By Rosa M. Badia

When being asked for a new post, I was discussing about the possible topic and a colleague suggested: “Maybe you can summarize or give your thoughts about something you have read during your holidays”. My answer was: “Well, if you want, I summarize the last book of the Millennium trilogy…”. Although initially I was kidding, taking a second thought on it, these series of books brings several aspects that may have interest to the gridvoices audience.

One of the topics that I would like to mention is a social one, the participation of women in IT. One of the main characters of the books is a girl, Lisbeth Salander, extremely intelligent, with photographic memory, very good investigator, and with special aptitudes for computer technology. Though, the first thought can be very positive, for once the character of a best-seller is a woman with interest and skills on technology! This can be one of the ways to attract girls to engineering studies, specially IT ones. However, nobody’s perfect: Lisbeth is a punk, wearing several piercings a large dragon tattoo in her skinny body. While I have nothing against the clothes that girls wear and against piercings or tattoos, the real negative aspects of Lisbeth are that she is a very asocial and violent girl. Although the books end up positioning Lisbeth as a heroine, it is clear that the image that is given from her is that she is a freak.

When I ask myself about the reasons why girls are not attracted by computer sciences studies or related topics, I have to admit that I do not understand why. For me not only computers, but any engineering or technology field is highly interesting. And it was like this till I was a child, therefore I can not understand the reasons for this global low interest of girls in these fields.

According to some studies¹, men and women view computers very differently. Studies show that women view computer as a tool and with much more societal context than men do; they are much more concerned with effect of technology on other disciplines, and how it can be used to improve society. On the other hand, men have much narrower focus of interest; they do not require a “larger goal” in connection to their interest.

We have also to fight with the extreme social stereotype that computer scientists are “geeks” and “nerds” without social interaction is particularly detrimental to females. Girls often dislike the idea that computers “become their life”.

The other topic that I would like to outline from these books is computer security, specially when considering distributed platforms. Lisbeth is not only good with computers, she is a hacker. She has developed a program called Asphyxia that replaces the browser in the victim computer by a new one that then is used to download a mirror version of the hard drive in a remote server. The download is periodically updated in the mirror, in such a way that Sally has access to updated information of her victim. According to the books, Asphyxia is not build all at a once, but its source code is transfer by small amounts in infected emails. Once all the code has been transferred, it is build and replaces the original explorer. Although more close to fiction than to science, I found the idea not very far from something that can be feasible.

The weak point I find in the program is the starting point: theoretically, there is an application that intercepts the user emails and randomly adds the lines of code the will afterwards build the Asphyxia program. Another weak point is how the email reader will strip the source code lines and strip in a whole file, and also how the build process will be started. But probably there would be minds that will think about these issues…

Given that there would be always people willing to find ways of perform similar activities, there has been intensive research activities in the area of security for grid computing in the last years. As in other areas, the existence of standards is of prominent importance. The Open Grid Forum (OGF) has a whole area that considers security.

The Security Area² is concerned with technical and operational security issues in Grid environments, including authentication, authorization, privacy, confidentiality, auditing, firewalls, trust establishment, policy establishment, and dynamics, scalability and management aspects of all of the above.

The area is composed of four groups: Certificate Authority Operations WG (caops-wg), Firewall Issues RG (fi-rg), Levels of Authentication Assurance Research Group (loa-rg) and OGSA Authorization WG (ogsa-authz-wg).

Recently, a new group has been proposed: The Firewall Virtualization for Grid Applications – Working Group will leverage the application requirements from the FI-RG to standardize a set of service definitions for a virtualized control interface into firewalls and other midboxes allowing the grid applications to securely and dynamically request application/workflow-specific services from those devices, for the duration of the service.

The security in Cloud computing is also under research, but there are no security standards or accepted best practices.

1 Barriers to the advancement of technical women, Anita Borg Institute, http://anitaborg.org/files/womens-tech-careers-lit-reviewfinal_2007.pdf

2 http://www.ogf.org/gf/group_info/areasgroups.php?area_id=7