-india.org/web/guest/csi-certication
Upcoming Webinars http://www.csi-india.org/web/guest/upcoming-webinars
About Membership http://www.csi-india.org/web/guest/about-membership
Why Join CSI http://www.csi-india.org/why-join-csi
Membership Benets http://www.csi-india.org/membership-benets
BABA Scheme http://www.csi-india.org/membership-schemes-baba-scheme
Special Interest Groups http://www.csi-india.org/special-interest-groups
Membership Subscription Fees http://www.csi-india.org/fee-structure
Membership and Grades http://www.csi-india.org/web/guest/174
Institutional Membership http: //www. csi -i ndi a. org/web/guest /i nsti ti uti onal -
membership
Become a member http://www.csi-india.org/web/guest/become-a-member
Upgrading and Renewing Membership http://www.csi-india.org/web/guest/183
Download Forms http://www.csi-india.org/web/guest/downloadforms
Membership Eligibility http://www.csi-india.org/web/guest/membership-eligibility
Code of Ethics http://www.csi-india.org/web/guest/code-of-ethics
From the President Desk http://www.csi-india.org/web/guest/president-s-desk
CSI Communications (PDF Version) http://www.csi-india.org/web/guest/csi-communications
CSI Communications (HTML Version) http://www.csi-india.org/web/guest/csi-communications-
html-version
CSI Journal of Computing http://www.csi-india.org/web/guest/journal
CSI eNewsletter http://www.csi-india.org/web/guest/enewsletter
CSIC Chapters SBs News http://www.csi-india.org/csic-chapters-sbs-news
Education Directorate http://www.csi-india.org/web/education-directorate/home
National Students Coordinator http: //www. csi -i ndi a. org/web/nati onal -students-
coordinators/home
Awards and Honors http://www.csi-india.org/web/guest/251
eGovernance Awards http://www.csi-india.org/web/guest/e-governanceawards
IT Excellence Awards http://www.csi-india.org/web/guest/csiitexcellenceawards
YITP Awards http://www.csi-india.org/web/guest/csiyitp-awards
CSI Service Awards http://www.csi-india.org/web/guest/csi-service-awards
Academic Excellence Awards http://www.csi-india.org/web/guest/academic-excellence-
awards
Contact us http://www.csi-india.org/web/guest/contact-us
Electronic Commerce is now a way of life. I am glad that this
issue of CSI Communication focuses on that. The convenience
ofered by the ubiquitous and pervasive digital space is
irresistible! Be it paying ones utility bills or transferring
funds from one bank account to another or shopping online,
e-commerce is everywhere today. Besides, gen-next is very
comfortable online. Perhaps the irreversible change has set in.
It is fashionable today to have online web presence, tweet on a
variety of issues, connect using Facebook, generate discussions
through blogs, exchange information using email, interact
through Skype, and search endlessly for information using
Google. Suddenly, we have acquired a fourth dimension one
that we are not used to perhaps not designed for (!) Tele-
presence stretching itself to Tele-porting. We are walking /
jogging / running / surng / ying through unknown territory
without knowing the inherent risk and without understanding
where the liability rests. Besides, the Cyber citizen of today is
not only present ubiquitously in Cyber Space, but also exposed
to possible monitoring 24 x 7.
In the month of June 2013, I read several articles about
surveillance by State, use of Metadata for tracking and
understanding, endless intellectual polemics on Security and
Privacy and so on, with great interest (because of my curiosity
as an academic) and concern (as a citizen). In fact, by the time
this article reaches you, India would have formally unveiled the
Cyber Security Policy. New environment would have set in.
Going down the memory lane, I am reminded of the seventies
and eighties when the whole world was trying to network
computers somehow. Looking back, I feel that they were
done at trusted times. There was no concern of security,
leave alone privacy. After more than three decades, the rules
of the game have changed. What was once considered a
promotional and interactive tool in the hands of a researcher
has become the foundation of existence of society today. All
aspects of human behavior are today mimicked in the online
digital society Philanthropy, Governance, Piracy, Commerce,
Entertainment, Societal interactions, Education, Health,
Marketing, Advertising, Cheating, Bullying you name it and it
is there in one form or the other. The added complexity is the
global nature and the unrestricted jurisdiction that the Cyber
Space ofers. Now the whole world is working overtime to
nd quick xes to protect against a possible digital tsunami.
While at it, with a hidden face some individuals and nation
states do exactly what they do not want others to do. Result
is that our systems are becoming complex and operating
procedures cumbersome. The cyber citizen who started of
with the careless abandon of a child and is now being forced to
be accountable and responsible for everything one does from
absolute convenience to absolute nightmare.
What can Computer Society of India do? Of course, we can
bring in awareness by running courses in several forms and
formats. Such actions do not go very far. Do we really have
a response to this challenge? Being such a large body of
professionals, it has become our duty now to nd an answer.
As I visualize it, collective response from CSI could probably be
the answer. Let me share with you my thoughts on this.
As I mentioned in my earlier message to you, students are
our backbone and therefore our greatest strength. Even if we
harness half of our student membership for this endeavor, we
are talking about 50,000 man-years of efort every year! We
can completely re-design the Cyber Space including all the
hardware and software that is inside the Cyber Space. While it
sounds outrageous, it is also a great opportunity in electronic
system design. We in CSI can make a huge diference, if we
can channelize our student projects for the next three years to
focus on Securing Cyber Space. Are we ready for it? National
Student coordinator supported by division chairs and regional
VPs can do the trick. SIGs are there for intellectual support. We
can help automate implementation of any policy, if we have
control over the way the Cyber Space is architected and built.
We can bring about trust by design!
Dear members Think about it; talk about it; and nally do
something about it. Let us work together for the re-emergence
of Trusted times
I will catch up with you soon
Prof. S V Raghavan
President
Computer Society of India
Presidents Message
Prof. S V Raghavan
From : president@csi-india.org
Subject : Presidents Desk
Date : 1st July, 2013
Dear Members
Editorial
Rajendra M Sonar, Achuthsankar S Nair, Debasish Jana and Jayshree Dhere
Editors
All of us know that eCommerce is catching up in India, and it is
not only limited to only travel portals but many online websites
and portals have come up in recent past ofering a variety of
products online with many payment options including COD (cash-
on delivery). Many businesses have been e-enabled making them
e-businesses. We feel this is the right time that CSI-C covers
e-Commerce and e-Business as cover theme. We are also happy to
note that we have been getting good amount of contributions from
Industry professionals.
Critical requirements of online commerce transactions are
being always available, reliable, scalable and secure platforms and
frameworks. We start July 13 issue under cover story with article on
Trading Platform by Nitin Singh Chauhan and Ashutosh Saxena
of Infosys introducing what the electronic platform for trading is.
They explain and discuss the components, techniques for availability
and reliability; and methods and techniques of security. They also
propose possible techniques that can help the trading rms to have
secure and reliable platforms. Todays businesses especially in
retail sectors cannot operate using only single channel out of many
channels available. They must be multi-channel in order to access
larger market base, since customers and other stakeholders can use
various channels based on availability, accessibility and afordability.
However, one of the challenges remains regarding how to have
unied customer view if the same customer uses multiple channels.
Second article under cover story is: Business Challenges of Multi-
Channel Commerce and Solutions Inevitable Shifting to the New
Paradigm but Challenges to Overcome by Sushil Paigankar, Head of
ECM, Portal and eCommerce Practice, iGate Global Solutions.
We have one more article in cover story by Sreerekha Bakaraju
from Canada on Best Practices for E-Business Projects. She
concludes that following best practices, e-Business projects can
achieve customer satisfaction, productivity and attain successful, on
time delivery of projects.
Software agents have been around in many domains and play
signicant role on behalf of us behaving like intelligent assistants.
We have one article in technical trends by Prashant R Nair Vice-
Chairman Information Technology, Amrita School of Engineering,
Amrita Vishwa Vidyapeetham University titled E-Supply Chain
Management Using Software Agents which describes approach
and application areas in Supply Chain Management.
In research front section, we have an article on Public Service
Delivery System & E-governance by Dr. S P Kulshrestha, Senior
Technical Director, NIC, Uttarakhand State Unit, Dehradun. After
introducing e-Governance, Dr. Kulshrestha talks about: scope
for public service delivery system, need for unique identity for all,
regional languages vs. English and technological Challenges. He
proposes a public service delivery model and concludes that in spite
of all issues and challenges, quality public services are ofered by
banks, railways, and Income tax department, which we all experience.
Email is something almost everybody uses in day-to-day of cial
and personal correspondence and again one of the challenges is
security. Second article in research front section focuses on e-mails
and is written by N Sridhar, D Lalitha Bhaskari and P S Avadhani
of Dept. of CS&SE Andhra University, Visakhapatnam. They write
about cyber crimes using emails, various stages in e-mail forensics
incident response and inverted pyramid approach for e-mail
forensics. Their approach provides a systematic procedure for
e-mail forensics investigator.
In article section we have two practice-oriented and technical
articles - the rst one Unleashing Android Over Linux Host Created
Under Virtual Box is by Trilok Kumar Saini, RHCE, Defense Electronics
Applications Laboratory (DEAL). The second one is by Sachin Patil,
Linux System Administrator and Srikant Patnaik, Research Assistant,
FOSSEE, IIT Bombay titled GNU/Linux On Aakash.
In CIO section we have an interview of Mr. Jason
Gonsalves taken by Mrs Jayshree A Dhere, Resident Editor, CSI
Communications. Mr. Gonsalves is Vice President - Corporate
Planning and IT, Performance Coatings Division, Kansai Nerolac
Paints Ltd. The interview covers various aspects of managing IT, IT
function and IT resources.
We are happy to announce that in security corner column we
are starting a series of articles on security of web platforms, under
the feature Information Security. The rst article in this series is
written by Mr. Krishna Chaitanya Telikicherla, Research Associate,
Security and Privacy Research Lab at Infosys. In this article he
explains the basic security model of web browsers and emphasizes
on the core security policy of browsers called Same Origin Policy,
on which security of the entire web platform is dependent. Our
regular contributor Advocate Mr. Subramaniam Vutha, who writes
on technology law issues, provides a write-up on Legal Uses of
Cryptography under IT Act 2000 feature.
In our practitioners workbench section, we have rst article
under Programming.Learn on data structures in R by Umesh P
and Silpa Bhaskaran, Department of Computational Biology and
Bioinformatics, University of Kerala and second article under
Programming.Tips() by Trushali Jambudi, Lecturer, H L Institute of
Computer Applications, Ahmedabad University, Ahmedabad on
N-Tier Application Development Architecture using ASP.NET.
H R Mohan, Vice President, CSI, AVP (Systems), The Hindu,
Chennai brings us the ICT News Briefs under various sectors at a
glance in June 2013 in the regular column Happenings@ICT. Dr.
Debasish Jana, Editor, CSI Communications presents a crossword
for those who want to test their IT knowledge on e-business under
Brain Teaser column and answers questions under column Ask an
Expert: Your Question, Our Answer.
We hope that our esteemed readers nd this issue a learning
experience and wish that it makes them more knowledgeable.
We have other regular features like CSI announcements, CSI
Reports and Chapter and Student Branch News along with calls for
papers and participation. Remember we eagerly await your feedback
and welcome it at the email id csic@csi-india.org. Do drop in a mail if
you like the articles or even if you do not like them. Do provide your
suggestions on what you would like to read and learn about. Also do
send your contributions for csic.
With warm regards,
Rajendra M Sonar, Achuthsankar S Nair,
Debasish Jana and Jayshree Dhere
Editors
Dear Fellow CSI Members,
Todays businesses especially in retail sectors
cannot operate using only single channel out of
many channels available.
Critical requirements of online commerce
transactions are being always available, reliable,
scalable and secure platforms and frameworks.
Introduction
Evolution of the Internet has signicantly
changed the landscape of trading and
commerce. Gone are the days when
the only way to trade was face to face
negotiation on the oors. Shouting
and the use of hand signals to transfer
information on a chaotic pit was the way
to communicate buy and sell orders.
Now, electronic trading has replaced this
process of open outcry or pit trading.
With electronic trading, traders can sit
comfortably at their convenient locations,
and execute buy and sell orders without
their physical presence on the trading
oors. Reduced time and eforts to
perform trade has attracted common man
to participate in business activities, and
thus helped in proliferation of trading.
A typical electronic trading platform
ofers securities products/services and
performs integrated securities execution,
management, and settlement process.
Electronic trading platform can be used
to place orders for buying and selling of
nancial products such as shares, bonds,
currencies, commodities, and derivatives
with a stock exchange. Electronic trading
platform is widely accepted and most of
the markets are using this, according to
a survey, up to 70% of trading in the US
and around 30% of trading in Europe
is conducted electronically. Computer-
driven trading accounts in Singapore,
Hong Kong, Japan, Australia, and India,
are up from an average of 11% in 2008,
and are expected to hit 58% next year.
However, like any other online and
web based services it also has many
challenges. Trading platform architecture
has to respond to demands for speed,
volume, and ef ciency. There are regulatory
requirements also, which demand
guarantee of best execution for client.
Hence, platform availability, reliability, and
transaction execution speed are critical
for trading rms, while ofering electronic
trading service. Security and privacy is
another key concern for trading platform
design, because nancial transactions
are involved in trading business. Sensitive
information need to be protected from
possible malicious activities and system
failures. These business requirements
push for a greater need of very secure,
reliable, and performance ef cient system.
Any security and availability related
incidents can cause potential damage to
reputation and invite nancial losses to
company ofering such platform services.
In this article, we have identied
key components of trading platform and
discussed criticality of those components
with respect to reliability, high availability,
and security. Proposed approach identies
critical processes in the trading platform
environment and applies few identied
techniques to bring reliability in an
e-trading platform system stack. This
article does not intent to cover concepts
of infrastructure level high availability
(Networks, Hardware etc.) and redundant
data centers, but aims to explore
opportunities for applying some existing
reliability and availability techniques at
system level ( e.g. software , database
level) in a trading environment. We will
also discuss holistic security requirement
for various components of trading
platform and propose controls to build
secure environment for online trading of
nancial products.
Components of Electronic Trading
Platform
Electronic trading platforms usually have
complex environment with multiple
application and heterogeneous systems.
Trading platform components also have
various interfaces to communicate with
external entities. Fig. 1 describes various key
components of a typical trading platform.
Front Of ce: The front of ce
primarily provides functionality of buying
and selling operations of securities to
traders. The front of ce applications
usually include trade execution, news
data feeds, deal monitoring, and position
keeping applications. These applications
ofer user interfacing functionalities and
should be considered highly critical from
availability and security prospective.
Middle Of ce: Application in this
layer performs operation of validation,
booking, and conrmation, and supports
risk management operations. Middle of ce
applications are considered critical due to
validation, as accounting, reconciliation,
and book keeping is performed at this
layer and processed at the back end.
Back of ce: Back of ce primarily
supports trading oor administrative tasks
including clearance, deal settlements, and
acts as the main regulatory compliance
and accounting body within a trading
environment. All logging and compliance
data is stored within the backend systems.
Application can have relatively high
latency and less criticality, as compared to
front and middle of ce.
Middleware: Multiple applications
are involved in typical electronic trading
platforms that need to communicate with
each other. Middleware is software that
enables communication and management
of data between distributed and
Trading Platform
Nitin Singh Chauhan* and Ashutosh Saxena**
*Senior Research Scientist at Infosys, India
**Principal Research Scientist at Infosys, India
Cover
Story
Fig. 1: System and components of securites trading platorm
heterogeneous application environment.
Enterprise service bus (ESB) is an example
of middleware software architecture that
helps in designing and implementing
communication between applications
using service-oriented architecture (SOA).
Low latency and high availability are core
considerations for middleware design, and
implementation as speed of communication
is critical in a trading environment.
In a typical process of electronic
trading, a user/trader can request for
trade through multiple interface (web, call
center etc.) provided by trading platform.
These requests are handled by front
of ce applications and sent to exchange
markets (e.g. BSE, NSE) for execution.
Middle of ce and back of ce performs
various activities of validation, booking,
and settlements. There may be also option
to access market directly by using Direct
Market Access (DMA) option, which
reduces the latency.
Techniques for Availability and
Reliability
To design high availability and reliability
in any system, process and technology
related various implementations are
required. In this section, we discuss only
few of the reliability and availability related
techniques and identify applicability of
them in electronic trading environment.
In our approach, we identify the
critical processes of trading platform and
apply system level process replication,
error detection, and audit related
techniques to develop reliable and
dependable system stack for an electronic
trading platform.
Critical Process Selection
Trading platform should be designed, to
meet challenges of performing near real
time transactions and high availability
during trading hours and burst load. While
designing architecture of trading platform
system, key activity is to identify system
application component and classify them
according to criticality with respect to
availability and performance.
Some of the trading platform
applications need to have high
performance capabilities. Such critical
applications should able to meet criteria
of high performance availability, during
trading hours but other applications in
the system can aford to have relatively
high latency.
Considering these challenges and
requirements, a good solution would be
to divide the set of applications into two
categories and selectively apply high
availability and performance techniques
to such applications. We also propose
to take input from BIA (Business Impact
Analysis) process, while classifying the
criticality of application system from
availability aspect.
High Performance Applications:
Order Management System, Feed
handlers, Validation, Algorithmic Trading,
Price Engine, and Risk Management
Other Applications: Reporting,
Settlements, Data warehouse related
services
Fig. 2 depicts the critical component
and path (Red Colored Lines) during the
trade process ow.
High performance system can have
two type of data traf c:
(1) Trading Ordersthis type of traf c
carries the actual trades and orders.
This data is bi-directional and
very latency sensitive. The system
involved to execute trade orders,
requires consistency and high
availability. The orders originate buy/
sell are sent to exchange, for trading
execution.
(2) Market Feed Data pricing
information for nancial instruments,
news, and other information can ow
from one or multiple external feed
(Like stock exchanges, news feed).
Market feed process is very latency
sensitive. The data is received by feed
handlers, converted to appropriate
format, and pushed to various
other systems like pricing engines,
algorithmic trading applications etc.
Selective Replication Technique&
Process Pairs
Processor-level selective replication is a
mechanism, to dynamically congure the
degree of instruction-level replication,
according to the applications demands.
Selective replication can be adopted for
front of ce and middle of ce system
application. One can identify program
variables, which are critical and error in
such variable can lead to a program crash
or hang with a high probability. These
variables will be referred to as critical
variables. Using program fan-out as a
metric, the location and variable that needs
to be checked can be identied. It allows
applications to choose code sections for
replication that are critical to its crash-free
execution. This decreases the impact on
the performance. It is also known that many
of the processor-level faults do not lead
to failures observable in the application
outcome. So, selective replication also
decreases the number of false positives. For
example, for trade order validation process,
selected instructions that handle critical
variables can be replicated; and executed
in redundant mode through process pair
technique. Mismatch in result from these
two processes indicates the error in one
of them, which needs to be addressed for
reliable results.
Framework for Database Audit and
Control
We propose to apply framework for
database audit, and control ow checking
errors in trading database of order
management system and validation
database. This framework uses various
database audit related techniques for
front of ce databases (order management
database and validation data base) to
check any failures and ensure availability
during trading timings. The audit
process framework can be extended to
other critical systems as well. Various
components of database audit and control
are described here.
Fig. 2: Critcal process selecton in trading environment
Program Indicator: Program indicator
element can identify the deadlock
conditions, in management database and
validation data attributes. For any reason if
the client process of validation terminates
prematurely without releasing lock on
validation database, other validation
process may not be able to perform
validation. Database API is modied to,
add send message and track program
counter value to identify any deadlock
condition.
Event Trigger Audit: This feature
of auditing system triggers audit, based
on occurrence of certain pre-dened
conditions. In case of order management
database there could be various possible
conditions, which can cause such triggers.
Some of them are:
Huge buy/sell order placements
Unexpected order variation trends in
dened condition (like IPO days etc).
Event triggers on threshold
activities(sudden fall or rise of
stock price in DB beyond dened
circuit limit)
Selective Monitoring of DB
attributes: Data classication scheme can
be dened to identify the critical columns
in the database for which good static audit
rules are not available. For example, order
quantity for one stock may not follow some
static trend and requires to be captured at
runtime by calculating average in all active
record; and by setting up threshold for the
period for comparison.
Other Audit Elements: Structural
checks, range checks on order and
validation databases are some other
techniques to be performed in the database
system to validate correctness of data.
Methods and Techniques for
Security
Fig. 3, describes various security
controls applied on trading platform
components. Every component of the
trading platform may have diferent kinds
of security threats. Web interface of
portal application is accessed through
public network and is exposed to various
malicious activities or attacks. Therefore,
it is important to have proper access
control, authentication and auditing
mechanisms implemented. Portal website
exposed to end user should also undergo
vulnerability assessment and penetration
testing to identify weaknesses in the
system. Trading platform need to interact
with external entities for live marketfeed
and to communicate trading orders with
stock exchange. Communication channel
for such information ow should be well
protected. Further, as mentioned in
g. 3, infrastructure security controls
are also required to protect the servers,
networks, and various devices that
are used to make the trading platform
operational. Security controls related to
authentication, authorization, and audit
should be implemented in middleware
system and settlement system as well, to
provide secure environment for trading
platform.
Proposed trading platform should
meet, following security requirements
and technology solutions can be applied
accordingly:
Access to the application and data
within trading platform environment
should be authenticated and limited
to identify users only.
Trading platform solution shall
prevent unauthorized access and
corruption of data.
Solution should have option/
necessary infrastructure support
to encrypt communication to/from
outside trading environment.
Any sensitive data that is stored in the
trading platform system should be
encrypted using standard encryption
algorithms and techniques.
Role based permissions model
should be applied on the functional
requirements for users and roles
identied.
Input/output validation must be
carried out for all types of data input/
output to the application to ensure
that it is correct and appropriate.
Audit trail for systems and users
key actions to be recorded for fraud
prevention and investigation.
Applicable systems in environment
should be protected with anti-
malware solution.
All communication between external
and internal trading environment
must be subjected to rewall
mediation and IDS/IPS inspection.
All network &security devices
must be monitored by a centralized
management system and logs
must be saved by such system for
investigation & audit purpose.
By ensuring that all servers and other
devices used for trading environment
are kept up to date with the latest
patch releases (Patch Management
Solution).
By ensuring that that errors /
exceptions are handled securely
and error messages do not reveal
sensitive information, which can be
used to facilitate an attack.
Risk assessment and security
analysis must be carried out during
various stages of SDLC. (Initiation,
Requirement gathering, Design,
Coding, Implementation, Testing)
Security testing needs to be
carried for adherence to security
requirements. Vulnerability
assessment, penetration tests should
be performed for web applications.
Concluding Remarks
Security and reliability are key requirements
for any trading platform system. Trading
platform is a complex system and can
have multiple applications, technologies,
interfaces, and communication modules.

Fig. 3: Holistc security view of trading platorm
Trading platforms security, reliability and
high availability are very important from
business point of view, as unavailability or
non-functioning of critical systems during
trading hours could lead to huge nancial
losses and damage market reputation as
well. In this article, we proposed few possible
techniques that can help in providing reliable
and secure trading environment.
Disclaimer: All services, company,
and product names are owned by the
respective owners, and authors have
no intention to use them in any favor.
Authors presented their understanding
of various technologies without any
prejudice. The views expressed here are
the authors personal opinions; they might
not represent the view of Infosys Ltd.
References
[1] Electronic trading now at the crossroads,
ht t p: //www. f t segl obal mar ket s. com/
electronic-trading-now-at-the-crossroads.
html, published in FTSE Global Market site,
02 January 2013
[2] http://en.wikipedia.org/wiki/Electronic_
trading_platform
[3] Excerpts from the 2012 Electronic
Trading Report, http://www.
i n t e r a c t i v e d a t a . c o m/u p l o a d s /
File/2012-Q4/trading/InteractiveData_
ElectronicTradingReport2012.pdf
[4] Trading Floor Architecture, ,http://
www.cisco.com/en/US/docs/solutions/
Verticals/Trading_Floor_Architecture-E.
html
[5] Nithin Nakka, Karthik Pattabiraman, and
RavishankarIyer. 2007. Processor-Level
Selective Replication. In Proceedings of
the 37th Annual IEEE/IFIP International
Conference on Dependable Systems and
Networks (DSN '07). IEEE Computer
Society, Washington, DC, USA, 544-553.
DOI=10.1109/DSN.2007.75 http://dx.doi.
org/10.1109/DSN.2007.75
[6] SaurabhBagchi, Y Liu, Keith Whisnant,
ZbigniewKalbarczyk, Ravishankar K. Iyer,
Y. Levendel, and Larry Votta. 2001. A
Framework for Database Audit and Control
Flow Checking for a Wireless Telephone
Network Controller. In Proceedings of
the 2001 International Conference on
Dependable Systems and Networks
(formerly: FTCS) (DSN '01). IEEE Computer
Society, Washington, DC, USA, 225-234.
[7] The trader is dead, long live the trader!-
A nancial marketsRenaissance by IBM
Business Consulting Services, http://www-
935.ibm.com/services/us/imc/pdf/ge510-
6270-trader.pdf
[8] ht t p: //www. i r mpl c. com/downl oads/
whitepapers/Risky_Business-Hacking_The_
Trading_Floor.pdf n
A
b
o
u
t

t
h
e

A
u
t
h
o
r
s
Nitin Singh Chauhan is a senior research scientist at Infosys, India. His research interests include cloud computing,
information security, and sustainable IT. Chauhan received his masters in computer application from Jai Narain
Vyas University, Jodhpur, India. He also holds multiple certications including Certied Information Systems
Security Professional (CISSP), Certied Information Systems Auditor (CISA), ITIL V3 Foundation, ISO 27001 Lead
Auditor (Q), and BS 25999 Lead Implementer (Q). Contact him at nitin_chauhan01@infosys.com.
Ashutosh Saxena is a principal research scientist at Infosys, India. His main research interest is information
security. Saxena received his PhD in computer science from Devi Ahilya University, Indore,India. Saxena has more
than 80 international publications and few granted patents. Hes a life member of CSI and senior member of IEEE.
Contact him at ashutosh_saxena01@infosys.com.
Organizations are expected to hugely
benet from the progression towards
a multi-channel/ omni-channel
environment. However, this multi-
channel environment is opening up
new challenges which will have to be
addressed if organizations were to garner
all the benets ofered by multi-channel
eCOMMERCE.
A key outcome of a multi-channel
environment is the fragmentation in
consumer interactions and, in turn, the
consumer information. The consumer has
an option to avail any of the channels to
interact, and a single transaction could
have multiple channels being used by
the provider and the consumer. The
entire shopping journey for a consumer
would entail the shopping path crossing
over from one channel to another before
the transaction is closed. The paradox is
that the consumer today is ever-present,
but increasingly elusive! It is very much
possible that while crossing channels, the
consumer may also switch the provider.
There is expectation of portability of
content, information and the overall
experience from one channel to another.
For example, coupons are a perfect case
of customers wanting them transferred
from one channel to another when closing
a transaction. Any let down of expectation
would lead to the consumer moving to
another provider. Todays consumer is a
spender, makes quick decision but is also
very impatient!
This penchant of the consumer to use
multiple channels is the outcome of the
availability of very good mobile devices/
platforms coupled with attractive
social media platforms. However, new
platforms come at regular frequency
with the consumer quickly embracing
them. This will pose challenges to the
marketing department and, in turn,
the IT department to create necessary
capability to leverage the newer platforms
to its advantage. For example, Monetates
quarterly e-commerce report shows
that in 2013, Pinterest outpaced Twitter,
Facebook and Stumbleupon as the number
one referrer to e-commerce sites. As per
the data released by RichRelevance, for
December 2012 to the lead up to Easter
2013, Social Media share of traf c to
retail sites has seen remarkable change.
Facebook, which was the leader, saw its
share drop from 92% to 69% with Twitter
showing a steady pattern. However, in
contrast, it is Pinterest which shows a
jump from 6% to 25%. Also, Pinterest
showed a higher degree of inuence with
shoppers spending on average $140 to
$180 compared to the $75 to $100 for the
shoppers coming from Facebook. What
the above shows is that marketers live in a
world of agile commerce today, they would
want to rapidly switch promotions and
sales across channels and Social Media
platforms to get maximum coverage for
their products and services. This means
that the core e-commerce platform
should have ability for rapid adaptation to
anything that is thrown up to it. The core
e-commerce platform, the integration
backbone, the back-ends applications all
will have to play their role in providing this
agile e-commerce.
The proliferation of channels has
meant that the consumer expects rich
content to be available across all the
channels. Organizations are challenged
to maintain sanctity of the content across
the various channels. There is no more
a greater dampener on a brand than a
consumer nding diferent information
across channels which he/she construes as
misleading. This challenge is more crucial
to address for large global organizations
which typically have a federated structure
where there is some degree of governance
from the central body with enough
freedom given at regional/local level.
This federated structure means that
product related content and information
is getting generated and published at a
central level and also at a regional level.
With the numbers of SKUs very large,
the amount of content and information
getting generated and published is also
humungous. Keeping the brand messaging
and product information the same across
the globe, across the various channels is
a very complex task. Organizations are
looking to specic Product Information
Management (PIM)/ Product Content
Management (PCM) capabilities to be
augmented to their core e-commerce
platform. A complete implementation of
PCM will aim to not restrict product content
management to its own repositories and
back-end applications but also extend it
to encompass its suppliers and partners.
A good PIM/PCM implementation will
require a lot of preparatory work and
an adept Systems Integrator with prior
experience to make it successful.
Key Aspects of any PCM Implementation
1. Managing various Input Data formats
XML, EDI, csv etc.
2. Data transformation convert data
into product specic input format e.g.
Impex in case of hybris
3. Data cleansing Pre-dened business
rules to clean the data. Correct data
formats, remove special characters
etc. This can be crucial for a PCM
implementation. If the numbers
of SKUs is large and the product
content and data is generated over a
period of time, the quality of product
Commerce and Solutions Inevitable Shifting to
the New Paradigm but Challenges to Overcome
Sushil Paigankar
Head of ECM, Portal and eCOMMERCE Practice
iGate Global Solutions, Unit 62, SDF-2, SEEPZ, Andheri(E) Mumbai
Cover
Story
... key outcome of a multi-channel environment is the fragmentation
in consumer interactions and, in turn, the consumer information. The
consumer has an option to avail any of the channels to interact, and
a single transaction could have multiple channels being used by the
provider and the consumer.
data would be bad and a proper data
cleansing implementation would be
required.
4. Golden Data rules business rules to
decide what data to select as master
data
5. Data enrichment Using PCM
capabilities to enrich media
information. Using diferent
resolutions for diferent channels and
diferent data recipients
6. Data feed to diferent sources
Integrations to feed data to various
sources or import data from the
product specic output format e.g.
Impex in case of hybris
Retailers are not the only ones who
are ummoxed by the elusive consumer,
industries such as telecom, banking
and insurance are also facing this issue.
For example, in the case of insurance,
traditionally the customer interacted with
his agent who had developed a personal
relationship with the client and the client
looked towards him for getting the best
advice on the products and services.
Todays consumers prefer having online
reviews as one of the key parameters
to help them decide. They perceive
online reviews as unbiased and coming
from people who have experienced the
product or service. Last few years has
seen the arrival of many third-party
unbiased websites which help analyze and
compare the various insurance products.
Taking cognizance of this, Insurance
companies have also increased their
marketing budgets signicantly to ofer
multiple channels to the clients. Along
with the agents, insurance companies
now encourage sales directly through
call centers, their B2C portals, and apps
available through mobile devices.
However, cross-channel sales are
not easy! A seasoned choreography is
required to give that seamless experience,
with no drop in condence on the product
or services, to the client across all the
channels. The cleverness is in enabling
the customer to focus on the experience
of buying product and services rather than
on the channel logistics itself. The thought
process should be to avoid thinking of all
the multiple channels as separate entities
but treat all the multiple channels as a
single integrated conduit that ensures
consistent consumer experience at each
touch point. Retailers and brands will
need to re-think their marketing and
sales strategies and rebuild their supply
chains to respond to the consumer. They
will have to revisit their current process
and determine if they are good enough
to support this new paradigm. They will
have to quickly conclude on what new
technology competencies are required and
how these initiatives can be supported.
Organizations will look at using
digital strategy to extend the process to
enter into company/ brands inner working
improve the supply chain, gaining
direct business insight through greater
transparency and better movement of
underlying data. The surge in transactions
volumes due to multi-channel ecommerce
will create pressure points on the process
and the back-end applications supporting
the fulllment. Customers who are getting
accustomed to buying at a click of the
button also expect the delivery to happen
in a very short time and at their desired
location. Also, with online transactions,
since there is a wait period associated
before the buyer lays hands on the
purchase, there is a higher probability that
the order be cancelled. This new paradigm
will, therefore, create stress on specic
processes and, in turn, the back-end
applications. For example, the distribution
center will have to cater to smaller order
size, higher number of transactions
and drastic reduction in delivery time.
To counter this stress, the distribution
centers will have to rapidly reorganize
their picking and sorting process to meet
the greater responsiveness expected by
the end consumer. Innovative ideas will
come forward, for example, Amazon has
just launched its Lockers program in
the US, whereby it places metal cabinets
inside 7-Eleven stores for customers
to use as package pick-up locations.
New partnerships will be formed to
help improve the customer experience -
ubiquitous entities such as convenience
stores, petrol stations and post of ces
are likely candidates for partnerships with
online retailers to help in the last mile of
ecommerce.
Summary: Multi-channel commerce
will certainly be the norm for the future.
However, organizations will have to
gear up to bring about a successful
customer experience in the multi-
channel environment. Organizations
will have to build very adaptable
and exible e-commerce platform to
rapidly integrate new mobile and social
media platforms in their multi-channel
strategy. Organizations will have to
take steps to maintain the sanctity of
their brand content and information
across all the channels. The surge in
volume of multi-channel transactions
will create pressure on allied systems
and process. The organizations will have
to revisit their digital strategy to extend
the process to enter into a company/
brands inner working improve the
supply chain, gaining direct business
insight through greater transparency and
better movement of underlying data. The
surge in volume will also demand that
the organization audit their underlying
technology infrastructure, integration
platform and the back-end applications
to support this new multi-channel
environment
References
[1] http: //www. ri chrel evance. com/
blog/2013/04/direct-marketing-
news-infographic-the-rising-king-of-
social-sales/
[2] http://www.marketingcharts.com/
wp/i nteracti ve/pi nterest-eats-
into-facebooks-share-of-social-e-
commerce-traf c-29080/
n
Retailers are not the only ones who are ummoxed by the elusive
consumer, industries such as telecom, banking and insurance are also
facing this issue.
The thought process should be to avoid thinking of all the multiple
channels as separate entities but treat all the multiple channels
as a single integrated conduit that ensures consistent consumer
experience at each touch point.
Introduction
In present days E-business software projects
are becoming quite popular. People at their
convenience want to log into their computers
and do their business instead of physically
going to a particular shop. In this regard
e-business has got lot more importance and
has become a necessity in software projects.
To comply with and satisfy all needs of the
customers it becomes mandatory to adopt
industry regulations, standards, and to
diligently complete the software projects
for e-business. There are specic things to
consider and there is a need to take care
while designing the applications or products
for e-business. This article talks about the
best practices that should be followed when
developing the e-business projects.
First and foremost are the requirements.
There is a need to take special care when
gathering e-business project requirements.
It is necessary to accurately document and
follow these requirements. Design has to
take care of the parallel processing to begin
with. There is a huge risk for the product or
application after it goes online and is not able
to accommodate desired number of users at
a given point of time. Design has to take care
of this. Next point is complication of updating
certain products online. When for example
there are 10 items being sold online, after a
purchase of say 3 or so items, the application
has to take care of updating the total number
of items that are available. Whatever design
you use the application architecture has
to take care of this. The other point that is
crucial and necessary is about the purchase
component. Application architecture has to
provide protocols for buying the products
online. When the purchase component has
various payment methods, communication
needs to happen to transfer the funds from one
account to another to complete the purchase
transaction. Here the privacy, security, and
compliance with the banking and nancing
regulations have to be considered.
When conceptualizing the business
requirements there is a need to accurately
understand the customers requirements.
When there is purchase module involved,
which uses nancial transactions, such
projects have to be signed and it is necessary
to apply for digital signatures, security
standards, and required purchase through
3rd party software like paypal, western union
etc. Also there is a need to implement the
norms of clearing house.
Application availability is another
core aspect to consider. Normally online
applications are globally available and
accessible to whosoever has a computer
to visit that website and purchase online.
In these scenarios, websites as well as
the database have to be available almost
throughout the day on 24 X 7 basis for all
365 days of the year. This requires dedicated
servers and databases. Depending on the
size of the products, databases have to
maintained, sometimes mirrored depending
on the need of the business. If the application
provides support, things like phone service,
available communication protocols such
as emails, live chat personnel have to
be considered.
Before releasing the product to the
general public application has to be tested for
the load and performance to nd the satisfying
levels of accessing parallel at the same time.
Calculating load and performance is crucial
for e-business projects. E-business projects
have to be checked for the ease of use online,
often called usability testing.
Usability, load, performance tests are
necessary and mostly needed for e-business
projects. How easy to use the websites are is
an important part of usability testing.
These e-business projects are basically
deployed as websites. Most of these
websites are measured for their performance,
specically to calculate the time taken starting
from the user request -till the moment,
when user gets response. This is a huge
task. Application developers and database
developers have to focus on what is required
to get the optimal performance for these
requests. Lot many things need to be done at
the database level also to tune the database.
Some suggestions are to tune your SQL queries,
stored procedures or packages for shortest
time execution and use oracle optimum path
specied by the performance tools in case
of Oracle database. Database Administrator
(DBA) can use DBA tools to calculate the load
and performance. Also at the application level,
it is important to see what logic can move to
the business layer based on the performance.
GUI level checks can be at presentation
layer and rest of the business logic can be
at business layer. All these things have to be
considered for optimum performance.
In addition, at the database level, it is
necessary to check for proper primary keys,
foreign keys, and constraints. Data model
also has to be correctly designed. Many
performance issues arise because of the
incorrect database design. Databases have
to be maintained and to be backed up for
future use. In distributed environment due
to the complexity of the applications running
on diferent and multiple databases they
have to be checked for load balancing.
e-Business Business using world wide web
If the websites are designed for global
market things like currency exchange norms
and standards of accepting credit cards
have to be implemented. If the websites
have support for multiple languages,
internationalization tests have to be done to
make sure that the language transformations
are done correctly not to lose the non-English
speaking customers. As new versions of the
software are available, they have to be used
for database and for existing applications.
However, before upgrading for the website
maintenance, impact analysis has to be
done to safeguard the data and applications.
When migrating the existing applications,
careful planning needs to be done.
In conclusion, by adopting the above
best practices e-business projects can
achieve the desired customer satisfaction,
productivity and can attain successful
delivery of the projects on time. n
Best Practices for E-Business Projects
Sreerekha Bakaraju
53-180, Mississauga Valley Blvd, Mississauga, Ontario, L5A3M2, Canada
sreerekha@yahoo.com
A
b
o
u
t

t
h
e

A
u
t
h
o
rSreerekha Bakaraju has over thirteen years of experience in IT. In addition to being involved in developing Applications in
Oracle, SQL and PL/SQL in Windows and UNIX environments, she is familiar with system development methodologies
such as Agile, ITI, and she has also specialised in Testing and Quality Assurance elds. She has experience in
Financial, Telecommunications, Banking and Technological sectors in diferent parts of the world. She is successful in
conceptualizing business requirements, computing technical specications, preparing project budget and has played a
pivotal role as team member, leader, and manager.
S
O
s
c
p
Cover
Story
Abstract: Today enterprises are facing
increasing problems in adapting to sudden
changes in the market requirements as also to
cater to multiple geographies and to shorter
product lifecycle times. Various supply chain
problems like parts paucity, excessive nished
good inventories, unused plant capacity,
excessive warehousing costs, and inef cient
transportation of supplies, work-in progress
and nished goods are causing huge losses
to companies.
E-supply chain management using
software agents has the benet of solving
the tasks by various participants in the
supply chain network through their local
intelligence and problem-solving paradigms.
Using agent-based technologies, various
stakeholders, suppliers, manufacturers and
transporters can negotiate through dialogue
and interaction mechanisms and distribute
various activities in a decentralized manner
more ef ciently. Dynamic interactions
between intelligent autonomous agents to
form Multi-Agent Systems (MAS) help in
arriving at optimum course of actions or
agreements. This electronically enabled
approach ofers greater operational
ef ciency, interoperability and high exibility
to enterprises.
Applications of software agents in
various activities of the supply chain like
production planning, production monitoring,
workow modeling, negotiation, logistics,
scheduling and transportation management
are explored with case studies of live systems
like AARIA, CAPPS, and PROSA. However,
it is also observed that the use of software
agents has not moved beyond some usages
in enterprise integrations and supply chain
networks to complete end-to-end shrink-
wrapped software solutions.
Introduction to Software Agents
A software agent is a software system,
which has attributes of intelligence,
autonomy, adaptability, perception or
acting on behalf of a user. Agents can
behave autonomously or proactively.
The intelligence of an agent refers to its
ability of performing tasks or actions using
relevant information gathered as part of
diferent problem-solving techniques such
as inuencing, reasoning, and application
specic knowledge.
Agents can adapt or learn through
the choice of alternative problem-solving-
rules or algorithms, or through the
discovery of problem solving strategies.
Learning may proceed through trial-
and-error. Alternatively, learning may
proceed by example and generalization,
and then it implies a capacity to
abstract and generalize. Agents could be
autonomous, when self-contained and
capable of making independent decisions,
and taking actions to satisfy internal goals
based upon their perceived environment.
One classication of agents given
by Haag (2006) suggests that there
are four essential types of intelligent
software agents:
Buyer agents or shopping bots - Buyer
agents travel around network (i.e. the
internet) retrieving information about
goods and services. Amazon.com is a
good example of a shopping bot. The
website will ofer you a list of books
that you might like to buy on the basis
of what you're buying now and what
you have bought in the past.
Monitoring and Surveillance Agents
are used to observe and report
on equipment, usually computer
systems. The agents may keep track
of company inventory levels, observe
competitors' prices and relay them
back to the company.
User agents (personal agents) -
User agents, or personal agents, are
intelligent agents that take action
on your behalf. In this category
belong those intelligent agents that
perform tasks like checking your
e-mail and sorting it according to the
user's order of preference, Assemble
customized news reports for you.
There are several versions of these,
including newshub and CNN.
Data mining agents - This agent
uses information technology to nd
trends and patterns in an abundance
of information from many diferent
sources. The user can sort through this
information in order to nd whatever
information they are seeking.
Software Agent-Based Approach in
Supply Chain Management
Software Agents are being used in an
increasingly wide variety of applications
ranging from comparatively small
systems such as personalized email lters
to large, complex, mission critical systems
such as air-traf c control.
Today enterprises are facing
increasing problems in adapting to sudden
changes in the market requirements as
also to cater to multiple geographies and
to shorter product lifecycle times. One
study by Becker (2000) has found that
companies lose between 9% and 20% of
their value over a six-month period due
to supply chain problems. The problems
range from parts paucity, excessive
nished good inventories, unused plant
capacity, excessive warehousing costs,
and inef cient transportation of supplies,
work-in progress and nished goods.
Traditionally, supply chains have been
formed and managed by means of human
interactions. But the increasing demand
for swift-decision making in the face of
increased competition, rapid globalization
and complexity of information, is creating
a need for an advanced support in
automating supply chains and creating
e-supply chains. Fluctuations in resource
availability drive companies to respond
rapidly to maintain their production
capabilities. As these changes increasingly
occur at speeds and complexities
unmanageable by human intervention,
the need for automated supply chains
becomes all the more critical.
The traditional approach to supply
chain management requires a central
authority that creates planning and
decision-making functions, which are to be
propagated into the supply network. This
requires delegation to sub-tasks by the
central authority. However a decentralized
approach has the benet of solving
E-Supply Chain Management
Using Software Agents
Prashant R Nair
Vice-Chairman Information Technology, Amrita School of Engineering,
Amrita Vishwa Vidyapeetham University, Amrita Nagar P.O, PIN: 641112, Coimbatore, Tamil Nadu, India
Technical
Trends
A software agent is a software system, which has attributes of intelligence,
autonomy, adaptability, perception or acting on behalf of a user.
the sub-tasks by various participants
in the supply chain network through
their local intelligence and problem-
solving paradigms. Using agent-based
technologies, suppliers and manufacturers
can negotiate through dialogue and
interaction mechanisms and distribute
various activities in a decentralized manner
more ef ciently (Cobzaru 2003).
Attempts to automate solutions to
these problems are also complicated by
the need for the diferent companies in
a supply chain to maintain the integrity
and condentiality of their information
systems and operations. The modeling
technologies currently used within the
manufacturing business-to-business
standards communities such as the
Open Applications Group (http://www.
openapplications.org) and RosettaNet
(http://www.rosettanet.org) do a
good job of capturing user requirements.
Unfortunately, current technologies do
not explicitly link the requirements to
formal process models. This missing link is
crucial to ef cient SCM implementations.
One way to automate supply chains is
to gather companies into e-marketplaces
(such as Chem- Connect, http://www.
chemconnect.com, for chemicals and
Covisint, http://www.covisint.com,
for automotive supplies), where they
can negotiate for goods and services
(Huhns and Stephens 2001). However,
because companies must participate
independently, such centralization does
not foster the kinds of alliances or long-
term relationships that can signicantly
improve supply-chain ef ciency.
Agents have a high degree of
self-determination; they can decide
for themselves what, when and under
what conditions their actions should be
performed. Also dynamic interactions with
other such intelligent autonomous agents
help in arriving at optimum course of actions
or agreements. Thereby the agent-based
approach ofers opportunities to create a
virtual market place in which a number of
autonomous or semi-autonomous agents
can trade services ef ciently. Agents can
not only eliminate the need to manually
pass information about various actors and
processes, but also allow negotiation on
optimal prices within various stakeholders
in the supply chain. In such a situation, the
entire supply chain management process
becomes a multi-agent system.
Monitoring and Surveillance agents
and Data mining agents have been
used applications in SCM. For example,
NASA's Jet Propulsion Laboratory has an
agent that monitors inventory, planning,
and scheduling equipment ordering to
keep costs down, as well as food storage
facilities. Air Liquide America LP, a
producer of liqueed industrial gages,
reduced its production and distribution
costs using agents. Merck and Co., a
leading research-driven pharmaceutical
company used agents to help it nd more
ef cient ways to distribute anti-HIV drugs.
However, use of software agents
has not moved beyond some usages in
enterprise integrations and supply chain
networks to complete end-to-end shrink-
wrapped software solutions (Nair 2010).
Software Agent Application Areas in
Supply Chain Management
There are several typical application areas
of the software agent technologies that
relate to manufacturing and managing the
supply chain.
In production when we need
highly complex planning problems
to be solved, we need to control
dynamic, unpredictable and unstable
processes. Software agents allow for the
implementation of distributed planning
and control algorithms. The agents
can act autonomously and also ensure
through their communication abilities
a co-operative behavior. In production
there is also a potential for agent-based
diagnostics, repair, reconguration and
replanning. (Pechoucek et al 2004).
Another advantage of agent-based
approach is its ability to process relevant
production data, distributed across the
entire enterprise or supply chain.
Software agents can also be
employed in production monitoring tools
that support manufacturing decisions
only based on production quantities. In
case of a facility breakdown or quality
inspection results they only know that
a certain number of vehicles is afected
but neither the customer orders related
to these vehicles nor their options, e.g.
color, right hand-/left hand drive, sun
roof, etc. It would be a great step forward
for better and more transparent decisions
if the shop oor people could take their
decisions based on identied vehicles/
customer orders rather than on undened
production quantities. These agent-
based production monitoring systems
play a relevant role in supporting the
manufacturing operations; and, what is
more, they can be seen as the operational
part of the digital factory (Sauer 2004).
Mulit-agent systems (MAS) can be
used for job shop scheduling. This is done
by coordinated conict resolution in the
iterative and asynchronous multi-agent
decision-making process (Liu et al 2004).
In the domain of virtual enterprises
and supply chain management there
are requirements for forming business
networks and alliances, planning
long-term/short-term collaboration
agreements, reconguration and
dissolution of supply chains. Here we also
can use various agent technologies for
agents private knowledge maintenance,
specication of various ontologies and
ensuring service interoperability across
the supply chain.
The multi-agent technology can also
be used for creating virtual organizations.
Similarly to agentication of the factory
legacy systems or hardware machinery, one
can integrate ERP systems of collaborators,
suppliers and customers. Integrated supply
chain management requires solution for
security and authentication, trust, long
term business processes optimization,
ubiquity and openness
In the domain of internet-base
business agent technologies can be used
for intelligent shopping and auctioning,
information retrieval and searching,
remote access to information and remote
system control.
Another important application
domain is logistics. MAS can be used for
managing transportation networks and
material handling, optimal and robust
planning and scheduling, especially in
cargo transportation, public transport
but also peace-keeping missions,
military manoeuvres, etc. There is a
nice match of the agent technologies
and managing of the utility networks
such as energy distribution networks,
mobile operators networks and cable
provider networks. Here the concept of
distributed autonomous computation can
be used for simulation and predication
of alarm situations, prevention to black-
out and overload and intrusion detection
(Pechoucek et al 2005).
Negotiation is another critical area of
application of MAS for SCM. Companies
are required to comply with customer
orders even if it may be hard to do so.
Companies have to respond to the orders
quickly and ef ciently in the limited
time available to fulll the customers
requirements. Unexpected rush orders,
however, in most circumstances causes
delays in delivery and decreases ef ciency
in all of the supporting members. To
coordinate diferent supply chain entities
and solve these problems, negotiation
decisions have been identied as crucial
for successful global manufacturing.
Negotiation techniques are used to
overcome conicts and coalitions, and
to come to an agreement among agents,
instead of persuading them to accept a
ready solution (Saberi et al 2008).
Available Systems and
Implementations
Classical planning systems (using
scheduling algorithms with various
heuristics, constraint logic programming,
genetic algorithms, and simulated
annealing) work centrally and allocate
resources usually in one run for every
product order in the system. These
methods use mostly stochastic
algorithms and generate near-optimal
solutions to minimize the dened
criteria for example, sum of weighted
tardiness and inventory costs). Such
solutions are fully suf cient for planning
in stable environments. However, in
an environment with requirements
to continually revise the plan, these
approaches would breach the calculative
rationality requirement (the minimal
time required or two relevant changes
in the environment is larger than the
maximal time needed to process the
change). When replanning is required,
the plan is usually completely rebuilt
and the algorithms random aspect
can cause major, unwanted changes,
which makes this approach unsuitable
for many manufacturing areas. For
physically distributed production
units, its advantageous to break down
and distribute the planning problem.
(Pechoucek et al 2005).
Multiagent technology can address
a wide range of manufacturing decision-
making support problems, but few MAS
implementations cover more than a single
type of a problem. Solutions exist for low-
level scheduling or control systems as well
as product-conguration and quotation
phases for short and long-term production
planning and supply chain management.
Autonomous Agents at Rock Island
Arsenal (AARIA)
AARIA is a product of Agent research
conducted at University of Cincinnati. Rock
Island Arsenal is a military production
facility used to demonstrate results of
the research. The system interconnects
manufacturing processes implemented as
agents to outperform current, centrally-
controlled manufacturing systems. This is
done by allowing quick reconguration to
optimize prots and allow customization
in a dynamic business climate (Baker et
al 1999). The AARIA system integrates
manufacturing capabilities (for example
people, machines, and parts) in MAS so that
each agent interoperates with other agents
in and outside its own factory. AARIA uses a
mixture of heuristic scheduling techniques:
forward and backward, simulation and
intelligent scheduling.
Collaborative Agents for Production
Planning and Scheduling (CAPPS)
CAPPS is a system developed for
manufacturing companies in Japan. This
addresses production scheduling by
using agents to clarify relationship among
production items and manufacturing
resources in the time horizon, concerning
various constraints and objectives of
production (Nishioka 2003). Considering
the frequent changes in market needs,
real-time production management
will produce huge additional value for
manufacturers. As scheduling of shop oor
operations is a local and partial decision
in enterprises, the distributed local
scheduling problems should be integrated
at the enterprise level. Since decisions at
the shop oor are very valuable, the next
generation of production management
will be performed as a decentralized
system. CAPPS uses collaborative agents
for production planning and scheduling
and achieves system integration by
communication among agents.
Products Resource Order Staf
architecture (PROSA)
PROSA is reference architecture for
manufacturing control built by European
researchers. Its mainly oriented to
interholon architecture and identies kinds
of holons (agents) their responsibilities,
functionality, structure, and interaction
protocols. PROSA denes three main
classes of holons: product, resource, and
order. Product agents manage production
procedures and process techniquesfor
instance, which operations to perform
to achieve the product. Resource agents
represent resources such as machines.
Order agents represent manufacturing
orders and are responsible for following
deadlines. The PROSA architecture also
designed staf agents to give the previous
basic agents sophisticated knowledge
support. However there are some
drawbacks of this system which include
the possibility of a community with
numerous agents (according to the size of
the factory and number of products) with
unpredictable behavior (Nair 2010)
Conclusion
The supply chain is a worldwide network
of stakeholders like manufacturers,
suppliers, factories, transporters,
warehouses, and retailers through which
raw materials are acquired, transformed,
and delivered to customers. To optimize
performance, supply-chain functions
must operate in a coordinated manner.
But the dynamics of the enterprise and
the market make this difficult. There are
part shortages, materials do not arrive
on time, customers change or cancel
orders and so forth, causing deviations
from the plan.
In recent years, e-supply chains
through implementationss of innovative
software agents and its networks have
shown to improve supply chain planning
and execution. It views the supply chain
as composed of a set of intelligent
software agents, each responsible for
one or more activities in the supply
chain and each interacting with other
agents in the planning, negotiation
and execution of their responsibilities.
Software agents have been increasingly
explored to improve the information ow
and the decision-making process through
negotiation within networked enterprises.
Typical applications of software agents
in the various processes of supply chain
management include production planning,
production monitoring, e-collaboration,
negotiation, logistics, scheduling, and
transportation management. However,
considering the vast benets, enterprise
implementations and deployments
of software agents for supply chain
management is limited.
References
[1] Baker, Albert D (1999), Agents
and the Internet: Infrastructure for
Mass Customization, IEEE Internet
Computing. September, 1999.
[2] Becker, T J (2000), Putting a Price
on Supply Chain Problems: Study
Links Supply Chain Glitches with
Falling Stock Prices, Georgia Tech
Research News, December 12, 2000.
http://www.gtresearchnews.gatech.
edu/newsrelease/CHAINR.html
[3] Cobzaru, Mircea (2003), Agent-based
Supply Chain Management System,
Doctoral thesis, University of Calgary,
2003.
[4] Haag, Stephen, Maeve Cummings,
Amy Philips (2006). "Management
Information Systems for the
Information Age", 2006, McGraw Hill
College, Pages 224228.
[5] Huhns, Michael N and Larry M.
Stephens (2001), Automating Supply
Chains, IEEE Internet Computing,
August 2001
[6] Liu, Jyi-Shane and Katia P. Sycara
(1997), Coordination of multiple
agents for production management,
Annals of Operations Research
75(1997)235 289
[7] Nair, Prashant R. (2010), Software
Agents for Supply Chain Management,
International Journal of Decision
Making in Supply Chain and Logistics,
International Science Press, Vol. 1, No. 1,
(January-June 2010), pp 7190; Journal
ISSN #2229-7332
[8] Nishioka, Yasuyuki (2003), CAPPS:
Collaborative Agents for Production
Planning and Scheduling A Challenge
to Develop a new Software System
Architecture for Manufacturing
Management in Japan, 17th
International Conference on Production
Research August 3-7, 2003
Blacksburg, Virginia USA
[9] Pechoucek, Michal, Jiri Vokrinet, Jiri
Hodik, Petr Becvar and Jiri Pospiisil
(2004), ExPlanTech: Multi-Agent
Framework for Production Planning,
Simulation and Supply Chain
Management, Multiagent System
Technologies. Springer, 2004. ISBN
3-540-23222-2.
[10] Pechoucek, Michal, Jiri Vokrinet, and
Petr Becvar (2005), ExPlanTech:
Multiagent Support for Manufacturing
Decision Making. IEEE Transactions
on Intelligent Manufacturing Control,
2005
[11] Saberi, Sara and Charalampos
Makatsoris (2008), Multi-agent
System for Negotiation in Supply Chain
Management, The 6th International
Conference on Manufacturing Research
(ICMR08), Brunel University, UK,
9-11th September 2008
[12] Sauer, Olaf (2004), Modern
production Monitoring in Automotive
Plants, Online Publication of
Fraunhofer Institute for Information and
Data Processing, Karlsruhe, Germany
Wikipedia, http://en.wikipedia.org/
wiki/Software_agent n
A
b
o
u
t

t
h
e

A
u
t
h
o
r
Prof. Prashant R Nair is Vice-Chairman - Information Technology of Amrita University, Coimbatore. He has taught
in academic programs in USA and Europe at University of California, San Diego and So a University, Bulgaria as an
Erasmus Mundus fellow. He is on the program committee of over 60 international conferences including WWW/
Internet and editorial board of 3 scholarly journals including the newly launched CSI Transactions on ICT published
by Springer. Presently, he is nominated as Tamil Nadu State Student Coordinator for CSI.
P
i
E
I
b
Research
Front
Public Service Delivery System & E-governance
Dr. S P Kulshrestha
Senior Technical Director, NIC, Uttarakhand State Unit, Dehradun
Introduction
in the earlier phase of computerization,
the citizens were expected to go to
the service counters situated at the
departments premises for availing the
services from them. The service counters
of diferent departments were usually
scattered across the city and the citizens
were expected to go from one counter to
another traveling long distances. Waiting
time for the citizens used to be very high,
as the counters were very less as compared
to the number of people desiring the
services. It was nearly impossible to know
the actual process being followed inside
the department to provide the service. It
was also very dif cult to know the status
of the application for a service submitted
to any department.
[1]
Citizen centric services aims
to provide services round the clock.
E-Governance portals have to be
designed in a way that it is integrated
with diferent government department
applications and provide access to the
citizen and businesses. This will help the
citizen in reducing their waiting time at
the department counter and at the same
time will help them in using the services
outside of their working hours.
This will also provide transparent,
ef cient, and secured delivery of service.
As these services are integrated through
the portal, the citizen and businesses can
track the status of their service request
and get all the information required to
avail the service. The portal also allows
the citizen and businesses to perform the
transactions in a secured manner. In this
way, the e-Governance portal increases
the quality of service provided by the
government departments in both central
and state level.
E-Governance
E-governance is not an isolated work,
which is carried out by each department
but it has an inter-connection for the
information of the other departments.
In isolated computerization work each
department can use any code or standard
to fulll their requirements. Exchange of
Information at this stage is very dif cult.
For this we need to have proper standards
and uniform master codes
[5]
for various
activities and entities. Government of
India has already initiated the work for
dening the standards and a signicant
achievement has been made in this
direction. These standards and master
codes have to be made available at all
the places, where we are generating the
data and each department has to follow
those standards. These standard and
master codes have to be applied in legacy
existing databases also
[6]
. Otherwise
the databases may not interact with
each other. It is one of the most dif cult
challenges before us with respect to
E-governance.
There is also the need for Business
process reengineering as per the need
of public services delivery system and
E-governance. Business process has to be
modied keeping in view of the technology
and delivery of quality services to the level
of users satisfaction.
While designing the public service
delivery system, adequate security
measures are required for the servers
and databases. Any systems, which do
not have proper security measures, can
lead to disastrous situation. Once such
measures are in place, we can launch
automated business process. There is
need to interconnect various servers of the
PSDS in a secured manner. E-governance
can not be thought unless all public
service delivery systems are integrated
in seamless and interoperable manner.
Enforcement of the law can further be
enhanced if we have the consolidated
databases at state and national levels. Law
enforcing agencies should have access to
such state and national databases and
should be in a position to update the law
ofenders details.
Mobile Devices
Mobile applications are enhancing the
efectiveness of the E-governance in
terms of better delivery of services
[2]
.
Introduction of mobile applications in
area of public delivery systems has been
appreciated by all. Now mobile phones
are in reach of common man. Desired
information can be accessed using such
inexpensive mobile devices is a boon to
common man provided it is cost efective
and serving the need. It has been observed
that getting the services are quiet
expensive to poor people. Public service
should be made available on nominal
charges or it should be the part of the
transaction one is making like SMS alert in
nancial transaction with banks.
Mobile applications can be accessed
through laptop, palmtop, PDA devices,
mobile phones, and SMS alerts or any
other mobile devices. Applications should
be light weight in terms of bandwidth
usages. Only small piece of relevant
information should be allowed when
access is made through mobile devices.
Authenticated mobile numbers
should be the part of the user information
for existing E-governance or citizen centric
applications. The status of the transaction
should be send as an alert as E-mail or
SMS proactively or on demand (as in case
of nding the PNR status by sending PNR
no to 139). The existing databases should
be added with the mobile numbers of the
customers, so that they can be informed
about the status. Moreover, the queries
should be entertained from the mobile no
which is registered with the applications,
no one else should be allowed to get the
information about other people.
Alerts can sent on registered mobile
no. with respect to the status of the
citizens request for public delivery or it
could be in response to a SMS request.
Such systems are already in place in case
of Banks and Railways.
Issues and Challenges
Scope for public service delivery
system
The volume of income-tax applications
has increased after the department has
made it mandatory for all those who
earn over Rs 10 lakh per annum or own
assets abroad to le their returns online,
causing the departments website to crash
intermittently as several assesses try to
register before the due date. But income-
tax of cers and employees have been
helping taxpayers negotiate countdown
to their annual income-tax returns all
week. Tuesday, July 31, is the last day to
le returns. As reported since application
volume has surged, the departments
website crashed intermittently TNN | Jul
31, 2012, 06.40AM IST
It is a fact that we are still struggling
with scope and design considerations
of present e-governance, public service
delivery system. One of the major factors is
to provide the services to huge population
of this country. This is becoming a
bottleneck to any design and technology.
Now, question arises that whether the
applications/databases are to be designed
at state level or at national level.
In case the application is designed
at state level, then the same has to be
replicated in all other states, and a central
repository is required to provide services
at national level. This is a complex process
requiring lot of integration of various
servers and processes.
But if an application is designed
at national level using web technology,
then management & maintenance of the
application may not be a problem. Nation
wide access of the servers by thousand
of people simultaneously may not be a
simple task. Servers may not be able to
handle the work load. Moreover, it may
need a dedicated data centers to handle
the workload.
Need for Unique Identity for all
In order to implement public delivery
systems for E-governance, we need
to provide a unique identity
[3]
to each
individual, which can be taken as key to
all transactions. But we are not having
any such key at present. Eforts are being
made to provide the same. Duplicated
eforts are being made for provide the
same e.g. unique identity, national
population register
[4]
, and Permanent
account number (PAN). Emphasis should
be given to only one key, which can be
used in all transactions.
Once, the unique identity is allotted
to all individuals, its usage has to be
made mandatory, and then updating
all existing databases with unique ID
will not be a problem. This will help our
security/law enforcing agencies to track
the offenders in case of any problem,
which at present is very time consuming.
Furthermore, a unique identity will
provide a platform to interact one
database with others in seamlessly
with inter operable manner. This will
also help government to verify the
details of the individuals with respect to
Government/Business/Foreign entities
and to enforce law without harassing
law abiding citizens.
It is a common practice that the law
ofenders use fake or duplicate identities.
For instance on cancellations of license
people easily get another by manipulating
names and address information. For
example, the person Son Prakash
Kulshrestha may get the diferent identity
on same name i.e. Son Prakash Kulshrestha,
Son Prakash, S. P. Kulshrestha, S. Prakash
or Son P Kulshrestha. It is very dif cult to
check if these duplicate identities were
issued from diferent locations without the
verication of the credentials as in case of
driving licenses or ration card etc.
To prevent the issue of illegal and fake
identities to the citizens, their information
should be checked from central server
databases and other identities submitted
with the same should also be veried like
PAN No., bank account number, ration card
number etc. For issuing identities, of cial
name and fathers name should remain
same as in the High school certicate. Any
other name should not be accepted in any
circumstances.
Identities must be sent to the
concerned person only by post and at
the same time and they should not be
informed about the exact date of dispatch
in advance. Sending identities by post will
verify the address to some extent.
It is a common practice that the
identity issuing authorities do not verify
the documents, because of work pressure
or because of other reasons; thus giving
room to offenders to play with the law
by hiding their identity. It is suggested
that Identity issuing authorities must
have the access to the databases of
the servers of other identities issuing
authorities like passport, ration card,
bank account, verification of land line/
mobile no. etc.
Other issues like, as how to allocate
and maintain the unique identities to
people, who are homeless.. There is a
large population under this category in
India. This is a vulnerable area, which can
be misused, accused, and abused.
Regional Languages vs. English
Regional languages are another challenge
before us. Use of Unicode may sort out
this problem and can provide information
in regional language. But then searching
database from other regions would be
extremely dif cult. Therefore, databases
containing identity information on national
level must be in English only
[7]
.
Technological Challenges
The design of the databases is another
challenge before us, as the main focus of
the public services delivery applications
will be on the search facilities provided
by application server. Fast response from
servers is expected by users. SRS should
serve the requirement at national level rather
then state specic; otherwise the integration
of the databases will be very dif cult.
We have to ensure that the
applications are independent of databases
& the physical network layout including
the location of the data centers. This would
ensure portability of the applications
as well as easy manageability of the
applications, when the physical network
layout changes.
Another issue is the selection of
technological platform used to develop the
applications. Diferent departments are
using diferent technologies as suggested
by their consultant and the integration of
technologies is another challenge before
us. There are no guidelines to select the
technology. Some of the people are using
open source, while others are suggesting
proprietary software. In my view at least
for one public service delivery model,
we should have uniform platform across
the country.
Maintenance and up-keeping of the
e-governance infrastructure is the real
challenge before us. Availability of power
supply is poor in remote areas. UPS
and generator set have been provided
but it is not clear that who will bear the
operational cost to make e-governance
infrastructure up 24x7. Co-ordination
between the various stake holders like
implementing agencies, state government,
bandwidth provider is another challenge
before us, especially when the roles and
responsibilities are not dened.
At present the operations of the
e-governance infrastructure is done by
outsourced agencies. Standard skill sets
are often compromised by the agencies, as
there is no dened recruitment procedure
for selection of such manpower. There is
need to create a pool of the qualied &
trained manpower on the pattern of GATE
or NET, even for outsourced personnel.
Providing the necessary security,
protecting privacy, ofering appropriate
access control policies, ensuring that
the system supports audit requirements
adequately are some of the other challenges.
All the applications must be security
audited and capable enough to handle
the known vulnerabilities. Vulnerabilities
assessment should be done for all the
databases and servers. SSL must be
installed for all the application servers
open for public network. No compromise
should be made at any cost
[8]
.
Access of sensitive databases
should not be given on public network to
general public. Protection of databases
and network has to be given priority. Use
of latest technologies like Virtual Private
Networks (VPN) and IPSec technology
should be used.
Server should be protected in such a
way that the virus/infections in the client
machine can not harm the server system
and hence, we can prevent them from
adversely afecting the data stored.
Implementation can be done in such
a manner so that the G-C services can be
provided on internet (Public Network) and
Intranet (VPN) based network for G-G
services.
Digital signatures can be incorporated
to further enhance the security of the
databases against unauthenticated and
unauthorized access. Use of the digital
signatures should be encouraged.
Eforts should be made to protect the
server system not only from un-trusted
network but also from inside hackers and
the people involved in the management.
So, that no one can alter or misuse the
data stored.
Use of Microsoft based Operating
Systems, databases and applications are
the preferred environment in government
setup. Windows based systems are
vulnerable to viruses, worms etc. Proper
care has to be taken so that machines
(which are the part of E-governance
setup) do not get infected with viruses,
worms etc.
Proper preventive maintenance for
such system should be done on regular
basis. Databases and servers should be
monitored on regular basis for any kind of
suspicious activities.
Backup and restore is another
challenge. Generally data centers are
considered to be safe and secure. There
are robust mechanism for data backup &
restore. But still backup of the databases
has to be kept at diferent location to
protect the data from disaster if any.
Public Service Delivery System Model
Efective public service delivery model can
be thought of a combination of diferent
approaches/technologies. The design and
deliverables of public services should be
made at national level. Each state may
develop his portal with minor modications
as per their local needs and put them on
state data center (Similar to the state
register for driving licenses and vehicle
registration for transport department
as per the direction of Honble Supreme
Court). Subset of this information may be
updated in the servers catering the need
at national level. Other state department
may use national level server as and when
needed by them (Similar to the national
register for driving licenses and vehicle
registration for transport department).
Servers of the other state can be accessed
to get the further detailed information.
Conclusion
In spite of all issues and challenges,
quality public services are given by banks,
railways, and Income tax department.
Experience sharing can give us the
direction for future work and strategies.
Planning can be done accordingly to
bring further ef ciency in the system.
Following standards and uniform coding
is the need at present. Timely delivery
of service requires integrated approach
where one system should be able to
communicate with each other seamlessly
in interoperable manner.
Internet having all benets has also
brought the problem security of data &
information. Hacking, viruses, and worms
etc. are very common. Even a careless
attitude in our working environment can
make public service delivery standstill.
Non of the servers should be installed in
insecure environment and only proven
technology should be used rather than
experimenting. We have to learn from
failures and should not allow then to
repeat in future.
References
[1] Citizen Centric Service Delivery
through e-Governance Portal -
Present Scenario in India, Bhudeb
Chakravarti, and M. Venugopal,
2008, A White Paper published
by National Institute for Smart
Government, Hyderabad, India
[2] m-Governance Leveraging Mobile
Technology to extend the reach of
e-Governance, Rameesh Kailasam
[3] Unique Identication Authority of
India [http://uidai.gov.in/]
[4] NATIONAL POPULATION REGISTER,
Dr. Rajendra Kumar, IAS, NeGD/
DIT, http://www.mit.gov.in/sites/
upl oad_fi l es/di t /fi l es/DIT%20-
%20National%20Population%20
Registry(1).pdf
[5] e-Governance Standards
egovstandards.gov.in/
[6] Budhiraja R.,(2005),Role of
Standards and Architecture for
e-Governance Projects, The
Eighth National Conference on
e-governance, Bhubaneswar
[7] Key Characteristics of Indian
e-Governance Projects: A Special
Reference to Bhoomi, Pabitrananda
Patnaik, Rama Krushna Das and
Manas Ranjan Patra ( http://csi-
sigegov.org/egovernance_pdf/5_33-
41.pdf)
[8] Security Issue of E-Governance, Pooja
Agrawal et al, International Journal of
Advances in Computer Networks and
Security [ISSN 2250 - 3757]
[9] Ministry of Information Technology
(MIT) 2001 Electronic Governance
A Concept Paper, Ministry of
Information Technology, India.
[http://egov.mit.gov.in/]
n
Proposed public service delivery system model
Research
Front
Inverted Pyramid Approach for E-Mail
Forensics Using Heterogeneous Forensics Tools
N Sridhar* D Lalitha Bhaskari** and P S Avadhani***
Research Scholar, Dept. of CS&SE Andhra University, Visakhapatnam, India
Associate Professor, Dept. of CS&SE Andhra University, Visakhapatnam, India
Professor, Dept. of CS&SE Andhra University, Visakhapatnam, India
E-mail security is one of the challenges
to protect e-mails from unlawful access
because usage of e-mail is becoming
threat to regular activities. A 2012 global
study reports that 556 million victims
per year due to cyber crimes and one
of the reasons could be 44% of adult
access e-mails via free or unsecured Wi-
Fi connections. Receiving a menacing
mail or bizarre mail makes people under
stress. So, there is a need of protecting
usage of e-mails and minimizing the illegal
activities happening through e-mail. Some
of the unauthorized activities using e-mail
are sending spam mails, distribution of
unwanted information, mailing of hateful
bits and pieces etc. Intelligent criminals
even delete the source of e-mails.
E-mail forensics deals with analysis
and recovery of e-mails. Prior studies
of e-mail forensics were dealt with
two diferent approaches. Traditional
approach discusses about exploring
e-mail headers, identifying IP address
and recovery of deleted e-mails. Recent
studies had shown another approach that
uses authorship characteristics, author
behavior, and stylometric analysis of
authors.
Any suspects machine consists of
several traces of cyber crime activities, a
single tool may not be suf cient to prove
that suspect is a criminal. R. Al-Zaidy et
al
[2]
proposed a data mining method for
investigation from a collection of text
documents obtained from a suspects
machine. In this paper we are introducing
inverted pyramid approach in e-mail
forensics such that it can be shown as
evidence in the court.
Inverted pyramid approach is a
systematic procedure for determining
the accurate author of mail by combining
additional cyber forensics techniques. Our
objective in this paper is to strengthen
E-mail forensics by combining email
header analysis, stylometric approach
with log-le based timestamp analysis
using inverted pyramid approach.
This paper is organized into ve
sections. Second section deals with cyber
crimes using emails. Third Section gives
various stages in e-mail forensics incident
response. Fourth section focuses inverted
pyramid approach for e-mail forensics.
All the pyramid steps also elaborated in
the same section. Finally we compared
various e-mail forensics tools in the last
section.
Cyber Crimes using E-Mails
Cyber Crimes phenomenon through
e-mails is increasing rapidly. Some of the
e-mail based cyber crimes are spoong,
spamming, identity theft, cyber bullying
and pornography. In spoong the attacker
impersonates the e-mail address so
as to create an impression that they
created from someone elses addresses.
Spamming involves sending junk e-mails
by anyone for generating inconvenience.
Biggest scandals happening in cyber
crimes involve identity theft and its misuse,
which is the theft of sensitive identity
information such as credit card numbers,
passport numbers etc. Cyber criminals
send some links to e-mail address by using
phishing attacks to furnish condential
information. Cyber bullying used to harass
someone by ooding an e-mail inbox
with messages. Pornography involves
transmitting obscene information through
e-mail.
E-Mail forensics commences the
investigation restoration of the sequence
of events arising from a received e-mail
from an anonymous author. Authorship
verication is essentially an open-class
authorship attribution problem with
only one author in the candidate pool.
Authorship verication determines
whether or not the document was written
by the candidate author. Earlier email
forensics systems addressed various
issues and most of them determines
author of the document. Even then
accuracy of xing the author is in dilemma.
As per existing systems when given
document D and candidate author A, the
question answered is Was D written
by A
[3]
. Sometimes there are N number
of people may use the same system
and there are likely chances for some of
them may know mailing passwords of
others. In this case there is a method for
detecting stylistic deception to distinguish
regular mails from deceptive mails
[4]
with
96.6% accuracy.
Stages in E-Mail Forensics Incident
Response:
Based on the cyber crime investigator
there are diferent stages in Incident
Response. Here we are introducing
various stages related to e-mail forensics.
The gure 1 shows the ve stages in e-mail
forensics.
Fig. 1: Stages in e-mail forensics
incident response
1. Groundwork: In this step, an incident
response team is established and
clear procedures will be dened. One
of the important aspects is creating
awareness among employees related
to e-mail threats. This stage includes
preparation of contact lists related
to various employees and clients
involved in the business.
2. Exposure: A crucial step in
determining the fake mail creators
and detecting the origins of mails.
Log le analysis is important in this
detection process. Possible logs to
be veried are send-mail log, Pop3
log and source/destination logs.
Applicable tracing methods are
signature analysis and keystroke
tapping.
3. Control: Objective of this stage
is preventing the mail incident
from spreading to other victims or
criminals. As fundamental step in
investigation process, an investigator
should not use the same system for
sending mails, which may alter the
logs.
4. Eradication: Use eradication tools to
get rid of the cause of incident. Before
eradication log all the activities and
inform to Information Response team
5. Summarize: In general this stage is
neglected but this is most valuable
stage. This stage review and integrate
information about the incident.
Investigator need to identify the cost-
efect of the incident and also comply
for legal requirements.
Inverted Pyramid Approach for
E-Mail Forensics
In this section we are introducing the
inverted pyramid approach for nding
the culprits in e-mail forensics. Pyramid
approaches have considerable advantages
comparing with other approaches in terms
of computation cost, complexity and ease
of analysis. We obtained steps of pyramids
based on the forensics investigation and
time needed for each step.
First step is exploring e-mails for
spam detection. As a result we will nd
the mail originator system. Second step
is applying stylometric analysis so that
we can predict the author of the mail
from a set of suspects who are using the
originator system. Final step involves
timestamp checking, which can acts as
an alibi in the court of law to prove that
author of the e-mail used originator
system. These three steps are shown in
the g. 2.
Fig. 2: Pyramid Approach for e-mail forensics
Exploring E-Mails for spam
detection:
Analysis of e-mail headers plays a vital role
because it carries lot of information about
e-mail. This information includes source
IP address, e-mail address, timestamp,
server name etc. E-mail message
comprises message description and
message path. Former gives the details
of the sender and recipient, subject and
sending date. Later contains the server
name, timestamp, entries in the message
in reverse chronological order. E-mail
header analysis is easy task because these
can be copy and paste in any text-editor
hence they avoid allegations of tampering.
E-mail tracking methods uses digitally
time-stamped record to nd the exact
time and date that e-mail was received or
opened. Due to its nature of methodology
this tracking cant be considered as an
accurate indicator, hence in this paper we
are stressing the importance of combining
with other forensics tools.
Here we are giving general steps in nding
the origin of the e-mail.
1. Find the originator of the e-mail by
e-mail header analysis and using this
analysis locate the IP address
2. Check the validity of the IP address
by applying trace route kind of
commands
3. Fix the mail that is generated by a
particular IP address
4. Determine the location of the system
5. Find the number of users using that
system
The major limitations of using e-mail
headers for crime investigations are
some mail providers cant give any clue
regarding the origin, fake mail generators
mislead the investigation by directing into
wrong origins etc. In such cases need of
authorship attribution comes in to picture
that involves stylometric analysis.
Stylometric Analysis:
There is a huge development in the last
three years related to e-mail authorship
analysis. Classication of e-mail
authorships have been investigated by de
Vel
[7]
by using structural and stylometric
features of author attributes.
A variety of authorship studies
assumes accurate author of the disputed
anonymous mail can be among the given
potential suspects, but the percentage of
accuracy is not correctly dened.
These studies are used to build a
classication model based on various
stylometric features like syntactical
features, character-based features etc.
Basic techniques used in stylometric
approach are as follows:
Neural Network and basic feature set
Synonym based approach
Support Vector Machine and Write-
prints approach
Diferent types of stylometric features
are token-based features, syntactic
features, semantic features, structural
features, content-specic features, and
idiosyncratic features. The same paper
proposed an approach for E-mail author
verication that uses classication and
regression techniques.
After checking diferent approaches
we are giving generalized steps for nding
the accurate author using stylometric
approach as follows:
1. Collect the details of the authors
from the e-mail forensics step
2. Prepare authorship proles all the
authors who uses the system
3. Match the investigated e-mail
content with write-prints of proles
4. Forensic investigator may or may
not know the actual number of
authors, both scenarios addressed
by Farkhund et al[5]. By using this
approach we can nd the possible
accurate author of the e-mail.
Timestamp Analysis
Even after applying email forensics and
authorship analysis, there are many
chances that culprit can escape from the
legal approaches. So, after identifying the
possible accurate author we need to nd
the system usage of that particular author.
To do so we need to use log le analysis
of that user. In this process rst we need
to use tools such that they display PC on/
of times. Sometimes we can observe the
irregular behavior of the user where he/
she used the system more than two hours.
Make sure that particular user only logged
on to the system.
Automated tools help analyzing the
disk images and generate various reports.
One such open source tool is BitCurator[1]
that helps practitioners and researcher to
apply them on their own collections.
Geo-location systems nd out where
the machine is physically located on
the Internet that uses IP location trace.
Some web sites provide basic information
about the systems that uses IP address,
which acts as clue in the investigation. IP
location trace also involves tracking the
timestamp of the system. Cyber criminals
sometimes change the system time, in this
case BIOS time check of systems is very
useful. Because, BIOS time which runs the
mother board cant be changed easily.
Schatz et.al [6] pointed out the
reasons afecting timestamp accuracy
are unstable crystal oscillators, region
specic time zones, non-cryptographic
authentication causes protocol based
attacks, and software bugs. To overcome
these limitations dynamic timestamps
can be used. But, individually e-mail
forensics or timestamps could not be
stand as evidence in court of law but their
combination strengthens the evidence.
Once we identied the timestamp of
e-mail and PC on/of time of that particular
user then we can investigate what other
things that particular user done with the
system. Purpose of doing such things is to
identify the behavior of such user. By using
recent le viewer or log le analyzer kinds
of tools helpful for such activity.
The following general steps are to be
considered in time stamp analysis.
1. Determine the login time and PC on/
of times
2. Check the login/logout timings for
the identied system
3. Find the timestamp of the mail by
exploring the mail header
4. Match the login of mail time stamp
and user login time of the system
5. Fix the accurate author who
generated the mail
E-Mail Forensics Tools
There are several existing tools available
as freeware or with minimal charges
for e-mail forensics. Some of the tools
are Network E-mail Examiner, R-Mail,
Final Email, EmailTrackerPro, and Email
Examiner. Comparison of these forensics
tools is given in the table 1. Nowadays,
search engines are also used to examine
the amount of e-mail information related
to suspects. Some of the popular search
engines that are helpful for e-mail forensics
are www.altavista.com (People Finder
Option), www.infospace.com (Lookup-
Selection), www.emailaddresses.com
(reverse lookup of e-mail addresses), and
www.google.com (Specialized searching
options). To minimize spam several anti-
spam tools are available like EnKoder
Form, EmailTrackerPro, SpamPunisher etc.
Conclusion
In this paper, we introduced inverted
pyramid approach, which gives the
systematic procedure for e-mail forensics
investigator. This approach shows path
for combining e-mail header analysis,
stylometric approach with log-le based
timestamps. Currently these three are
conducted with diferent tools. Manual
process would be eliminated in between
these three diferent approaches by
introducing automatic procedures. There
is a lot of research required in e-mail
forensics before they can be accepted in
court of law.
References
[1] Woods, Kam, Christopher Lee, and
Sunitha Misra. Automated Analysis and
Visualization of Disk Images and File
Systems for Preservation. In Proceedings
of Archiving 2013 (Springeld, VA: Society
for Imaging Science and Technology,
2013), 239244.
[2] Rabeah Al-Zaidy, Benjamin C.M. Fung,
Amr M. Youssef , Francis Fortin; Mining
criminal networks from unstructured text
documents; Digital Investigation 8 (2012)
147160
[3] Noecker Jr., John. & Michael Ryan
"Distractorless Authorship Verication.
Digital Humanities 2012, University of
Hamburg, Hamburg, Germany, July 2012.
[4] Sadia Afroz, Michael Brennan and Rachel
Greenstadt, Detecting Hoaxes, Frauds, and
Deception in Writing Style Online, 2012
IEEE Symposium on Security and Privacy
[5] Farkhund Iqbal, Liaquat A. Khan,
Benjamin C. M. Fung, and Mourad
Debbabi. E-mail authorship verication
for forensic investigation. In Proceedings
of the 25th ACM SIGAPP Symposium
on Applied Computing (SAC): Computer
Forensics Track, pages 1591-1598, Sierre,
Switzerland: ACM Press, March 2010.
[6] B. Schatz, G. Mohay, and A. Clark. A
correlation method for establishing
provenance of timestamps in digital
evidence. In: Digital Investigation 3
(2006), pp. 98107.
[7] O. de Vel. Mining e-mail authorship.
In Proc.Workshop on Text Mining,
ACM International Conference on
Knowledge Discovery and Data Mining,
(KDD'2000), 2000. n
E-Mail Examiner FINALeMail Network E-Mail Examiner R-Mail
Recovers deleted
e-mails and other
messages
Scans e-mail databases
to uncover deleted
e-mail messages
Displays and processes
variety of e-mail
accounts
Can recover .dbx
les that are broken
through deletion
Supports 14-types
of e-mail databases
Supports few e-mail
database les
Used to export entire
e-mail store (also in
diferent format)
Retrieves deliberately
deleted mails also
Table 1: Comparison of various e-mail forensics tools
A
b
o
u
t

t
h
e

A
u
t
h
o
r
s
Sridhar Neralla is a research scholar in Andhra University under the supervision of Prof. P S Avadhani and Dr. D Lalitha Bhaskari.
He received his M.Tech (IT) from Andhra University and presently working as Associate Professor in IT Department of GMRIT.
He is a Life Member of CSI and ISTE. He has coauthored 4 books. His research areas include Network Security, Cryptography,
Multimedia, Cyber Forensics and Web Security.
Dr. D Lalitha Bhaskari is an Associate Professor in the department of Computer Science and Systems Engineering of Andhra
University. She is guiding more than 8 Ph. D Scholars from various institutes. Her areas of interest include Theory of computation,
Data Security, Image Processing, Data communications, Pattern Recognition. She is a Life Member of CSI and CRSI. Apart from her
regular academic activities she holds prestigious responsibilities like Associate Member in the Institute of Engineers, Associate
Member in the Pentagram Research Foundation, Hyderabad, India. She also received young engineer award from Institute of
Engineers (India) in the year 2008.
Dr. P S Avadhani is a Professor in the department of Computer Science and Systems Engineering and Vice Principal of AU
College of Engineering, Andhra University. He has guided 10 Ph. D students and right now he is guiding 12 Ph. D Scholars. He has
guided more than 100 M.Tech. Projects. He received many honors like best researcher award and best academician award from
Andhra University, chapter patron award from CSI for CSI-Visakhapatnam Chapter and he has been the member for many expert
committees, member of Board of Studies for various universities, Resource person for various organizations. He has coauthored 4
books. He is a Life Member in CSI, AMTI, ISIAM, ISTE, YHAI and in the International Society on Education Technology.
Embedded devices are becoming more
pervasive and useful, as new features and
capabilities are being incorporated day by
day. To meet the growing requirements,
there must be reliable platform along with
high-end software like android. Android
is truly open mobile platform software
solution, it is not only the operating
system, but also middleware along with
base applications. Android uses Linux
kernel as its core. Android middleware
including library provides services such as
screen display, data storage, multimedia,
and web browsing, middleware also
implements device specic functions.
Today, android is not only the obvious
choice for mobile phones but also for
many other specialized embedded
applications, owing to open source,
continuous improvement in its features,
and permissive licensing policy by Google.
By this article, I will get you prepared
with android development environment
over virtual machine and start developing
android applications.
Getting started with Android setup: In
past during development work, for most of
the activities, Linux has been my favorite
choice. But few months back, I have been
assigned the work to explore the potential
of android for an embedded application. I
started with setting up an android software
development environment, which requires
host machine along with development
tools, and a target platform for application
deployment. Step by
step preparation of
android development
environment and
running the application
on target has been
covered in following
sections.
Preparing virtual
environment: Linux
host creation under
virtual box over
Windows has been
opted to prepare
host environment as
virtual box gives the
benet of coexistence
of both Windows and Linux. To create
virtual environment, download virtual
box (VirtualBox-4.1.20-80170-Win) from
http://www.virtualbox.org and install on
Windows. To extend the functionality of
virtual box base package, extension pack
(Oracle_VM_VirtualBox_Extension_Pack-
4.1.20-80170) has to be included at le
preferences extensions in virtual
box manager, this extension adds virtual
USB 2.0 (EHCI) device support to virtual
environment.
Embedding Linux in virtual box: To
prepare Linux (Ubuntu) host in virtual
box, download Ubuntu ISO image ubuntu-
10.04.4-desktop-i386.iso from: http://www.
ubuntu.com/download, although one may
go for Ubuntu-12.10 latest version available
at the time of writing. Now start virtual
box manager and click
new to create the
virtual machine, select
Linux operating system
(see Fig. 1), specify
base memory (e.g. 512
MB) and appropriate
hard disk space, further
congure the virtual
machine with following
settings. Set video
memory 64 MB under
display tab, in storage
tab add operating
system ISO image
(e.g. ubuntu-10.04.4-
desktop-i386.iso) (Fig. 2) also congure
settings under respective tabs as audio
enable, bridge adapter network, serial
port in host device mode, shared folder
between host and guest o/s with auto
mount & permanent options enable. This
shared folder allows sharing les between
host and guest operating system. You
may alter above conguration as per your
requirement and nally start installation
by clicking start. It took approximately 7
minutes to get Ubuntu-10.04.4, installed
in my machine.
Having insta lled, reboot the virtual
machine, it automatically boots from
virtual hard disk. Now share les between
Windows and Ubuntu, by mounting the
shared folder to a mount-point. Create
a directory e.g. mount-point on Ubuntu
Desktop and execute following command
to mount. sudo mount -t vboxsf shared-
folder /home/test/Desktop/mount-point
You might encounter the error mount:
unknown le system type vboxsf. I inquired
about this issue and found that virtual box
guest edition is required for guest-host le
sharing. Therefore, download guest edition
image (i.e. VBoxGuestAdditions_4.1.20)
and under setting storage of virtual
machine add the downloaded image and
start Ubuntu. After boot up, guest addition
image automatically mounts on desktop,
right click on it and choose open with auto
run prompt, it adds shared folder support
module and installs graphics libraries
and desktop services components. With
Unleashing Android Over Linux Host
Created Under Virtual Box
Article
Trilok Kumar Saini
RHCE, Defense Electronics Applications Laboratory (DEAL)
Fig. 2: Ubuntu-set ngs

Fig. 1: Creatng virtual machine
this, mount command works successfully,
additionally virtual machine supports
automatic adjustment of video resolutions,
and allow to switch to full screen mode.
At this stage Linux o/s installation is
over, but development IDE and android
packages need to be installed for android
development. One may download ADT
bundle from http://developer.android.
com/sdk/index.html that include essential
SDK components and eclipse IDE in single
archive, this bundle has been recently
launched by Google to streamline android
application development. But to give a
better understanding of android package
structure and installation procedure,
in this article step by step approach of
IDE and package installation has been
covered.
Installing IDE: Eclipse IDE is chosen for
development as it has seamless integration
with android tool chain and it can
directly invoke the required tools during
development. Eclipse requires an installed
java runtime requirement (JRE). To install
JRE, download self extracting java binary
installer (e.g. jre-6u16-linux-i586_1.bin)
and copy it to a directory (e.g. /opt/java/)
on ubuntu machine and install the binary
by executing it on terminal, it creates a
sub directory jre1.6.0_16. Now execute
following commands
to create symbolic link
determining default java
command.
sudo update-alternatives
--install "/usr/bin/java"
"java" "/opt/java/
jre1.6.0_16/bin/java" 1
sudo update-alternatives
--set java /opt/java/
jre1.6.0_16/bin/java
Verify java installation by <java
version>. Next step is to install the
eclipse, so download the eclipse-java-
juno-linux-gtk.tar.gz from www.eclipse.org/
downloads/ and simply uncompress it in a
directory and create a launcher of eclipse
executable at desktop for the ease of
access, as shown in Fig. 3.
Understanding Android setup: At this
stage machine is ready for android
installation. But before
proceeding, we need
to understand the
android software
development setup.
To start application
development for
android, we need
Android Development
Tools (ADT), and
Android Software
Development Kit
(SDK). ADT is a plug-
in for eclipse it extends
eclipse to allow quickly
set up android projects.
Android provides
the exibility to user
to develop applications with the help of
Android SDK. Android SDK provides API
libraries and developer tools necessary
to build, to test and to
debug application for
android. Android SDK
arranges tools, platforms,
and other components
in to packages. Out of
available packages, SDK
tools, Platform-tools
and Platform are the
base packages required
for the development.
SDK tools contain tools
for debugging, testing,
and utilities for app
development. Platform-
tools contains platform
dependent tool for
debugging and testing. Platform includes
android library, corresponding to android
version. It is suggested to install docs and
samples packages also as these will be
helpful during development. If one wants
to explore Google Maps to create Map
based applications, Google APIs that
includes maps library needs to be installed.
Adding ADT plugin: To extent eclipse
for android software development
environment, ADT plugin has to be added
in eclipse. ADT (e.g. ADT-21.1.0.zip) can
be downloaded from developer.android.
com/sdk/installing/installing-adt.html.
To include ADT plugin in eclipse, scroll
to help install new software, add ADT
archive from local machine as shown in Fig.
4 and select Developer Tools for further
proceeding. After installation restart
eclipse for changes to come into efect.
For online plugin installation instead of
local archive use the repository location
http://dl-ssl.google.com/android/eclipse/.
By ADT plugin, Android SDK Manager
& AVD Manager options appears under
windows tab of eclipse, but it does not
work because it depends on SDK.
Installing SDK tools: Download SDK
tools (e.g. android-sdk_r21.1-linux.tgz) from
developer.android.com/sdk/index.html.
Decompress the archive and set SDK
location in Eclipse at window preferences
android (see Fig. 5). With SDK-21.1 and
ADT-21.1.0 installed & congured, android
SDK manger shows only Android SDK
tools under installed package category
because SDK by default contains only
tools. At this stage platform-tools and
platform are still missing, one cannot
create android project as target API to
compile code against is not installed
and even Android Virtual Device (AVD)
Manger does not allow creating virtual
Fig. 3: Creatng eclipse launcher
Fig. 4: ADT plugin
Fig. 5: Installing SDK
device due to missing target. The method
of installing the missing packages has
been discussed in next section.
Installing Platform-tools and Platform:
To complete the setup, it is required to
install missing but necessary packages
i.e. Platform tools and Platform. Once
you have installed ADT and SDK tools,
SDK Manger in eclipse provides facility
for online installation of rest of the
packages; make sure you are connected to
Internet. It automatically selects a set of
recommended packages; user has to click
the install packages for installation, see
Fig. 6. Online installation automatically
acquires required packages from the
repository and simplies the installation.
On the other hand if you want to perform
of ine installation, there is no direct link
for of ine download of these packages
still one can use link https://dl-ssl.google.
com/android/repository/repository-7.xml
to check the packages in repository and
can download the package by specifying
package archive in web browser in
following manner http://dl-ssl.google.com/
android/repository/package-
archive. Here one should
mention the exact package
archive to download, for
example platform-tools
revision-16 which is a
compatible with SDK tool
21.1 can be downloaded
using package-archive as
platform-tools_r16-linux.
zip in this link. Thereafter
download and extract the
platform-tools in android
SDK directory e.g. android-
sdk-linux. The location
of tools & platform-tools
has to be added in PATH
environment variable for
accessing SDK tools from
command line. After this
only missing package is
Platform, hence at-least one version of
Android APIs is needed. One can install
the latest available version of Android APIs
that supports latest features although I
installed Android 2.2 (API 8), a version
which is supported by most of the phones
and tablets. Download package archive
android-2.2_r02-linux.zip and extract in
android-sdk-linux/platforms directory.
After this stage, while making android
project I faced problem due to template
dependency on the android support
library. To tackle this issue, download
support_r11.zip and extract in android-sdk-
linux/extras/android directory. With this
setup is completed. After installation
android package structure looks
like Fig. 7.
Creating android application
and running on Emulator:
After successful installation
of Android packages, setup
is ready for creating android
applications. To make your rst
application, start eclipse and
create new android project by
specifying application name,
project name, package name
and target in eclipse project
wizard as shown in Fig. 8. On
clicking nish, eclipse creates a
ready to run simple application
for android device.
To run android application,
a target (android virtual device
or actual device) in running
state is required for executing
application over it. Android
virtual device (AVD) helps in
emulating the real world target devices.
To create AVD, in eclipse go to window
AVD manager new and specify AVD
name, device and target (Android 2.2 API
8 in our case) see Fig. 9. On successful
creation of emulator, one can run android
application over it, see Fig. 10. Android
emulator is an excellent testing platform
decoupled from any particular hardware.
Developers are saved of downloading
programs every time on target board for
testing application. Even in the absence
of actual device, development and testing
can be performed seamlessly.
On the execution of all above steps
development setup is completed for

Fig. 6: Online package installaton
Fig. 7: SDK package structure
Fig. 8: Creatng new Android App
Fig. 9: Creatng android virtual device
Continued on Page 29
developing, testing, and running android
applications. Potential developers
can unleash android setup to develop
numerous embedded applications.
Summary: Despite being introduced for
mobile phones android has emerged as a
powerful platform for fostering application
development for embedded world. It
enables developer to create compelling
application very quickly. The development
setup on virtual host can also be prepared
easily keeping in mind the android package
structure, version compatibility and
device specic congurations. Application
development for variety of devices can
be accomplished with emulator even in
the absence of actual devices; this gives
benet to developer to keep development
setup simple & hassle free. Once tested
over emulator apps can be deployed to
real device.
References:
[1] developer.android.com/sdk/index.
html
[2] www.virtualbox.org/manual
[3] www.ubuntu.com/ubuntu
[4] www.eclipse.org
Fig. 10: Android applicaton
running on emulator
Trilok Kumar Saini is M.Tech. in computer science & engineering from I.I.T. Roorkee. He has been working in
Defense Electronics Applications Laboratory (DEAL), a laboratory of DRDO for the last nine years. He is RHCE, his
interest areas are networking, layer 3 & 4 protocols. He can be reached at: tksaini@gmail.com
A
b
o
u
t

t
h
e

A
u
t
h
o
r
Introduction
In the January 2013 issue of
Communications of CSI, the article
"Genesis of Aakash" had explained the
events leading to the creation of Aakash
this has been explained by Moudgalya,
Phatak, Sinha, and Varma. In this
article, we will explain the work that we
undertook to port GNU/Linux in native
mode on Aakash.
Android is a great platform, its
free, and easy to learn. Most of us will
acknowledge the use of Googles Android
on Aakash, but not everyone. The reason
is that Android is not designed to run
GNU apps, although it is based on Linux
Kernel. This means that one has to rewrite
all useful apps on a new platform, using
only Java programming language. Beside
these restrictions, Android also tracks
user activity, and apps may contain ads
which are dif cult to manage.
The rst version of Aakash that we
worked on came with the Android Ice-
cream sandwich version. It looked nice
with a visually pleasing user interface. It
had multiple desktop support, ef cient
menu applications, perfectly suited for any
touch based device. On scanning through,
we came across the picture gallery,
calendar, messaging, contacts, clock, etc.
These applications come by default with
any Android device. The rst question
that came to our mind was, 'Is this what
will go to our students? What will they do
with it? Most school going children would
be unaware of how to use these apps, and
instead would play around with drawing
tools, games, and other items, which they
are familiar with. Sadly no Android device
comes with preinstalled educational
applications by default.
Furthermore, Android was not
intended to serve educational purposes.
It was created to serve as a mobile
operating system. An operating system
with GUI specially designed for calling
and messaging, which improved as it
evolved. Several applications in Android
were written by developers across the
world. With time, its user interface was
optimized, making it easier to use. Until
now, Android was largely used as an
entertainment operating system. It is well
suited for those who just want their work
to be done without knowing what goes
within. In contrast, Aakash is specially
meant for education: we don't want our
student to stop with playing games;
nor do we want to restrict them to the
development of another `Angry Birds'
kind of game. We want them to learn,
read, write, and carry experiments on their
device. This device should be considered
equivalent to any desktop we use today.
We aimed to give them a full edged
device to help, play, and experiment
without any limitations.
Why GNU/Linux (where
Android lags)
Android uses the same Linux kernel
optimized for embedded devices and
excellent memory management. Though
it has an easy to use GUI, it is generally
not suited for everyone, especially
students, as explained above. This serves
strong motive to port GNU/Linux on
Aakash. Although GNU/Linux uses the
same Linux kernel, its le system difers
completely. It gives us complete freedom
to explore every part of software as well
as hardware. The best part is, the GNU
applications allow the curious learner to
read the code and nd out the way the
applications work. If one is dissatised
with the application, one is free to
download the source code and modify
it accordingly. He or she can even go on
and share their modied code with the
community, provided they acknowledge
the original authors and attach the same
GNU license with the code. This is where
Android lags behind Aakash: most of
the popular free apps are closed source
in nature.
Moreover, because of the licensing
restrictions, it is not possible for us to
distribute useful Android Apps with
Aakash, since we have to get permission
from the creator of each App individually.
Each one may want diferent agreement
forms to be signed. A bigger problem is
that most creators of popular Apps are
dif cult to locate and hence, the mails to
them will go unanswered. GNU/Linux, on
the other hand, is especially designed for
such campaigns.
Porting
On exploring the hardware of Aakash
tablets: we realized that this relatively
new SoC from All-winner has support
for GNU/Linux, which although limited,
was suf cient enough to start our work.
In pursuit of a development board needed
to start our work, we looked around and
nally decided to open the device itself.
We asked the vendor for pin numbers
that were needed to obtain the transmit
data(Tx) and receive data(Rx) pins out
from CPU. This information is required
for debugging. With the help of a USB to
serial converter, we connected the pins
to a computer using an USB port. Our
hardware team managed to get those
GNU/Linux on Aakash
Article
Sachin Patil* and Srikant Patnaik**
*Linux System Administrator in Indian Institute of Technology, Bombay
**Research Assistant, FOSSEE, IIT Bombay
pins out, after which and our development
device was ready. Without the serial out,
it is dif cult to track the booting process.
We had two choices, either to let
the GNU/Linux boot from its internal
memory(NAND ash) itself or to let the
complete OS boot from an external SD-
card. Fortunately the All-winner chip has
a facility to boot the OS from the SD-card.
Interested learners can boot GNU/Linux
from SD-card without touching any part
of Android.
We started compiling the boot loader.
The boot-loaders on embedded system
are diferent, and in Aakash the complete
OS has to boot from the SD-card. Then
we went on to compile U-boot. It is the
uboot binary le on SD-card, which makes
the SD-card bootable. After successfully
loading, the uboot nally calls on the kernel
to initialize hardware. We used minicom to
view all booting processes. The next major
challenge was the Linux kernel. It is the
most important part, as all the hardware
and applications ultimately depend on it.
If the kernel successfully detects all the
hardware, then we can proceed further to
test the le system. If not, we need to x it
by analyzing Android kernel logs, keeping
in mind all the hardware and conguring
the same in our present kernel. Thanks
to the open source community, we found
forked versions of original Linux kernel
maintained by All-winner team.
We used the default cross-compiler
as suggested online. It gave compilation
errors and the compilation process
failed frequently. This is the same cross-
compiler that is readily available in
Ubuntu's repository. After many trial
we decided to use the Codesourcery's
cross-compiler tool-chain. We have used
these tool-chains in the past. To set up
Codesourcery's tool-chain, one has to
register before downloading its binary.
After downloading, it has to be installed
and a custom path to the tool chain has
to be set in order to compile the kernel.
We rst used the Debian root le-system,
which we got online. The script.bin le was
not fully compatible with Aakash. It took
us some time to extract Aakash's own
script.bin le and to change its default
parameters to make a running kernel and
root le-system. Merely modifying script.
bin le was not enough, some kernel
modules like WiFi and touch have to be
auto-loaded while booting. These changes
have to be made in the le-system path /
etc/modules to make them work. With
all those changes, we had basic version
running in a week.
On Aakash, GNU/Linux boots
from micro SD-card and the le-system
reside within the SD-card. Both Android
and GNU/Linux operating systems are
completely isolated from other. The good
part is that we can access all the Android's
content from GNU/Linux.
Enabling touch was a major
challenge, as we have never worked
on touch before. Initially when tried to
interact with the tablet using touch on
Debian, it didn't respond. We had to go
through Android's log-cat and dmesg to
identify the touch screen driver, which we
found out was focal-touch(ft5x_ts). When
it was enabled as a module, it worked but
we had to disable the multi-touch feature
in the le. Currently Aakash has three
touch screen drivers, of which two work.
For an application like ExpEYES
(explained below) and Arduino, which
uses an USB-to-serial interface for
interacting with the hardware, we had to
enable kernel support for Communication
Device Class(CDC) ExpEYES as ACM
device. On the device level, it is detected
as Abstract Control Model(ACM) drivers.
The Linux kernel detects /dev/ttyACM0.
Also for ACM to work, generic USB
support should be enabled in the kernel.
On the desktop, we can pass
arguments to the kernel, ask kernel to
load some modules, disable misbehaving
modules and so on. Similarly we can pass
arguments to kernel on an embedded
device using script.bin le. On Aakash,
pre-customization, module loading
for wireless networks, setting display
resolution, loading touch drivers, etc., can
be done using script.bin. Although script.
bin is a binary le, actual editing can be
done by converting it to fex format.
Ubuntu as GNU/Linux Distribution
With the Linux kernel in place, now was the
right time to decide upon le system . We
tried Debian rst, but due to lack of hard-
oat support in Debian Squeeze release,
we dropped it. We also tried Debian
Wheezy but we were uncertain about of
pre-release versions. The best choice left
to us was Ubuntu, which is known for
being easy to use amongst newcomers
and advanced developers alike. It has
a great package-manager, using which
one can install required packages both
from command line and using graphical
interface. Hence we agreed to use Ubuntu.
We started with Ubuntu-12.10
core arm hard-oat distribution. When
uncompressed, it consumes around
100MB only. We used the ch-root
environment to congure package-
manager, basic network tools, user
applications and a desktop environment.
Before putting the le-system to
actual use, the compiled kernel and its
modules were placed in /lib/modules
directory of the le-system, where all
kernel modules reside.
The next challenge was the Desktop
environment. We tried Unity, KDE
Plasma, XFCE, MATE, enlightenment
(e17), and Gnome-3, all of which need
around 120 MB RAM with some hardware
acceleration, except e17. After considering
the options we nally decided to go with
LXDE(not Lubuntu).
The Ubuntu-core le-system includes
only basic utilities and a package-manager
(apt-get). Comparing with a Desktop
version, it does not even have a basic
networking tools like ping or root user
utilities, such as sudo. Ubuntu Boot-splash
screen, Desktop-Environment, screen
savers, UbuntuOne sync, daemons, etc.,
consume a lot of memory. We compared
memory consumption of each process
before installing one in core le-system.
For example, Ubuntu's default Desktop-
Environment(Unity) consumed much
more memory than LXDE. By discarding
these overheads, we nally managed to
boot Ubuntu in less than 50MB RAM. We
also made a few customizations on open-
box and gtk2.0 to make it touch friendly.
Applications
We focused largely on educational
applications. With repositories in the
path, one can easily install any application
of one's choice. We pre-installed some
popular and useful applications. The rst
application we installed was Onboard,
to serve as the virtual keyboard. Next
we installed the LibreOf ce pack.
Although its a bit heavier than AbiWord,
its features make it worth installing.
Scilab-5.3.3 was also installed and tested.
Both numerical and graphical calculations
are executed much faster than on
Android(https://github.com/androportal/
APL-apk). More than 150 Scilab textbook
companions (http://scilab.in) are now
available in our latest builds. A Scilab
textbook companion is a listing of code
that implements worked out examples
in standard textbooks. Arduino, an open
source hardware with Gnoduino IDE, has
also been tested and included.
ExpEYES is a hardware and software
tool for learning and exploring science
experiments. It supports 50 experiments
for high-school and above. For interacting
with the hardware, we have a Debian
package called ExpEYES Junior. This is
a tablet version alternative for ExpEYES
in desktop.
OSCAD is another open source EDA
tool, acronym as Open Source Computer
Aided Design. It has been developed
using several open source tools like KiCad,
Ngspice, and Scilab at IIT Bombay. Python-
TKinter is used to program its front-end.
Since tools such as KiCad, Ngspice, and
Scilab already run on Aakash, OSCAD's
installation procedure was similar to
any other desktop running GNU/linux.
Aakash's capability to run Electronic
design tools is demonstrated by the fact
that OSCAD runs on it.
We also installed iPython-notebook
for scientic computing, and Mayavi2 for
3D visualization of data.
Conclusion
After these customization process,
we now have Ubuntu 12.10 with Linux
kernel version 3.0.57 working on
Aakash. It is suitable for educational
as well as entertainment purposes.
For programming and development
one can attach an external keyboard
and mouse, if one is not comfortable
with virtual keyboard. One can see
all the features and application of a
typical desktop computer on Aakash.
With ExpEYES and Arduino working,
one can perform hardware interfacing
with any other hardware. GNU/Linux
on Aakash provides opportunities to
experiment on a portable device. With
1 GHz processor and 512MB memory, it
has the potential to run any other GNU
applications. Currently we have image
targeted for 8GB SD-card of which
first 16M FAT partition is dedicated
to bootloader(uboot.bin) and script.
bin file. 1GB is used as swap file-
system in case if the actual RAM gets
used up. The entire file-system along
with install applications and other
utilities consumes around 3GB space.
Approximately 3.5 GB is left free for
storage and other installation to user.
The capacity of the SD-card can be
expanded up to 32GB.
Contributing to Project
We look forward to seeing GNU/Linux
enthusiasts contribute to this project.
Please visit our github page for detailed
documentation on porting of Aakash.
There are many open issues, such as,
brightness control, sleep mode, touch
drivers, etc. We have documented our
work at http://androportal.github.com/
linux-on-aakash/.
Aakash Application Development
Competition
In January 2013 issue of Communications
of CSI, we had announced a competition
based on Aakash, for both Android and
GNU/Linux operating systems.
This competition aimed to encourage
students and individuals across the country
to come up with innovative applications
that could be used on Aakash. The source
code of each application will be released as
free and open source. The Application can
be Android or GNU/linux based.
More that 1600 participants
registered for the Aakash application
development competition. These
participants are from various engineering
colleges and universities across India. We
asked those participants to re-group in
teams consisting of maximum 5 people,
and re-submit their project proposal. On
the basis of project description, we have
shortlisted 140 teams, whose work will be
developed further. Any updates related
to competition will be posted on http://
aakashlabs.org/compete.
Traditionally all applications running
on GNU/linux desktop should also run
on GNU/linux on Aakash. But one must
ensure that the application is touch
friendly and consumes minimum RAM.
The Aakash team at IIT Bombay is willing
to help the participants: for example,
the participants: for example, the
participants can send their application to
us for testing.
We still have many open issues on
GNU/linux port. Before contributing,
we expect the participants of the
competition to go through our GNU/
linux porting documentation on github
page http://androportal.github.io/linux-
on-aakash/.
We are in need of developers who
are interested in GNU/Linux system. They
must have sound knowledge of Linux
kernel and working of various GNU/linux
distributions. n
A
b
o
u
t

t
h
e

A
u
t
h
o
r
s
Srikant Patnaik He is a developer, teacher and motivator. His rst contribution to FOSS came as a simple 8051
Programmer for Linux, available at sourceforge. He served as a Lecturer at Loyola academy, Hyderabad. Later
joined IIT Bombay as a Research Assistant in FOSSEE project. He contributed in Porting of GNU/Linux on Aakash
and also associated with Android app to run Scilab and other programming languages. His interests include
blogging, designing circuits, bridging software and hardware.
Sachin Patil is currently working as a Linux System Administrator in Indian Institute of Technology, Bombay. Apart
from System Administration, he has also gained some experience in Android and embedded systems. He, along
with Srikant Patnaik, has ported Scilab a software for Numerical Computation on Aakash, a low cost access
device project funded by NMEICT, Govt. of India. He is also interested in customising GNU/linux distributions.
Beside Ubuntu, his other favourite GNU/linux distro is Slackware, which he likes to work on because of its
simplicity and robustness.
Practitioner
Workbench
Trushali Jambudi
Lecturer, H L Institute of Computer Applications, Ahmedabad University, Ahmedabad
Programming.Tips ()
N-Tier Application Development Architecture using ASP.NET
N-tier (or multi-tier) application architecture enables creating exible and
reusable application. "N" implies any number representing distinct number
of layers in the application architecture, e.g. 3-tier or 4-tier etc.
The Architecture
In N-tier layered architecture, each layer is independent and handles
a particular functionality. The layers communicate each other in such
a way that a particular layer can request data from the next layer by
calling function of that layer, process it further and subsequently send the
requested data by the previous layer. Each layer can be developed and
modied independently without afecting the other layers.
A common 4-tier application has the following layers:
Data Layer (DL): It is the bottommost layer, containing persistent data
storage with database tables, stored procedures and functions.
Data Access Layer (DAL): The Data Access Layer (DAL) is on top of
DL. This layer is responsible for handling access to data stored in the
data layer. This layer is created such that any modication in DAL
requires recompilation of only DAL, and not of other layers.
Business Logic Layer (BLL): Business Logic Layer (BLL) is on top of
DAL. BLL contains calculations and Business Rule validations that
are required in the application. To perform write operations such
as inserting data or updating data in the database, the BLL invokes
appropriate function from DAL with necessary arguments. DAL in turn
communicates with DL.
Presentation Layer (PL): This is the topmost layer providing User
Interface to render and handle user interaction.
Layer Granularity
There can be multiple granules of any or all layers in a single web
application. There can be multiple granules of DLs in case a website takes
data from multiple databases. Also there can be multiple BLLs each for
handling a specic business module.
Implementation
Data Layer (using SQL Server 2008)
Table: Category (CategoryID int, CategoryName
nchar(10), CategoryDescription nvarchar(50))
Table: Product (ProductID int, ProductName
nvarchar(50), Price money, ProductDescription
nvarchar(100), CategoryID int, Qty int)
Stored procedure: usp_GetProductsForCategory
Create PROCEDURE dbo.usp_GetProductsForCategory @
CategoryID int AS IF (@CategoryID = 0) BEGIN SELECT
* FROM Product ORDER BY ProductID; END
ELSE BEGIN SELECT * FROM Product WHERE
CategoryID=@CategoryID ORDER BY ProductID; END
RETURN
We shall implement the other three Layers in ASP.Net.
a. Create New Website in Visual Studio 2008 named Category_Website.
b. In web.cong le add connection string as follows:
<connectionStrings><add name=TestDBConn
connectionString=Data Source=.\SQLEXPRESS
;AttachDbFilename=|DataDirectory|\MyTestDB.
mdf;Integrated Security=True;User Instance=True
providerName=System.Data.SqlClient/> </
connectionStrings>
Here MyTestDB.mdf is the database name.
Put the MyTestDB_log.ldf and MyTestDB.mdf in App_Data folder of
Category_Website.
Data Access Layer
a. In the Website go to: File->Add->New Project->Select
Class Library. Name it CategoryDAL
Add reference of System.Conguration in the DAL Project.
b. In CategoryDAL, add a class le and name it DBLogic.cs (code snippet
shown below). This communicates with the database.
Namespace CategoryDAL {
public class DBLogic {
public static string sDBConn = ConfigurationManager.
ConnectionStrings["TestDBConn"].ConnectionString;
public static SqlConnection objDBConn;
public DBLogic(){ try {if (!string.
IsNullOrEmpty(sDBConn)) {
objDBConn = newSqlConnection(sDBConn); }
else {thrownewException("Connection string is
empty!!!");}
}catch (Exception ex) {throw ex;}}
public void openDBConn(){try {
if (objDBConn.State!=ConnectionState.Open)
{objDBConn.Open();}
}catch(Exception ex) {throw ex; }}
public void closeDBConn(){ try {
if(objDBConn.State!=ConnectionState.Closed)
{objDBConn.Close(); }
}catch (Exception ex) {throw ex; }}
public DataTable GetDataTableBySP(string
sProcedureName, SqlParameter[] objParam) {try
{openDBConn();
DataTable dt = newDataTable();
SqlCommand objCommand =
newSqlCommand(sProcedureName, objDBConn);
objCommand.CommandType = CommandType.
StoredProcedure;
foreach (SqlParameter param in objParam) {
objCommand.Parameters.Add(param); }
SqlDataAdapter objAdapter =
newSqlDataAdapter(objCommand);
objAdapter.Fill(dt);
return dt; }catch (Exception ex) { throw ex; }
finally{closeDBConn();}}}
In DAL create another class le named ProductDAL to call DBLogic (code
snippet below):
namespace CategoryDAL{
public class ProductDAL
{publicDataTable GetProductsForCategory(int
CategoryID)
{try {DBLogic objDBLogic = newDBLogic();
SqlParameter objParamCategoryID = new SqlParameter(
"@CategoryID",CategoryID);
return objDBLogic.GetDataTableBySP("usp_
GetProductsForCategory", newSqlParameter[] {
objParamCategoryID });
}catch (Exception ex) {throw ex;} }}
Presentation Layer
Business logic Layer
Db1 Db2 Db n
...
Fig. 1. The N-Tier Architecture Model with multple granules at the Data Layer
The Data Layer
Creating Business Logic Layer
a. Just like in DAL for BLL also, in the Category_Website go to: File-
>Add->New Project->Select Class Library. Name it
CategoryBLL.
b. In Solution Explorer, Right click BLL project and Add reference of
CategoryDAL into CategoryBLL as follows:
This will open the Add Reference Dialog box where you have to
select CategoryDAL Project. This will allow all DAL class les to be
accessed in BLL. In BLL include a class le called ProductBLL, which
is as follows:
namespace CategoryBLL {
public class Product {
public DataTable getAllProductsForCategoryID(int
nCategoryID)
{DataTable dtProducts = newDataTable();
DataTable dtProductsData = newDataTable();
try {CategoryDAL.ProductDAL objDALProduct =
new CategoryDAL.ProductDAL();
dtProducts = objDALProduct.GetProductsForCategor
y(nCategoryID);
return dtProducts;
} catch (Exception ex) {throw ex;}}}}
Connecting it all
a. Add reference of BLL into Category_WebSite.
b. Now, whenever you change DAL code, right click DAL and Rebuild
DAL so that the change will also be reected in BLL.
c. Similarly, whenever you change BLL code, Rebuild BLL so that the
change will also be reected in the Web Site.
d. Since DAL and BLL are separate projects, each can be opened
separately and also modied.
e. In the website, add Asp.Net Bin Folder and Rebuild solution. The .dll
les for DAL and BLL will be seen in the bin folder.
Creating Presentation Layer
In website create Product.aspx page create User Interface with code
snippet as follows:-
public partial class Products : System.Web.UI.Page {
protected void Page_Load(object sender, EventArgs e) {
if (!IsPostBack) { LoadProducts(); } }
public void LoadProducts() {
DataTable dtProduct = newDataTable();
CategoryBLL.ProductBLL objProductBLL =
newProductBLL();
try { dtProduct = objProductBLL.getAllProducts(true);
if (dtProduct != null) { if (dtProduct.Rows.Count > 0) {
gvProducts.DataSource = dtProduct; gvProducts.
DataBind(); }}
}catch (Exception ex) {throw ex; }}
protected void btnGetProductsForCategoryID_Click(object
sender, EventArgs e) {Load ProductsForCategoryID(
Convert.ToInt32(txtCategoryID.Text)); }
Public void LoadProductsForCategoryID(int nCategoryID) {
DataTable dtProduct = newDataTable();
CategoryBLL.ProductBLL objProductBLL =
newProductBLL(); try { dtProduct=objProductBLL.getAllPro
ductsForCategoryID(nCategoryID);
if (dtProduct != null){
if (dtProduct.Rows.Count > 0) {
gvProducts.DataSource = dtProduct; gvProducts.
DataBind();}}
} catch (Exception ex) {throw ex;} }}
References
[1] Belmaks Solution Content Team and Deramtech Software
Development Team, ASP.NET 2.0 Black Book, edition- October
2006,Paraglyph press.
[2] Don Jones, Microsoft ASP.Net E-Commerce Bible, First edition, IDG
Books India (P) Ltd., August-2011.
[3] http://www.google.co.in/ search n-tier architecture and n-tier
architecture in asp.net n
Ms. Trushali Jambudi is currently a Lecturer at H L Institute of Computer Applications, Ahmedabad University,
Ahmedabad. She has done BSc (I.T) and MSc. (I.T). She has six years of experience in academics. Her areas of
Interest include System Analysis and Design, Database Management Systems, Enterprise Resource Planning, Data
Warehousing, Data Mining and Web based application development technologies.
A
b
o
u
t

t
h
e

A
u
t
h
o
r
Programming.Learn("R")
Data Structures in R
Lets have a quick look on to the data structures in R, in this issue. Data
structures are the objects used to store data or values in a specic
manner in the computer memory. Common data structures which are
used in R are vectors, matrices, arrays, factors, lists, and data frame. In
R, each element in the data structures is stored as objects. Lets have
a look on each of these data structures.
Vectors
Vectors are the simplest data structure in R. Vector stores a
collection of elements with same data type. Like most of the modern
computing languages like Matlab or Scilab, colon operator can be
used to create a vector with elements as a sequence of numbers with
an interval 1. For sequences with custom interval seq() function can
be used.
> 1:10
[1] 1 2 3 4 5 6 7 8 9 10
>seq(1,5, by = 0.5)
[1] 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.5 5.0
A vector can be created and assigned to a symbol using a simple
command:
> x<-c(10,20,30,40,50,60,70,80,90,100)
>x
[1] 10 20 30 40 50 60 70 80 90 100
The function c() stands for concatenate/combine, but for simplicity, it
can be read as create. In order to access a specic object in the vector
we can use the symbol name and the index number within square
brackets. In R, the index starts with 1 and not 0. For example,
>x[2]
[1] 20
If you need to create a character vector or string, use create function
and write character/strings inside double quote.
> y<-c("I am a string")
>y
[1] "I am a string"
Another example:
> z<-c("I","am","a","string")
>z
[1] "I" "am" "a" string"
Matrices
Matrix is a collection of objects arranged in rows and columns. R
provides the function matrix() along with the create function to create
a matrix. The number of rows and columns of the matrix has to be
given as attribute-nrow and ncol. See the example below:
> x = matrix(c(10,20,30,40,50,60,70,80,90,100), nrow=5, ncol=2)
>x
[,1] [,2]
[1,] 10 60
[2,] 20 70
[3,] 30 80
[4,] 40 90
[5,] 50 100
The functions nrow(x) and ncol(x) will give the number of rows and
columns of the matrix, x.
>nrow(x)
[1] 5
>ncol(x)
[1] 2
To retrieve elements of a matrix, we can use the indices. For example,
from the matrix x, to retrieve the element in the fourth row and rst
column, we can use x [4,1].
>x[4,1]
[1] 40
Arrays
Arrays are yet another data structure in R. Arrays can be created using
the array() function in a similar manner to matrix. Matrix can have
only two dimensions- rows and columns. But arrays can have more
than two dimensions.
To create an array in R, rst the data vector has to be given. Then
dimension of the array has to be written in the dim attribute.Lets see
how a three dimensional array is created in R (Fig. 1):
> X<-array(c(1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,2
4),dim<-c(3,4,2))
> X
, , 1
[,1] [,2] [,3] [,4]
[1,] 1 4 7 10
[2,] 2 5 8 11
[3,] 3 6 9 12
, , 2
[,1] [,2] [,3] [,4]
[1,] 13 16 19 22
[2,] 14 17 20 23
[3,] 15 18 21 24

Fig. 1: Three dimensional numeric array
We can also create array of strings/characters in a similar manner by
using double quotes (Fig. 2). In our examples, array X is a 3x4x2 array
and array Y is 2x2x2.

Fig. 2: Three dimensional character array
Hope you had a birds eye view on the data structures of R. We will
continue with the data structures in R in the next issue.
Practitioner
Workbench
Umesh P and Silpa Bhaskaran
Department of Computational Biology and Bioinformatics, University of Kerala
Mrs Jayshree A Dhere
Resident Editor, CSI Communications
Interview with Mr. Jason Gonsalves, Vice President
- Corporate Planning and IT, Performance Coatings
Division, Kansai Nerolac Paints Ltd.
Q. 1: Has the level of IT usage changed during
the past years and has this change helped the
elevation of IT function from the level of being
a mere support function to a level equivalent to
core functions? How has the perception about
IT in the organization changed in recent years?
Ans: Denitely over the past few years the
role of IT has changed from being a mere
support function to that of a business
enabler for growth. At KNPL, IT has always
played a pivotal role and has helped the
organization to achieve its business goals.
Today IT is seen as a catalyst to improve
both top line and bottom line of the
organization.
Q. 2: There is a lot of talk about changing role
of CIOs in current age. What are your views on
this topic? Has the role of CIO changed during
the past years in your environment and if it
has, how?
Ans: The CIOs role is to leverage IT to be
more agile, responsive and help achieve
the strategic objective of the organisation
through proper alignment with business.
His leadership skills, business acumen
and strategic outlook have gained more
importance in the recent years. Over the
last decade IT innovations have helped us
to listen to our customers and to respond
to them, improve operations and thus
enhance customer satisfaction. Being a
member of the management committee of
KNPL, he is able to support the enterprise
goals and strategies.
Q. 3: How is IT function organized centralized
or distributed what are sub-functions in the
IT function?
Ans: At KNPL the IT function is centralized.
Within IT there are Applications and
Infrastructure and Technology as its sub-
functions.
Q. 4: How do you manage (e.g. buying,
licensing, outsourcing etc) IT infrastructure?
Is it centralized or distributed? What are your
major concerns while managing IT?
Ans: IT infrastructure is managed
centrally by our Infrastructure team. The
key concerns in managing IT are how to
improve operational ef ciency year after
year and lower IT operational cost without
afecting delivery. Deriving value out of the
IT investment is also a major challenge
being faced by any IT manager these days.
Q. 5: How do you cope up with constantly
changing IT? How are latest technology trends
such as cloud computing, mobile computing,
social networking etc inuencing the IT
utilization?
Ans: Technology has always been a
driving factor in KNPL. We have evaluated
technologies which we think can give
competitive edge in the market. On similar
lines we will continue to evaluate newer
products such as mobility solutions and
invest at the appropriate time looking at the
readiness of the organization. This helps us
to maximise ROI from the investment made
in any new technology.
Q. 6: Which information technology change
has been of greatest concern for your industry
and how?
Ans: We at KNPL do not look at technology
change as a concern; rather we look at these
changes being an enabler towards bringing
in business value to the organization and
improving its competitive position in the
market. The key technology changes which
are important are IT Governance, Mobility,
and Consumerisation of IT.
Q. 7: How do you derive benets out of data
accumulated over the years? Have BI solutions
been of specic use for your organization? Can
you provide some illustrations?
Ans: We have implemented Data
warehousing solution in the form of BI and
BO. KNPL is a very early adopter of data
warehousing and mining technology way
back in 1999. All the actionable MIS reports
on operational KPIs are broadcasted to the
line managers and Senior Management.
One key diferentiator is changing the entire
way management decides and reviews
operations by using data warehousing
reports. This has brought huge change in
the organization culture.
Q. 8: Do you think that you are getting
optimum benets of IT as of today or more
needs to be done? According to you what % of
total company revenue should be invested in
IT in order to obtain optimal benets?
Ans: At KNPL IT has always played a pivotal
role in creating value for the business. IT
has been used to give KNPL a competitive
edge in the market. Today most of the
organization spend major chunk of the
IT budget in sustenance and operational
activities. Given the economic conditions
today, liberal IT budgets are things of
the past. Deriving maximum value out of
every rupee spent is todays mantra. The
challenge for any CIO is to balance between
operational cost and new initiatives.
According to us 0.3 to 0.5% of the total
revenue on an average over the years would
be ideally looked into for obtaining optimum
results wherein some years the % could be
higher than in other years depending on the
technology investments.
CIO Perspective
Mr. Jason Gonsalves joined Kansai Nerolac Paints in 1994 and has been working there ever since. At the age of 43 years, Jason
has held various positions in Supply Chain, Information technology, Costing, Pricing, Corporate Planning and sales over the last
19 years. Today he is a part of the Management Committee of Kansai Nerolac Paints.
In his current role he is responsible for the Performance Coating Division at Kansai Nerolac and for providing strategic
direction to the IT function. He also oversees the implementation of strategic initiatives at Kansai Nerolac as part of his
Corporate Planning role. He holds a Bachelors degree in Production Engineering and Masters Degree in Business Management
from the University of Mumbai.
The key concerns in managing IT are how to improve operational ef ciency
year after year and lower IT operational cost without afecting delivery.
Q. 9: Do you think IT utilization for
maximizing business benets needs to be
assessed on continuous basis? How do you
ensure that it is happening?
Ans: Yes, IT has to play its role on
sustained basis for maximizing business
benets. Looking at the criticality of IT as a
function, IT too has to undergo continuous
evaluation to generate business value.
Post implementation of any new IT
solution maximizing business benets out
of it is part of the KRA of all the business
heads.
Q. 10: How do you align IT strategy with
business strategy? How often do you review
and update IT strategy plan? What is your
advice for other CIOs?
Ans: IT and Business cannot work in
isolation. Every two or three years a
rolling business plan is prepared based on
business needs and imperatives. During
such planning exercise synergies between
IT and business are examined. The IT plan is
further ne tuned at the beginning of every
scal year and reviewed every quarter. Our
advice to other CIOs would be not to get
carried away with any new technology and
adopt it for the sake of it. One has to look at
organizations maturity / readiness and the
value proposition it promises.
Q. 11: Do you measure the value that IT is
delivering to the business at present? If Yes,
how and if No what do you think should be
done to measure the value delivery from IT?
Ans: Yes in KNPL we do measure the
value generation that is being delivered
by IT to business. Specic KRA are given,
achievement against the KRA is tracked at
regular intervals.
Q. 12: How important is IT security function
for your sector of industry? How do you handle
it through CISO and a separate IT Security
function or as part of IT function itself?
Ans: Due to changing regulatory
environment, IT compliance and
Governance are two prominent subjects
in the IT agenda for KNPL. We have
separate dedicated team which looks
after IT security and Governance which
is overseen by the CISO. We have also
obtained ISO 27001 certication for our
data centre. KNPL is a JSox compliant
organization. KNPL has also implemented
GRC for user access management.
Q. 13: Are the IT projects initiated - by user
departments or by IT department? Do you
recommend a separate PMO (project/ program
management of ce) in IT function to manage
projects or programs i.e. set of projects?
Ans: At a corporate level IT projects are
initiated based on the rolling business plan
by the Management Committee. Getting
business sponsorship right before deciding
an initiative is the key to successful
implementation. Having business people
own and drive the implementation rather
than IT people ensures business results
and proper alignment of business and IT
capabilities. In fact all our CIOs and IT
leadership team have come from business.
If the initiative is owned by the corporate,
a separate PMO in IT function may not
be needed.
Q. 15: Have there been any particular pain
areas while managing change, which IT
brings with its implementation?
Ans: Managing change is always
challenging. To ensure minimum pain
management sponsorship is always there
for the project. Involvement of business
right from the beginning helps in getting
their buy-in. Communication upto the
grass root level brings in awareness
and acceptability. As a matter of fact
at KNPL we always look at maturity /
readiness of organization before initiating
key IT projects. This minimizes change
management eforts.
Q. 16: What are your hiring strategies? How
do you manage attrition of IT professionals or
you have not faced any such problem?
Ans: Our hiring strategy is that we believe
in hiring fresh talent and moulding them to
suit the organizations culture and policies.
We treat our people as a talent pool and
provide exposure to various technologies.
KNPL provides a fantastic platform for
growth. It also challenges its employees
to undertake innovations. We are open
to ideas at every level which is one of the
pillars of success. This help us to minimise
attrition if not eliminate it.
Q. 17: Do you think that IT professionals
need special training in developing soft skills
for better IT management? How do you
inculcate these in IT professionals?
Ans: Yes, along with technological skills,
development of soft skills is essential
for IT management. It is the soft skills
which enable technical skills to be applied
efectively in any job setting. The quality of
soft skills determines your efectiveness
as an IT professional. A training
calendar is chalked out along with HR
for development of these skills. Various
internal and external faculties are hired for
transformation of these skills.
Q. 18: How do you manage synergies between
functional experts and IT professionals?
Ans: As mentioned earlier, all the IT
projects have sponsorship from business.
This ensures participation of business right
from day one. During the project execution
experts are involved from functional sides
to freeze on the requirements. The user
requirement is translated into technical
by IT. Functional experts are also involved
in testing process. This helps quicker
implementation and higher acceptability.
Q. 19: Do you think that IT audit can be
adding value to IT function and thereby to the
business? How often do you recommend the
IT audit to be carried out to provide valuable
inputs for furthering the value delivery from
IT to business?
Ans: Yes, IT audit can denitely help in
leveraging the technical prowess within
IT function to derive business value. It
also ensures safeguarding of assets, data
integrity and operational ef ciency in
achieving organizational goals. Audit
every six months will help in enchaining
the capabilities and thus give maximum
benet to the business.
Q. 20: How important is IT Governance
for your set-up? Does IT get suf cient
importance at the board level in order to
provide benet to the organization?
Ans: IT Governance set-up is very
important. KNPL has always viewed IT
as strategic, and has tried to leverage
IT to create competitive diferentiation
where possible. The CIO is also part of the
Management committee. IT as a function
has visibility at the apex level and is being
looked as a game changer.
n
Our hiring strategy is that we believe in hiring fresh talent and
moulding them to suit the organizations culture and policies.
IT audit can denitely help in leveraging the technical prowess within IT
function to derive business value. It also ensures safeguarding of assets, data
integrity and operational ef ciency in achieving organizational goals.
I AM
BUILDING
f
or m
y f
uture
For more information and to register for an ISACA exam, visit www.isaca.org/myfuture-CSI.
DECEMBER 2013
UPCOMING EXAM DATE
Early registration deadline: 21 August 2013
Final registration deadline: 25 October 2013
Note: The CISA German, Italian and Dutch languages will not be offered at the
December 2013 exam. Please contact exam@isaca.org for further information.
Abstract: This article is the rst among
an upcoming series of articles, focusing on
security of the web platform. The goal of this
article is to explain the basic security model
of web browsers. It emphasizes on the core
security policy of browsers called Same
Origin Policy, on which security of the entire
web platform is dependent.
Introduction
A web browser is software, an interface,
which accepts a URL as input, and
responds with a webpage as output. At a
high level, though it appears to consist of
simple operations, reality is that a browser
is one of the most complicated software in
use today.It performs several tasks such as
triggering network calls, parsing response,
rendering various content types, ef ciently
executing JavaScript, maintaining state
etc. and implements numerous complex
specications such as HTTP, HTML,
ECMAScript, DOM and many more.
When a user enters a URL in a
browsers address bar, the browser makes
a HTTP call to the respective host server
and fetches the corresponding webpage.
Once a webpage is loaded in a browser,a
user can interact with the page in various
ways, such as clicking hyperlinks and
navigating to other pages, entering inputs,
submitting forms, opening new windows,
use browsers history buttons etc. Apart
from these manual interactions, there are
automatic interactions as well, which are
triggered by JavaScript running in the web
page. Automatic partial-page updates,
enhancing user experience, integrating
third party content via APIs (Application
Programming Interfaces) etc. are some
of the virtues of JavaScript executing in
web pages.
More than often, the content from
the URL will have embedded content from
other places on web referred in terms of
images, scripts, style sheets, audio/video,
etc. Browsers have the daunting task of
combining the content from these diferent
(trusted and/or untrusted) sources and
render a uniform and interactive interface
to user. If no boundaries existed to isolate
content from diferent parties and all
interactions between them are allowed,
there would be severe security aws.
While interactions between diferent
parties through hyperlinks may be
considered safe, automated interactions
triggered by scripts could be potentially
dangerous.This is further complicated
for a browser that allows users to open
diferent sites in diferent tabs of same
browser instance, when it is required
to provide secure isolation of content.
Assume a script in a malicious web page
loaded in one tab would be able to read
emails from a webpage loaded in another
tab. Therefore the web browser has a
big security challenge of clearly isolating
content loaded from diferent parties.
Origin The unit of isolation
For secure isolation of content loaded
from diferent sources on web, it is highly
critical for browsers to diferentiate the
boundary between diferent sources of
content. Origin
[2]
is the technical term
used to dene diferent parties and draw
boundaries between them more precisely.
It is the basic unit of isolation in the web
platform, which typically is represented as
scheme-host-port tuple.
Scheme refers to the protocol used
for triggering the request (e.g., http,
https).
Host refers to the domain name
which resolves to the IP address of the
destination server (e.g., example.com)
Port refers to the port number which
is congured on the webserver to
accept the web requests.
The union of scheme, host, and port is
referred to as Origin, which can be
syntactically represented as: scheme://
host:port.
Cross origin Interactions
As an example, the three origins listed
below difer in one or more of scheme-
host-port tuple and hence they belong to
diferent origins:
http://example.com
https://example.com
http://example.com:81
Communications between these diferent
origins are generally known as cross-
origin interactions and the requests
which trigger such communications
are called cross origin requests.
Sub-domains (http://chat.example.com
and http://mail.example.com), though
have the same parent origin (http://
example.com), are treated as diferent
origins by most browsers for enhanced
security. This restriction can be relaxed
by a technique called Domain Relaxation,
which, at this moment, is out of scope
of this article. Table 1 below gives clear
details on which URLs are same origin and
which are not.
Typical cross origin interactions
which happen in a browsing scenario
are explained graphically in Fig. 1. In
this gure, http://A.tld and http://B.
tld are diferent origins (tld stands
for Top Level Domain such as .com,
How Browsers Isolate Content Securely
Security Corner
Krishna Chaitanya Telikicherla
Research Associate, Security and Privacy Research Lab at Infosys
URL 1 URL 2 Do URL1 and URL2
belong to same origin?
Reason
http://example.com/ https://example.com/ No Diferent schemes
http://example.com http://example.com:8080 No Diferent ports
http://mail.example.com http://chat.example.com No Diferent sub-domains
http://example.com/
user1/index.php
http://example.com/
user2/index.php
Yes Path is not a part of origin.
Only scheme, host, port matter.
Table 1: Examples of same origin/cross origin URLs.
.org etc).The bars C1, C2 in the client
system represent two diferent instances
browsers (or two diferent tabs in a single
browser). The arrows (1) and (4) in the
gure represent HTTP requests initiated
by the user by typing a URL in the address
bar. This means, C1 loads content from the
origin http://A.tld while C2 loads content
from the origin http://B.tld. The arrows
(2), (5), (7) represent HTTP requests
while (3), (6) represent HTTP responses.
On observation, we can see that
though C2 loads content from http://B.
tld, it makes a request (7) to http://A.
tld. This is an example of a cross origin
request. Similarly, (8) represents a cross
origin interaction between C1 and C2 (e.g.,
interaction between a parent window
and a popup).
Though such cross origin interactions
are benecial, they are also the cause of
several attacks. Request (7) could be
potentially dangerous and can cause a
change in the state of a remote server.
Such an attack is called CSRF (Cross
Site Request Forgery) [1]. Also, request
(8) can make a script in one browser to
change the state of webpage in another
browser. So, as explained earlier, cross
origin interactions could be safe as well
as dangerous in diferent scenarios. So
the question is how browsers isolate such
interactions securely? Browsers achieve
this by implementing a security policy
called Same Origin Policy, which greatly
restricts the amount of damage that could
happen due to cross origin interactions.
Same Origin Policy (SOP)
The security assurances provided by
browsers are mainly based on isolation of
origins. The primary idea of Same Origin
Policy is: Two web pages from diferent
origins should not be able to negatively
impact each other.
Same Origin Policy applies to the following
core components of the web platform
[5]
:
Document Object Model (DOM)
XMLHTTPRequest (responsible for
AJAX calls)
Storage (e.g., cookies, local storage
etc.)
SOP for DOM:
DOM
[3]
is an API which is useful
for accessing and modifying HTML
documents, typically using JavaScript.
As per this rule, JavaScript running in a
webpage of one origin cannot cause a
change in state of the webpage belonging
to another origin. This is very important in
preventing a vast set of attacks.
If this policy was not in place, an
advertisement loaded from one origin can
change the login form present in the page
to a fake form, thereby stealing credentials
of a user.
SOP for XMLHTTP Request
XMLHTTPRequest (XHR) [4] is an API
which provides scripts in a webpage the
ability to transfer data from a browser
directly to a server.As per this rule,
JavaScript running in a webpage of one
origin is not allowed to make network
calls to a webserver belonging to another
origin. Again, this is very important to
prevent dangerous attacks.If this policy
was not in place, any random webpage
can make network calls and delete emails
from a users email server.
SOP for Storage
Similar to the above cases, as per this rule,
browsers storage of a webpage belonging
to one origin should not be accessible to
web pages belonging to other origins.
Cookies, HTML5 Local storage etc. abide
to this rule. If this policy was not in place,
script running in one origin will be able to
steal cookies, sensitive data from browser
storage belonging to other origins,
thereby enabling an attacker to trivially
impersonate a user and cause dangerous
consequences.
Apart from these, same origin checks
are also used in features such as caching,
pop-up blocking, geo location sharing,
password management, camera, and
microphone access in ash, silverlight
etc. In each of the above cases of SOP,
there are several bypasses, constraints,
undesirable impacts, implementation
diferences across browser vendors etc.,
which make security of the web platform
even more complex.
In this way, the Same Origin Policy
of browsers helps in securely isolating
content from multiple parties on the web.
Conclusion
In this article, we have explained how
browsers isolate content from diferent
parties securely by implementing Same
Origin Policy (SOP). Though SOP is
essential and almost appears to be the
perfect security mechanism needed for
the web platform, it has its darker side.
There are several bypasses to SOP, which
are used by developers for integrating
tt
pp
aa
cc
t
oo
SS
XX
ww
aa
dd
J
oo
cc
oo
pp
ww
cc
f
SS
SS
bb
tt
ww
C
Fig. 1: A sequence diagram explaining cross origin interactons (client side as well as server side)
content from diferent sources (technically
called Mashups). These bypasses are also
used by attackers as channels to attack
websites remotely.
Furthermore, few web evangelists
argue that SOP is too strict in blocking
genuine third party interactions, which is
essential for the evolving social web. On
the other side, few security researchers
argue that SOP is too weak to stop attacks
like CSRF and other malicious cross origin
attacks. Regardless of the arguments,
the fact that millions of web pages are
currently designed based on SOP browser
model indicates that SOP will forever be
in place, but modications to it will be
deployed as additional policies in new
browsers, in a backward compatible way.
We shall provide more insights
about bypasses of Same Origin Policy,
their security threats, suggested defense
mechanisms and upcoming browser
security policies in our upcoming series of
articles.
References
[1] CSRF Attacks - https://www.owasp.org/
index.php/Cross-Site_Request_Forgery_
(CSRF)
[2] Adam Barth, The Web Origin Concept -
http://tools.ietf.org/html/rfc6454
[3] WHATWG, Introduction to the
DOM - http://dom.spec.whatwg.
org/#introduction-to-the-dom
[4] W3C, XMLHTTPRequest - http://www.
w3.org/TR/XMLHttpRequest
[5] Michal Zalewski, The Tangled Web -
http://lcamtuf.coredump.cx/tangled/
n
Krishna Chaitanya Telikicherla is a Research Associate with Security and Privacy Research Lab at Infosys.
His research focus is primarily on web security, specically analyzing browser security policies, web attacks,
defenses and formal verication of web specications. He is a regular blogger and speaker at several developer
and security meets in India. For his contributions to technical communities, Microsoft has presented him
the prestigious Most Valuable Professional (MVP) award for 4 consecutive years (2010-2013). He can be
contacted at KrishnaChaitanya_T@infosys.com
A
b
o
u
t

t
h
e

A
u
t
h
o
r
IT Act 2000
Prof. I T Law demysties Technology Law Issues
Issue No. 14
Security Corner
Mr. Subramaniam Vutha
Advocate
Email: svutha@svutha.com
The Legal uses of Cryptography:
IT Person: Prof. I. T. Law, it is a pleasure to
meet you again. In this session, I would like
to understand whether there are any legal
uses or aspects of Cryptography. And if so,
I would like to get some insights on that
subject.
Prof. IT Law: I enjoy talking to you too. And
your choice of a subject is excellent. Very few
people realize how technology has solved
some legal problems in electronic commerce
using Cryptography.
IT Person: What legal problems? And what
has technology done to solve such legal
problems?
Prof. IT Law: Firstly, here are the legal
problems or challenges. As you probably
know, when we enter into contracts in
the real world, we write out or type the
contracts. And then both parties sign them.
This serves 3 fundamental purposes. Firstly,
the parties know each other because they
meet to sign the contract, or have reliable
ways of ensuring that the other party to the
contract is actually who he claims to be. [This
is the Authenticity aspect]. Secondly, the
precise terms of the contract are in writing,
and any alterations made by either party
will be visible to the other party. So such
modications can be detected [This is the
Integrity aspect] .Thirdly, the signatures of
each party indicate their consent and bind
them respectively. So there is little scope for
retracting from a promise made in a contract.
[This is the non-repudiation aspect.] These
3 aspects make a contract in the real world
reliable for both parties.
IT Person: So what are the legal problems
or challenges in electronic contracts or
electronic commerce?
Prof. IT Law: Well, if we do the same
things electronically, each of these aspects
presents a challenge or a problem. The
parties may not meet, know or care to know
each other. In electronic commerce, there is
considerable anonymity in a general sense.
So how does a party to a contract, know that
the other party is actually who he claims
to be? [This is the Authenticity challenge]
Secondly, any electronic writing can be easily
altered or modied. So there is scope for
fraud or mistakes. [The Integrity challenge]
Thirdly, there is a risk that the person signing
an electronic contract may later deny having
done so. [The Repudiation Challenge]. These
3 challenges cannot be solved without the
use of technology.
IT Person: And how did technology solve
these problems?
Prof IT: Well, I understand that there are
several technological solutions possible.
But in the 3 main solutions that technology
provided to address these problems, the key
element is Cryptography.
IT Person: Is that right? Please tell me more.
Prof. IT Law: Cryptography deals with
secret writing, and hence with encryption,
decryption, and related matters. So, let
us the take the example of Private Key
encryption. This is a technical solution to
the aforesaid 3 legal challenges. Private
Key encryption involves the use of a Private
Key by one party to an electronic contract
to sign the electronic contract, thereby
signifying his consent to the contract terms.
IT Person: And how does that help?
Prof. IT Law: The use of the Private Key
results in the electronic document getting
encrypted. And the other party to the
contract then uses an identical Private
Key, provided to him by the rst party, to
decrypt the contract when he receives it.
That conrms 2 things in his mind. Firstly,
that the signature of the rst party was
indeed af xed by the rst party, because
successful decryption by the second party
means that the same or identical Private
Key was used for signing by the rst party.
This addresses the authenticity challenge.
Secondly, if there were any alterations in
the text of the electronic contract during
transmission the second partys use of the
identical Private Key, would not be able to
decrypt the document. This addresses the
Integrity challenge.
IT Person: And, I suppose, this also serves to
preclude the rst party from denying that he
has signed the document, thereby addressing
the 3rd challenge that you mentioned earlier,
namely, the Non-repudiation challenge.
Prof. IT Law: You are right. Since the rst
partys Private Key [like his ATM PIN], is
under his sole control he cannot deny that
he has signed the document after his Private
Key has been used.
IT Person: And what are the other examples
of how cryptography was used to solve legal
problems?
Prof. IT Law: The problems are the same.
Namely, the authenticity, integrity, and
non repudiation challenges. However, in
another technological solution, the Public
Key Infrastructure is used. And this involves
a pair of keys, namely, a Public Key and a
Private Key. Each set of a Public Key and a
Private Key are perfectly matched, so that a
document that is encrypted using a Public
Key can only be decrypted by the matching
Private Key only. And each set of a Public
Key +Private Key is issued [and linked] to a
person, against an application and fees after
verifying identity and other details just like a
KYC process, or a passport issuing process.
IT Person: I see. And how does that help?
Prof. IT Law: When a party to a contract
sends an electronic document to the other,
he can download the others Public Key
from a Repository that makes all Public
Keys available. The Public Key encrypts the
document, which is then sent to the other
party to the contract. Then the other party
uses his matching Private Key to decrypt
the document. If decryption is successful,
the other party knows that his Public Key
was used, and that the document was not
tampered with during transmission.
IT Person: So the 3 challenges of electronic
commerce are addressed by the use of the
Public Key/Private Key pair?
Prof. IT Law: Yes, as you can see, this
addresses all 3 legal challenges. And the
third type of technological solution called
Digital Signature, also addresses these
legal challenges using encryption and
decryption, which are the techniques based
on Cryptography.
IT Person: Oh I do remember you telling
me in an earlier session, about how Digital
Signatures work in electronic commerce.
But I was unable to understand how
Cryptography helps address legal challenges,
in electronic commerce until you explained it
so well. I suppose this is another excellent
example of the need for collaboration
between Technology and Law.
Prof. IT Law: You are right Mr. I T Executive.
n
Solution to June 2013 crossword
Brain Teaser
Dr. Debasish Jana
Editor, CSI Communications
Crossword
Test your Knowledge on e-Business
Solution to the crossword with name of rst all correct solution provider(s) will appear in the next issue. Send your answers to CSI
Communications at email address csic@csi-india.org with subject: Crossword Solution - CSIC July 2013
CLUES
ACROSS
1. A market consisting of one buyer and many sellers (9)
3. Protocol for le transfer (3)
7. Information system for management (3)
10. A business-to-business portal in South Korea (7)
12. Protocol used for terminal emulation (6)
14. Helps integration of information management across organization (3)
15. Service provider for internet (3)
18. Method used to codify a message (10)
19. Organization for the Advancement of Structured Information
Standards (5)
20. Language used to create Hypertext documents for web (4)
21. Standard for data encryption (3)
28. A web client (7)
29. Transmission Control Protocol (3)
31. Device for modulation and demodulation of communication (5)
32. Standard way to provide the web address of any resource (3)
33. Term used to measure reference to the web presence (3)
34. Web site (6)
35. Used to recognize characters through optical sensing device (3)
37. Business to Government transactions (3)
38. Authentication relying on measurable physical characteristics (9)
DOWN
2. A smart card for making electronic payments in online or of ine
systems (7, 4)
4. Post Of ce Protocol (3)
5. Protocol for moving hypertext les across the Internet (4)
6. Interoperable platform independent format for information exchange
(3)
8. Advertising and marketing eforts that use the web (8, 9)
9. Throughput of a communication link in bits per second (9)
11. Information stored on consumers' storage to track Internet usage (7)
13. Internet Protocol (2)
16. Point to Point Protocol (3)
17. Type of webpage used often to display advertisements (12)
22. Electronic business eXtensible Markup Language (5)
23. A bar code printing system (7)
24. The Internet (3)
25. Format for image les (4)
26. Format used for transmission of business documents (3)
27. Protocol used for mail transfer (4)
30. Individual who is purchasing the services or goods (8)
36. A digital repository of organized information (4)
37. Business to business transactions (3)
We are overwhelmed by the responses and solutions received from our enthusiastic readers
NO ALL correct answers to June 2013 months crossword
received from our readers.
Did you know about rst shopping cart?
In the year 1937, grocery store owner Sylvan
Goldman had put first shopping cart in
operation. In 1936, during one night, while
Goldman was thinking in his office how
customers might move more groceries. Looking at
a wooden folding chair, the idea flickered what
about putting a basket on the seat and putting
wheels on the legs, well.... what about putting two
baskets one little above the other basket?
Ref: http://en.wikipedia.org/wiki/Shopping_cart
1 2
3 4
5 6 7 8 9
10 11
12 13
14
15 16 17
18
19
20
21 22 23
24 25
26 27 28 29
30 31
32 33
34
35 36
37
38
1
R
2
F
3
L I N K E
4
D I
5
N
6
C
7
S L A S H K E Y A I
O S C
8
G N N
H E
9
W A L L E N G
E P E M Y
S
10
F A C E B O O K E B
I R C
11
F L I C K R
12
O R K U T A
13
T O N O
14
A
N Y S
15
X W U S W D
16
W
17
A
18
T W I T T E R C N W
E G N P S H O
19
B L O G G I N G O Q
20
A V A T A R
I R L U F D
N
21
Y E L P L A T S
22
C H A T G R
23
M
24
G
A R A
25
F L I X S T E R E R
F T E A
E
26
Y O U T
27
U B E
28
M U L T I P L Y
M R M H
O
29
S L I D E S H A R E
M
t
o
Ask an Expert
Dr. Debasish Jana
Editor, CSI Communications
Your Question, Our Answer
Whenever people agree with me I always feel I must be wrong.
~ Oscar Wilde
C/C++: CPU Burst and scheduling
From:
Chandan Singh,
Student of MSc (2nd Sem),
Karnataka State Open University (KSOU),
PC Training Institute, Pitampura, Delhi
Respected Sir,
Thanks for the basic knowledge of scheduling algorithm in the
column of "Ask an Expert". Sir, I have another query. How does
the CPU calculate the burst time? Does every CPU scheduling
algorithm run as per the CPU burst time or the requirement as laid
out by the process? Wherever this information is stored, could I
fetch that value with the help of programming?
Looking forward for positive response on your side.
Thanks n Regards
A
We discussed about CPU scheduling in CSIC, June 2013 issue
with illustration through a C program using First Come First Serve
(FCFS) scheduling algorithm.
In the above diagram, there is couple of states. The running state
signies the process that gets executed (single CPU for simplicity).
The ready state is for any process that is ready to be executed.
The waiting state is when a process cannot execute until some
event occurs (for example, the completion of an Input or Output
task). The new state is when the operating system has done the
necessary actions to create the process with its process identier,
process management tables, but is not yet ready to be executed.
The terminated state is when the process ends running or is no
longer suitable for execution i.e. the process is done executing.
Here, all tables and other information related to the process
(program in execution) are not needed any more.
In Unix operating system, for example, a sleeping or waiting even
ready process doesnt use any CPU resource. The kernel doesnt
check whether a process is sleeping, instead it just wakes up the
sleeping process when an event occurs. In fact, in Unix, time is a
command used to determine the execution duration of a particular
command.
The usage is as follows:
time ls
That means, to use the time command, you need to simply precede
the command by the word time, as in the above example. When
the command is completed executing, time command will report
time taken by the command (ls, in this example) specically in
terms of user CPU time, system CPU time, and real time.
The output of the time command will be similar to the following:
real 0m0.015s
user 0m0.003s
sys 0m0.013s
Here, time of execution is all given in seconds. The subcategory of
the time granularity is as follows:
real - refers to actual time elapsed to execute the command (ls,
in this example); i.e. from start to nish of the command, this
includes time slices used by other executing processes and time
the process spends waiting (for example waiting for an I/O to
complete).
The other two terms, user and sys refer to CPU time used only by
the process. By user, we mean the CPU time spent in user-mode
code (outside the kernel) within the process. Waiting or time
taken by other process in execution is not counted in here.
The time sys is the CPU time spent in the kernel within the
executing process. This includes CPU time spent in system calls
that executes within the kernel, as compared to some library code,
which is still executing in user-space.
The addition of user and sys (user+sys) will tell how much CPU
time is actually used by the executing process. Note that real
user + sys
A task may be CPU bound (with more CPU burst time than
I/O time) or I/O count where I/O time taken will be more than
CPU time.
There are other CPU scheduling algorithms too.
Summing up, every CPU scheduling algorithm is run as per the
given diagram on the left column for process state transitions.
As it goes along in execution, state gets transited, and the time
command helps retrieving the actual time taken as a whole and
CPU alone.
n
Send your questions to CSI Communications with subject line Ask an Expert at email address csic@csi-india.org
admitted
new terminated
running ready
waiting
I/O or event completion I/O or event wait
scheduler dispatch
interrupt exit
Happenings@ICT
H R Mohan
Vice President, CSI, AVP (Systems), The Hindu, Chennai
Email: hrmohan.csi@gmail.com
ICT News Briefs in June 2013
The following are the ICT news and
headlines of interest in June 2013. They have
been compiled from various news & Internet
sources including the dailies The Hindu,
Business Line, and Economic Times.
Voices & Views
Googles Mapathon data have to be
vetted before uploaded for users
Survey of India.
Indian tablet makers have shipped in
over nine lakh tablet computers during
the Q1 (January-March) this year
CyberMedia Research.
Today, 50% more digital information is
created in India than the capacity that
exists to store it. This number will grow
to 80% over the next decade EMC.
The total cloud computing market is
expected to grow over 10 times by 2015 to
reach $4.5 billion; private cloud will account
for $3.5 billion EMC Zinnov study.
Big data solutions market in India to
double in two years; from $80 million in
2012 to $153.1 million by 2014.
Indian BI software revenue is set to rise
16% to reach $113 million in 2013 from
$98.1 million in 2012 Gartner.
The IT market size in India would grow
to $44.8 billion in 2014 from $35.1
billion in 2012 IDC.
India came in fth with 6.3 billion pieces
of information being collected by US
National Security Agency from the
countrys computer and data networks
in one month alone The Guardian.
Internet of Everything to roll out over
the next 10 years Cisco.
US top target for phishing attacks; India
ranks fourth RSA.
The market for wireless technology is
growing at 17-18% every year in IndiaHP.
More women buy from Net. From just
four million in 2008, the number of
women users has gone up to 60 million
and may touch 120 million by 2015
Google India.
Uttarakhand: Social networking helps
families reunite with missing kin.
Indian analytics businesses can hope for
a $2.5 billion opportunity in the global
pie of $50 billion by 2020 Nasscom.
India beats Japan to third rank in
smartphone market.
Govt, Policy, Telecom, Compliance
Govt to invite private rms to develop
mobile apps for e-governance.
Telecom regulator asked by DoT to
audit spectrum use by telcos.
RCom to lease out telecom towers to
Reliance Jio in Rs 12,000-cr pact.
Indian internet companies have urged
the Govt. to ask Google, Facebook and
other American Web sites to set up
local servers as media recently reported
that the US Govt. was using these Web
sites to snoop into users online activity
across the globe.
Regulator warns Aircel, Tata Tele, RCom
against unsolicited SMSes. Told to
submit weekly report on pesky SMSes
Govt. may harden stand with Google,
Facebook on privacy issues.
National Security Advisor wants Govt.
networks to have limited access to Net.
IT Ministry goes ahead with go local
policy in Govt. procurement.
Roaming free of charge is not possible
TRAI.
Govt. may have to give IT product
makers more time to get BIS tag.
Govt. to track project status of projects
over 1000 crores through Net.
Mobile handset makers ready to meet
new radiation norms SAR levels of 2
watt/kg on a 10 gm human tissue by
Sep 2013.
Home Ministry wants stringent rules for
activating mobiles.
Falling rupee forces PC makers to raise
prices.
IIT Madras ready with tech specication
to make Aakash 4.
Australia may tweak immigration norms
amid concerns over abuse by IT rms.
US Senate passes immigration Bill,
which is set to impact Indian IT
companies, but Nasscom still hopeful.
IT Manpower, Staf ng & Top Moves
Hiring in the e-commerce space is likely
to increase by 20% in the next couple
of years, spurred by the demand for
developers and data analysts E. Balaji,
CEO, Randstad.
N.R. Narayana Murthy is back in
Infosys as Executive Chairman to revive
its fortunes. He will draw a token
compensation of Re 1 a year.
Private cloud alone in India is expected
to create one lakh jobs by 2015 from
10,000 in 2011 EMC Zinnov study.
Karan Bajwa to head Microsoft India.
Mydala to expand to Asia Pacic. Plans
double its headcount to 600 by this
year-end.
Wipro plans to add 1,000 employees in
Germany by 2016, from 500 employees
at present.
IT biggies hand out salary hikes.
As against 1.80 lakh people absorbed by
IT industry last year, it will hire only 1.30
lakh this year.
Fractal Analytics to double headcount
to 1,200 by next year.
Informatica to hire 200 people in India.
HCL Technologies may lay of over 100
employees in Finland.
Company News: Tie-ups, Joint
Ventures, New Initiatives
VISA payWave the contactless
payment technology is now being
considered by banks for the Indian
market.
Amazon has entered the Indian
e-commerce space. India is the tenth
market where it has launched a country-
specic retail Web site.
UKs Network Rail has given out IT
outsourcing deals worth 360 million to
TCS & CTS and three other MNCs.
Wipro looks at Malaysia, Indonesia for
data centre expansion.
ESPN cricinfo has upgraded its iOS and
Android mobile apps and plans to roll
out a similar app for football enthusiasts.
Intel Capital to invest $16 million in
three e-commerce companies in Asia,
including two in India Bright Lifecare
and Snapdeal.com.
1.25 million LPG users benet from
direct cash transfer using aadhar linked
bank accounts.
High Court clears Mahindra Satyam,
TechM merger. Mahindra set to de-tag
Satyam.
Four Mahindra group rms join hands to
nurture start-ups.
Intel eyes tie up with PC manufacturers
for a chip of Government deals.
Epson unveils energy-saving printers.
While an entry-level laser printer can
consume nearly 360 watts of power
while it is just 12 watts for Epsons new
range printers.
Samsung beats Nokia in overall mobile
sales in Q1.
Googles Internet balloons aimed at
reducing the yawning gap in the digital
divide may y over India soon.
Microsoft unveils test version of
Windows 8.1, brings back start button.
n
CSI Reports
From CSI SIGs / Divisions / Regions and Other News
Please check detailed reports and news at:
http://www.csi-india.org/web/guest/csic-reports
SPEAKER(S) TOPIC AND GIST
DIVISION I AND REGION I
Mr. Rajiv P Saxena, Prof. M N Hoda, Mr. R K Vyas,
Dr. V K Panchal, Dr. Anup Girdhar, Adv Pawan Duggal,
Prof. S K Gupta, Prof. A K Saini, Dr. Sushila Madan, and
Mr. Mukul Girdhar
6-7 April 2013: International Conference - CTICon-2013 - on Diversifying
Trends in Technology & Management
The conference was organized by Cyber Times International Journal of
Technology & Management. It had key note addresses, invited talks, paper
presentations and panel discussions by the experts in the eld.
It was well attended by over 250 delegates from all over country and abroad.
[L to R] Advocate Pawan Duggal, Dr. Sushila Madan, Dr. Anup Girdhar,
Prof. M N Hoda, Mr. Mukul Girdhar
DIVISION I AND REGION I
Prof. S V Raghavan - President CSI, Mr. G J Kulkarni -
CEO of Humanitics, Prof. Anu Singh Lather,
Prof. A K Saini, Prof. M N Hoda and Mr. R K Vyas
26 April 2013: National Conference on Information and Communication
Technologies for Competitive Advantage
The conference was organised by GGSIP University, New Delhi. Conference
proceedings in the form of edited book published by Bloomsbury were
released on the occasion along with the soft copy of proceedings (with ISBN
No.). More than 45 research papers were presented. Dr. Sanjay Dhingra co-
ordinated the event.
[L to R] Prof. A K Saini, Prof. S V Raghavan, Mr. G J Kulkarni,
Prof. Anu Singh Lather
Obituary
Shri G Viswanathan, 73, former Chairman of CSI Cochin Chapter, passed away on 9th June 2013 at Cochin. He was the founder
member of Cochin Chapter and held various capacities during his long association with CSI. He was very active in the social circles and
held various positions like District Governor of Rotary Club (Kochi-Coimbatore), Chairman of the Institution of
Engineers India, President of Indian Institute of Materials Management, President of Kerala Brahmana Sabha
etc.
During his lifetime, he was an ardent advocate of organ donation. As per his wish, all his reusable organs were
donated and his body was donated to Amrita Institute of Medical Sciences, Kochi.
He is survived by wife Meena Viswanathan, who was the Principal of Bhavans Vidya Mandir, Elamakkara, daughter
Anuradha, son-in-law Hari Narayan and grandsons Shashank and Mihir who are settled in the United States.
We pray our respectful homage to our beloved GV.
- Manjusha Devi S, Secretary, CSI Cochin Chapter
Attention

Academic Institutions & Student Branches

The Membership Period for Academic Institutions & Student Members
Changed to July June from the Existing period (Apr Mar)
With efect from July 1, 2013

Director ( Education )
CSI News
From CSI Chapters
Please check detailed news at:
http://www.csi-india.org/web/guest/csic-chapters-sbs-news
HYDERABAD (REGION V)
Dr. Sai Baba Reddy, U RamMohan, Dr. Bhulokam, Dr. N
Sarat Chandra Babu, Dr. M Srinivasa Rao, Shri Krishna
Sastry Pendyala, Rameshwara Rao, Dr. P Chakrapani,
Lakshmi Narayan Raju, IL Narasimha Rao
8-9 March 2013: Two-days Conference on Information Security & Ethical
Hacking INFOSEC 2013
Conference was organized in association with C-DAC Hyderabad. Expert talk
on Cyber Crimes Cyber Forensics Investigators Perspective" was delivered
by Mr Pendyala. Other practical oriented technical sessions covered topics
like web security, mobile security, ethical hacking, secure coding practices,
malware reverse engineering, OS Exploitation etc. Students were exposed to
various tools. Various other events like quiz, Photo Contest, InfoSec Quote
Contest, paper presentation by students etc. were also conducted.
Guests and partcipants of the Conference
COIMBATORE (REGION VII)
Chief Guest Dr. R Rudramoorthy 6 March 2013: CSI Young IT Professional Award 2012
Chapter hosted the nals. About 14 teams from 7 regions contested.
Professionals from Industry judged the presentations by the participants.
Dr.Rudramoorthy inaugurated the event. Dr. Bipin Mehta, Convener of the
event gave away the prizes viz. 1. Jemina Asnoth Silvia, 2. Tamal Dev and 3.
Persistent Systems.
Guest speaker conductng Award functon
Mr. Xavier Bapticia, IT Hear, Circor India 27 March 2013: Organized program on Virtualization
Mr. Xavier spoke about how they made Virtualization a reality in their
company. He shared his experience not only of technical aspects but also
with focus on ROI. He highlighted the need to standardize Hardware and
Software platforms. He mentioned that his team is now lean and mean
and is able to deliver better ROI to his management.
Guests and organizers team from Coimbatore Chapter
Mr. Alfred 28 March 2013: CSI Day 2013
CSI Day, an annual afair of the chapter, witnessed active participation by
not only CSI members but their families too. Mr.Alfred entertained the
gathering. His games made families know each other and enjoy the evening.
His questions made people think and recall sometime right answers and
some times not so right answers ! Cash prizes were given away to winners.
Partcipants atending CSI Day 2013
Mr. Sena Palanisami 30 May 2013: Organized program on Healthcare in Digital World
Mr. Sena explained how Electronic health records (EHRs) enable healthcare
providers reduce medical errors, provide better patient care and help control
healthcare costs. Timely test ordering and results reporting is crucial.
Clinicians who have adoptedelectronic medical records (EMR)system nd
that connecting their system to multiple lab information systems enhances
productivity. Centralized Clearing House System can act as a liaison
between the clinical providers and lab providers.
Mr. Sena Palanisami, Chairman, Visolve Technologies, USA with CSI O ce bearers
SIVAKASI (REGION VII)
Dr. S Arivazhagan, Dr. K Muneeswaran, Shenbagaraj,
Haseena, Angela Jennifa Sujana, J Maruthu Pandi & others
5-6 March 2013: Workshop on Security issues in Pervasive Computing
Dr. Arivazhagan spoke about importance of analyzing security issues
in pervasive computing. There were sessions on Pervasive Computing:
Vision and Challenges, Wireless sensor networks and its applications,
Wireless Application using WML, Security issues in Pervasive
computing, Introduction to Symbion OS, Cryptool and Radio Frequency
IDentication (RFID). Hands-on sessions on Wireless Sensor Networks
Simulations and Applications using J2ME were also conducted.
Guests on stage
TRIVANDRUM (REGION VII)
Dr. C G Sukumaran Nair, Dr. D S Rane and Mr. N T Nair 18 May 2013: Felicitation to Dr. D S Rane, Fellow CSI and Dr. A K Poojari
Memorial Lecture 2013
Dr. Rane was felicitated for being awarded the "Fellow CSI" in Dec 2012 at
Kolkatta. Annual lecture viz. "Dr. AK Poojari Memorial Lecture 2013" was
organized prior to annual general body meeting. Mr. N T Nair spoke on
"Computing - Some Emerging Trends".
N T Nair Speaking on the occasion of Dr. A K Poojari Memorial Lecture 2013
Mr. G Neelakantan, Past Chairman 18 May 2013: Award Ceremony during 37th Annual General Meeting
Mr. Neelakantan read out various awards instituted by the Chapter. Best
Student Project Awards were presented. First Prize went for the project
Implementation of Algorithms to Model Reachability by a Convex Robotic
Arm and Second Prize was given for the project Navigation and Surveillance
Using Mobile Devices.
Mr. R Narayanan presentng Award
From Student Branches
http://www.csi-india.org/web/guest/csic-chapters-sbs-news
DRONACHARYA GROUP OF INSTITUTIONS, GREATER NOIDA (REGION-I)
Mr. Dheeraj Kapoor & Mr. Somen Chakraborty 6 April 2013: One day workshop on ESDM Electronic System Design &
Manufacturing
Mr. Kapoor spoke about Opportunities and Policy Initiatives in Electronics
System Design and Manufacturing Sector. Later students had industrial
tour to Sahasra Sambhav Electronics Pvt Ltd, Noida along with faculty
members.They visited manufacturing unit where process of PCB design was
demonstrated and they learnt about design and manufacture of LEDS and
their commercial uses in the market.
Guests and Organizers Team
JRE GROUP OF INSTITUTIONS GREATER NOIDA (REGION-I)
Mr. Roop Ranjan, Mr. Sanjeev Pippal and Dr. Krishna Rao 17 March 2013: One Day Workshop on Use of DB2 and JSP for
Developing Applications
Mr. Roop discussed relevance and scope of DB2 and JSP that would help
students develop their projects. He shared with students skills of developing
successful projects and creating a concept. He further explained the ways
of making database connectivity using JDBC and ODBC, elements of a good
and marketable software, query ring and obtaining desired results.
Partcipants and organizer team of workshop
KANPUR INSTITUTE OF TECHNOLOGY - ROOMA KANPUR, UP (REGION-I)
Dr. Nirbhay Singh, Akash Shukla 29-30 January 2013: Organized Mega School Event Anveshan13
Events conducted under this were Bug Master, Spell Bee, Athene, Pandoras
Box, Junk Art, One minute Waltzz and Campus Slide. Spoken tutorials is
initiative of Talk to a Teacher activity of National Mission on education
through ICT, launched by Ministry of Human Resources and Development.
The content delivered in the workshop were FireFox Browser and Libre
Of ce. There was also a Workshop on Ethical Hacking.
Partcipants of Mega School event
AES INSTITUTE OF COMPUTER STUDIES (AESICS), AHMEDABAD (REGION-III)
Dr. Paul Hawking, SAP and Business Intelligence expert
from Victoria University, Melbourne, Australia
20 March 2013: Seminar on ERP Systems and Business Intelligence
Dr. Paul talked on SAP strategy, business intelligence and current and
emerging trends in SAP ERP. He explained various trends in SAP ERP like
ERP strategy, SAP business by design, Analytics and Business Intelligence,
Big data and SAP HANA, SAP mobile solutions with interesting real life
case studies.
Dr. Paul Hawking during the Seminar
Mrs. Hiral Vegda 23 March 2013: Workshop on Web Application Development using PHP
The topics covered were basic concepts of PHP, Advanced PHP, Basic CSS
and JavaScript and MySQL for database connectivity. The participants
were trained to create web pages using the forms, conditional statements,
loop control structures, get and post methods, Cookies and Session
maintenance and MySQL database.
Speaker during the lecture
SIR PADAMPAT SINGHANIA UNIVERSITY (SPSU), UDAIPUR (REGION-III)
Prof. Dharam Singh and Mr. Ratnesh Sharma 6 April 2013: Workshop on Electronics System Design and Manufacturing
(ESDM)
Prof. Singh spoke about gap between Academic and Industry Research & also
about diference between Computer Science and Computer Engineering.
Mr. Sharma spoke on Database queries, SQL and Oracle. He covered topics
like Business Intelligence and its Analysis, Enterprise Data Warehouse, Data
Structure, Infrastructure & Data Growth Innovations, Industrial Aspects of
Application development & Deployments.
Guests on stage
ANIL NEERUKONDA INSTITUTE OF TECHNOLOGY AND SCIENCE (ANITS), VISHAKHAPATNAM (REGION-V)
V Tapovardhan, S Ratan Kumar and Principal
Dr. V S R K Prasad
28 March 2013: CSI Foundation Day Celebration
An essay writing and elocution competitions were conducted for all
CSI student members and prizes were given away to the winners on
this day. On this occasion a special talk was given by S. Ratan Kumar on
Cloud Computing.
[R to L] G V Gayathri, Dr. VSRK Prasad, V Tapovardhan, Dr. S C Satapathy
ANIL NEERUKONDA INSTITUTE OF TECHNOLOGY AND SCIENCE (ANITS), VISHAKHAPATNAM (REGION-V)
Dr. K Nageswara Rao 30 March 2013: A guest lecture on Fundamentals of Microprocessors
Dr. Nageswara Rao mainly focused on fundamentals of microprocessors,
how microprocessors came into existence, working of microprocessors and
how to write an assembly language program in 8085. Around 75 students
from 2/4 CSE attended the lecture.
Guest lecturer Dr. K Nageswara Rao
LENDI INSTITUTE OF ENGINEERING & TECHNOLOGY, VISAKHAPATNAM (REGION-V)
Dr. S Lakshminarayana 9 February 2013: Expert lecture on Text Mining: Past, Present & Future
and Research Opportunities
The speaker stressed importance of research oriented approach to
engineering. He discussed text mining in the context of present day with
live examples. Students interacted with the speaker asking questions about
patents, diferent skills required for an engineer etc.
Dr. S Laxminarayana garu, Dr. VV Rama Reddy, Prof. A Rama Rao,
Mr. B Suraj Aravind
R.V.COLLEGE OF ENGINEERING, BANGALORE (REGION-V)
Mr. G L Ganga Prasad 21-23 March 2013: Faculty Development Workshop on High Performance
Computing, Cloud Computing and Virtualization - HP3CV13
The workshop was on the latest technology and related research in the
domain. The workshop model was theoretical discussion rst and hands-
on practice / demonstration later. The expert speakers from CDAC handled
sessions on HPC and those from VMware handled sessions on Cloud
Computing & Virtualization.
Dignitaries during Inauguraton of workshop
Dr. S M Shah, Mr. C G Sahasrabudhe, Prof. R P Soni,
Mr. Vallabhbhai Patel and Prof. Bipin Mehta,
Dr. R Venkateswaran and Dr. Harshal Arolkar,
Prof. Bhushan Trivedi
3 April 2013: National Quiz Competition on Computer Science CSI - Alan
Turing Quiz
Initial 2 rounds were held online. 160 student branches (over 300 teams)
registered for the event. Prof. Trivedi, Quiz Master & Director, conducted the
quiz in computer science, general knowledge (related to IT) and fact nding
questions. 2 teams from AP, 2 from Maharashtra, 1 from Gujarat and 1 from
Rajasthan participated in the nal round.
[L to R] Dr. Harshal Arolkar, Dr. SM Shah, BV Mehta, RP Soni, VM Patel,
Dr. R Venkateswaran, CG Sahasrabudhe, Dr. Bhushan Trivedi,
Dr. Nilesh Modi at Inaugural Functon
Mr. S Ramanathan and Mr. Vishwas Bondade 6 April 2013: 1st CSI National Programming Contest 2013
In 1
st
online round, students were asked to code either in C//C++/Java
to clear various levels of dif culty. 12 top candidates were selected for
Skype interview with jury from Persistent Systems and Soft Corner who
judged their grounding in logic and coding. 6 nalists were chosen for
National nals. First 3 prizes went to Nimesh Jivani, Vishesh Kandhari and
Shantanu Mahakale.
The winners & nalists with dignitaries
VASAVI COLLEGE OF ENGINEERING (VCE), HYDERABAD (REGION-V)
Mr. S G T C S N Satyanarayana, Senior faculty, Jetking
Infotrain Ltd, Secunderabad
27 February 2013: Workshop on System Hardware & Assembly
Mr. Satyanarayana discussed about various parts of computer, motherboard
and their functions and also he showed a live demonstration of assembling
and dissembling of all the components of system.
Students atending the workshop practcal
G. H. RAISONI INSTITUTE OF INFORMATION TECHNOLOGY, NAGPUR (GHRIIT) (REGION-VI)
Nitin Pande, Sachin Palewar, Dr. VN Chavan, O Kemkar,
Dr. MP Dhore, Dr. R Ingolikar, Khandelwal, RN Jugele, SR
Pande, NM Shelke and Dr. Sajid Khan acted as judges
4 April 2013: State level paper presentation competition Techcellence 13
Mr. Palewar illustrated with video on creators in IT like Bill Gates, Jack &
Drew. Theme was Everybody in this country should learn how to program a
computer because it teaches you how to think. 35 papers were presented on
emerging trends in technology. Ms. Pallavi Marbati & Ms. Monika Gurpude
(Visual Cryptography) got First Prize.
Prize distributon
MARATHWADA INSTITUTE OF TECHNOLOGY (MIT), AURANGABAD (REGION-VI)
Mr. Satya Prakash, Mr. B N Pravin, Mr. Abhay Kurwalkar 25 March 2013: One Day workshop on Electronics System design
Manufacturing
Mr. Pravin spoke on Emerging Technologies and Scope of Electronics, IT
and allied technical domains. Mr. Kurwalkar briefed on Design process and
Manufacturing Sector which helped students to understand scope and
potential of the industry. Mr. Satya Prakash covered topic of Entrepreneurship
Potential & career opportunities.
Guests on stage
P.E.S. MODERN COLLEGE OF ENGINEERING, AURANGABAD, MAHARASHTRA (REGION-VI)
Mr. Bhise Pravin 12-16 March 2013: Five days Workshop on Web Development using PHP
Subject was introduced with demo of FaceBook, Gmail, Google, Yahoo
etc. Concepts of PHP, HTML, JavaScript, JQuery were covered along with
Server Side data processing, Database connectivity & its interaction with le
handling, session handling techniques for URL rewriting, Cookies with AJAX
etc. Hands on session was on all E-commerce related applications using
PHP, Java, ASP.Net. Concepts of Web farming, Cloud computing, hosting
sites on server were also covered.
Speaker Mr. Bhise Pravin giving lecture
YADAVRAO TASGAONKAR COLLEGE OF ENGINEERING AND MANAGEMENT (YTCEM), MUMBAI (REGION-VII)
Prof. Sachin Deshpande, Dr. S K Ukarande, Principal and
Prof. Sumit Bhattacharjee, Dr. Subhash Shinde
22-24 January 2013: Workshop on Structured Programming Approach
(SPA)
Dr. Shinde taught basics of Structured Programming Approach and focused
on use of Algorithms and Flowcharts. Prof Deshpande spoke on various
aspects of SPA and suggested interactive learning method for benet of
students. This workshop was to guide teachers how to efectively teach SPA
using various teaching methods.
Prof. Sachin Deshpande along with faculty members
YADAVRAO TASGAONKAR COLLEGE OF ENGINEERING AND MANAGEMENT (YTCEM), MUMBAI (REGION-VII)
Mr. Arvind Shingi, Project Leader at TCS 16 February 2013: One-day Workshop on Cascading Style Sheets (CSS)
Students were taught about HTML 5 from basics and practicals were
conducted. Mr. Shingi taught students how to do HTML coding. Students
also learned about the increasing use of Cascading Style Sheets in
web pages.
Mr. Arvind Shingi , Project Leader at TCS (Tata Consultancy Services),
interactng with the second year students
Mr. Bhupinder Kumar 15-16 February 2013: Workshop on Software Testing and Quality
Assurance ( STQA)
The topics covered in the workshop were importance of STQA and how
it is developing as an industry. Practicals were conducted with the help of
case studies.
Student organizers along with Bhupinder Kumar at centre of banner
AVS ENGINEERING COLLEGE, SALEM, TAMILNADU (REGION-VII)
Dr. S Selvarajan, Director of Muthayammal Technical
Campus, Rasipuram and Mr. G Narendra
14 March 2013: National Conference on Recent Trends in Information
Technology and Computer Science and Engineering
Papers were presented by students of various colleges on topics like Adhoc
and Sensor networks, Cloud computing, Digital image processing, Distributed
databases, Grid computing, Image Processing, Machine Learning, Mobile
Computing Neural Networks, Parallel Computing, Pervasive Computing,
Soft Computing and Web Intelligence.
Speakers on stage
ER. PERUMAL MANIMEKALI COLLEGE OF ENGINEERING, HOSUR, TAMILNADU (REGION-VII)
Mr. Jeyaprabu Thirunnavukarasu, Dr. S Chitra and
Mrs. P Mallar
1 March 2013: National Conference on Computing, Communication,
Manufacturing (NCCCM-2013)
Chief Guest Mr. Thirunnavukarasu gave inspiring speech and appreciated
participants. Dr. Chitra wished the participants success. Conference
attracted high-powered key notes and served stimulating discussion in an
open environment which encouraged students and research scholars to
learn, think and exchange views and network.
Seminar pictures
KNOWLEDGE INSTITUTE OF TECHNOLOGY (KIOT), SALEM, TAMILNADU (REGION-VII)
Mr. Karthik Ragubathy 15-16 March 2013: Workshop and Competition Mobipreneur
Mr. Ragubathy spoke about Android Architecture, Development
Environment, User Interface and Resources. Students came up with
new application ideas and learnt how to develop those ideas. At the end
competition was conducted and top three teams were selected for next level.
(L to R) Dr. V Kumar, Mr. Amit Grover, Mr. M Senthil Kumar and
Dr. PSS Srinivasan.
M.A.M. COLLEGE OF ENGINEERING AND TECHNOLOGY, TIRUCHIRAPPALLI (REGION-VII)
Prof. S Ravi Maran 20 February 2013: Guest Lecture on Database and Distributed Database
Prof Maran introduced data, database, database management systems and
use of database. He briefed about SQL, how it is used and how locks are used
in transaction management. Topics covered were: Database normalization,
Data storage representation, Distributed database system, Mobile database
system, Cloud computing, Properties of database system and Practical use
of database with bank database transaction.
Prof. S Ravi Maran during session
Prof. Gnanajeevan and Prof.H.Parveen Begam 15 March 2013: Organized SNIPES13- Intra Department Symposium
Nearly 50 students from various departments and 100 students from
CSE department took part in the symposium. Many technical events like
Paper Presentation, Debugging, Multimedia, Quiz and Best manager were
organized during the symposium.
From L Prof. Gnanajeevan, Prof.H.Parveen Begam, during the PPT Session
of SNIPES13.
NATIONAL ENGINEERING COLLEGE, KOVILPATTI (REGION-VII)
Mr. E Selvam Iyyamperumal 18 February 2013: Motivational Talk on Career Development
More than 100 students from Third year IT and CSE attended the talk. The
resource person discussed about recent developments in IT eld. He insisted
that students should be aware of all the emerging technologies which help in
developing their career.
Motvatonal Talk on Career Development by resource person
Mr. E Selvam Iyyamperumal.
Dr. K Muneeswaran, Mr. S Vijay 10 April 2013: National Conference on Computing And Applications
NACCA 13
Dr Muneeswaran inaugurated conference and advised students to acquire
knowledge of diferent technologies apart from regular curriculum. He talked
about placement opportunities in IT. Technical Sessions were organized
in which the advanced topics like Image Processing, Data Mining, Grid
Computing and Cloud Computing.
Release of Conference Proceedings by Dr. K Muneeswaran L-R: Ms. M Stella Inba
Mary, Dr. P Subburaj, Chief Guest Dr. K Muneeswaran, Dr. D Manimegalai
OXFORD ENGINEERING COLLEGE, TRICHY, TAMILNADU (REGION-VII)
Dr. P Ramesh Babu 11 April 2013: Guest Lecture on Digital Signal Processing
Topics covered during session were: IR Filter Design Concepts, Overview of
FIR Filter Design, Finite Word Length Efects, Quantization noise, Overow
error, Truncation error and Signal scaling.
Prof. P Ramesh Babu during lecture
Please send your event news to csic@csi-india.org . Low resolution photos and news without gist will not be published. Please send only 1 photo per
event, not more. Kindly note that news received on or before 20th of a month will only be considered for publishing in the CSIC of the following month.
Following new Student Branches Were Opened as Detailed Below
REGION V
CMR Institute of Technology, Bangalore (CMRIT)
CSI Student Branch was formally inaugurated on Friday, 10th May 2013 at the hands of Mr. B.S. Bindhumadhav, Associate Director,
Real Time Systems and Smart Grid at C-DAC, who gave a talk on Multi-Disciplinary Research by Mr. B. S. Bindhumadhav after
inauguration. The session started with a video on next generation technology followed by the rapid questions on what is Cloud
Computing? What is Grid Computing? Topic of interest on the day was Internet of things. Introduction and importance of
Internet of Things were also discussed.
REGION VII
M.N.M. Jain Engineering, Chennai
The student chapter had its Inaugural function on 9th March 2013 at 10.00am. Dr. A. Srinivasan, Head of Department and
Nominee Member of CSI welcomed the gathering. Guest speaker Dr. G. Zayaraz Associate Professor, Pondicherry College of
Engineering gave a lecture on Recent Trends in Software Engineering.
Kind Attention: Prospective Contributors of CSI Communications -
Please note that cover themes of future issues of CSI Communications are as follows -
August 2013 - Software Project Management
September 2013 - High Performance Computing
Articles and contributions may be submitted in the categories such as: Cover Story, Research Front, Technical Trends and Article.
Please send your contributions before 20th of a month for consideration in the subsequent months issue.
[Issued on behalf of Editors of CSI Communications]
CSI Membership = 360 Knowledge
Your membership in CSI provides instant
access to key career / business building
resources - Knowledge, Networking,
Opportunities.
CSI provides you with 360
coverage for your Technology goals
Learn more at www.csi-india.org
WE INVITE YOU TO JOIN
Computer Society of India
India's largest technical
professional association
Join us
and
become a member
I am interested in the work of CSI . Please send me information on how to become an individual/institutional*
member
Name ______________________________________ Position held_______________________
Address______________________________________________________________________
______________________________________________________________________
City ____________Postal Code _____________
Telephone: _______________ Mobile:_______________ Fax:_______________ Email:_______________________
*[Delete whichever is not applicable]
Interested in joining CSI? Please send your details in the above format on the following email address. helpdesk@csi-india.org
Date Event Details & Organizers Contact Information
July 2013 Events
26-27 July 2013 Scrum Gathering India Regional 2013
Scrum Alliance and supported by CSI Division V and Region VI
http://scrumgatheringindia.in/
Dr. Anirban Basu, abasu@pqrsoftware.com
Mr. C G Sahasrabudhe
shekhar_sahasrabudhe@persistent.co.in
August 2013 Events
13-14 Aug 2013 National Conference on Software Engineering - 2013 (NCSOFT 13)
CUSAT Kochi
http://ncsoft.cusat.ac.in
Prof. K Poulose Jacob
ncsoft@cusat.ac.in
September 2013 events
1415 Sep. 2013 National Seminar on ICT in Health Care for Inclusive Development
at Patna
Prof. A K Nayak, aknayak@iibm.in
Prof. T V Gopal, gopal@annauniv.edu
19-20 Sep. 2013 Second International Conference on Advances in Cloud Computing ACC 2013
CSI Bangalore Chapter and CSI Divisions (I, III, IV, and V)
http://icacci-conference.org/site/cloudid2013
Dr. Anirban Basu
abasu@pqrsoftware.com
20-21 Sep. 2013 International Conference on Innovations in Computer Science and Engineering (ICICSE)
Organised by Guru Nanak Engg. College, Ibrahimpatnam, Hyderabad. Supported by CSI DIV
IV, CSI-Hyderabad
Dr. DD Sarma, dirmca.gnipg@gniindia.org
Prof. Rishi Syal
hodcse.gnec@gniindia.org
23-26 Sep. 2013 Third IFIP International Conference on Bioinformatics
IFIP TC-5 and Computer Society of India
Dr. K R Pardasani
kamalrajp@redifmail.com
24-27 Sep. 2013 11th Asia Pacic Conference on Computer Human Interaction (APCHI 2013)
IFIP TC-13and supported by CSI
Anirudha Joshi
chair@aphci2013.org
October 2013 events
5
th
October 2013 National Conference on Next generation computing Technologies and Applications
at Institute of Technology and Science, Mohan Nagar, Ghaziabad, UP
Prof. Sunil Kumar Pandey
sunilpandey@its.edu.in
Prof. A K Nayak, aknayak@iibm.in
November 2013 events
15-17 Nov. 2013 7th International Conference on Software Engineering - CONSEG 2013
CSI Division II, Pune
http://www.conseg.in
Mr. Shekhar Sahasrabudhe
shekhar_sahasraudhe@persistent.co.in
Dr. T V Gopal, gopal@annauniv.edu
29- 30 Nov. 2013 National Conference on Cyber Space Security (NCCSS)
2013 Research Challenges & Trends
at Bangalore
Mr. Bindhumadhava B S
bindhu@cdac.in
December 2013 events
13-15 Dec. 2013 CSI 2013 - 48th Annual Convention
at Visakapatnam
http://www.csi-2013.org
Paramata Satyanarayana
s_paramata@vizagsteel.com
convener@csivizag2013.org
19-21 Dec. 2013 19th International Conference on Management of Data (COMAD-2013)
CSI Ahmedabad Chapter
Bipin V Mehta
bvmehta@aesics.ac.in
Arnab Bhattacharya
arnabb@iitk.ac.in
Dr. Harshal A Arolkar
harsharolkar@yahoo.com
CSI Calendar
2013
H R Mohan
Vice President, CSI & Chairman, Conf. Committee
Email: hrmohan.csi@gmail.com
Registered with Registrar of News Papers for India - RNI 31668/78 If undelivered return to :
Regd. No. MH/MR/N/222/MBI/12-14 Samruddhi Venture Park, Unit No.3,
Posting Date: 10 & 11 every month. Posted at Patrika Channel Mumbai-I 4th oor, MIDC, Andheri (E). Mumbai-400 093
Date of Publication:10 & 11every month
Second International Conference on
Advances in Cloud Computing (ACC 2013)
September 19-20, 2013, NIMHANS Convention Centre,
Bangalore, India
Organized by
Computer Society of ndia, Bangalore Chapter
In Association with
CS Divisions (Hardware, Applications, Communications & Education & Research)
Department of T, BT and S & T,
Government of Karnataka
CALL FOR PARTICIPATION
Consideiing ile impoiiance of Cloud Compuiing in ile days io come, Compuiei
Socieiy of India, ile laigesi and oldesi body of IT piofessionals in ile couniiy
launcled ile confeience seiies on Advanccs in C!oud Computing (ACC) in ioIi
io piovide an inieinaiional foium foi ieseaicleis, piofessionals, and indusiiial
piaciiiioneis io slaie ileii lnowledge in ile iapidly giowing aiea of Cloud
Compuiing. Thc sccond cdition wi!! bc hc!d in Banga!ovc in Scptcmbcv ioI.
Tle confeience will lave Inviied Spealeis and Coniiibuied Papeis on diffeieni
aspecis of Cloud Compuiing, Big Daia, Inieinei of Tlings, Analyiics eic.
Vcnuc: NIMHANS Convcntion Ccntvc, Banga!ovc
For further details please contact:
Computer Society of India, Bangalore Chapter,
MB Centre, Unit 201
134 InIantry Road,
Bangalore 560001
Phone: 91 80 2286 0461
Cell: 91 94489 05268
e-mail: acc2013csibc.org csibcyahoo.com
CSI Advisory Committee
General Chair
Organizing Chair
Organizing Co-Chairs
Finance Chair
Academic Liaison Chair
Industry Track Chair
Publications Chair
Registration Chairs
Research Track Chair
Research Track Co-Chair
Organizing Committee Members
S V Raghavan, President
H R Mohan, Jice President
M N Hoda, Division Chair (Hardware)
A K Nayak, Division Chair (Applications)
S Mohapatra, Division Chair (Communications)
Raju K, Regional Jice President, Region J

Anirban Basu, CSI Division J Chair
(Education & Research)
Bindhu Madhava, Chairman CSI-BC
Chander P Mannar, Jice-Chairman, CSI-BC
Vishwas Bondade, Past Chairman, CSI-BC
Apparao Chettipalli
Prakash S
Sundar Varadaraj, Tyco
Mini Ulamat
Shantharam Nayak
Bhanumathi K S
Channappa Akki, Wipro
Swarnalatha R Rao, Past member CSI EXECOM
Ashok Kalolgi
Arindam Sen
Ravindra T S
Ravindra Dastikop
Satish B G
Savitha Gowda
Subhasis Bandyopadhyay
Subhajit Majumdar
Suresh Thiagarajan
T N Sitaramu
Vinay Krishna
PARTICIPATION FEES
Aiindam Sen (HCL)
Blaiai Goenla (Tally)
Bob Biewin (Tyco)
}emal H. Abawajy
(Dealin Univeisiiy, Ausiialia)
}oili Padmanablan (Yaloo)
Kumai Padmanabl (Robeii Boscl)
Piasad Deslpande (IBM)
Raglunail Nambiai (CISCO)
Saiai Clandia Babu (CDAC)
Slillaiesl Majumdai
(Caileion Univeisiiy, Canada)
Siinivas Rao (Hiiacli Daia Sysiems)
Umesl Bellui (IIT, Mumbai)
PIatinum Sponsors SiIver Sponsors GoId Sponsor
INVITED SPEAKERS
1ill August 15, 213
From August 1, 213
CSI /IEEE Members Corporate Rs.2000/-
CSI/ IEEE Members Academics Rs. 800/-
(Faculty and students)
Non Members Corporate Rs.2500/-
Academics Rs.1200/-
(Faculty and student)

CSI/IEEE Members Corporate Rs.2500/-
CSI/IEEE Members Academics Rs.1000/-
(Faculty and student)
Non Members Corporate Rs.3000/-
Academics (Faculty and student) Rs.1500/-
Event Partner TechnicaI Sponsor
Marketing Partner

CSIC July 2013

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CSIC July 2013

Uploaded by

Copyright:

Available Formats

CSI Communications | July 2013 | 1

You might also like