Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 0 Lezione 5a - 17 Novembre 2009 Il materiale didattico usato in questo corso è stato mutuato.

Similar presentations


Presentation on theme: "Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 0 Lezione 5a - 17 Novembre 2009 Il materiale didattico usato in questo corso è stato mutuato."— Presentation transcript:

1 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 0 Lezione 5a - 17 Novembre 2009 Il materiale didattico usato in questo corso è stato mutuato da quello utilizzato da Paolo Veronesi per il corso di Griglie Computazionali per la Laurea Specialistica in Informatica tenuto nellanno accademico 2008/09 presso lUniversità degli Studi di Ferrara. Paolo Veronesi Università degli Studi di Bari – Corso di Laurea Specialistica in Informatica Tecnologia dei Servizi Grid e cloud computing A.A. 2009/2010 Giorgio Pietro Maggi

2 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 1 Overview Globus Toolkit V4.0 Introduction to Security Fundamental Concepts Authentication Basic Cryptography Digital Signature Public Key Infrastructures (PKIs) Proxies and Temporary Credentials

3 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 2 Security Cross-organizational users Trust nobody Authorized access only Security Cross-organizational users Trust nobody Authorized access only Information Services Registry Notification Logging/auditing Information Services Registry Notification Logging/auditing Execution Management Job description & submission Scheduling Resource provisioning Execution Management Job description & submission Scheduling Resource provisioning Data Services Common access facilities Efficient & reliable transport Replication services Data Services Common access facilities Efficient & reliable transport Replication services Self-Management Self-configuration Self-optimization Self-healing Self-Management Self-configuration Self-optimization Self-healing Resource Management Discovery Monitoring Control Resource Management Discovery Monitoring Control OGSA OGSA profiles Web services foundation

4 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 3 SOA Reference Model WSA GLOBUS Arch OASIS SOA RM GLOBUS gLite Arch extensions gLite From SOA to Grid middleware OGSA … …

5 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 4 Globus is Service-Oriented Infrastructure Technology Software for service-oriented infrastructure Service enable new & existing resources E.g., GRAM on computer, GridFTP on storage system, custom application service Uniform abstractions & mechanisms Tools to build applications that exploit service-oriented infrastructure Registries, security, data management, … Open source & open standards Each empowers the other eg – monitoring across different protocols is hard Enabler of a rich tool & service ecosystem

6 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 5 Globus Toolkit V4.0 Major release on April 29 th 2005 Precious fifteen months spent on design, development, and testing 1.8M lines of code Major contributions from five institutions Hundreds of millions of service calls executed over weeks of continuous operation Significant improvements over GT3 code base in all dimensions

7 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 6 Goals for GT4 Usability, reliability, scalability, … Web service components have quality equal or superior to pre-WS components Documentation at acceptable quality level Consistency with latest standards (WS-*, WSRF, WS-N, etc.) and Apache platform WS-I Basic (Security) Profile compliant New components, platforms, languages And links to larger Globus ecosystem

8 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 7 Griglie Computazionali - Lezione 0057

9 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 8 Glossary Principal An entity: a user, a program, or a machine Credentials Some data providing a proof of identity Authentication Verify the identity of the principal Authorization Map an entity to some set of privileges Confidentiality Encrypt the message so that only the recipient can understand it Integrity Ensure that the message has not been altered in the transmission Non-repudiation Impossibility of denying the authenticity of a digital signature

10 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 9 Introduction to Security

11 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 10 Security is a process A risk is a vulnerability and a threat Organizations implement controls over their activities to obtain acceptable residual risk

12 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 11 Risk-based view of the world Organizations: Sites, VOs and Grids Each has a security process lifecycle Satisfaction jointly and severally Each organization is captain of its own ship However, constrained to interoperate Standards aid interoperation

13 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 12 Secure from Whom and Against What Secure from whom? From systems administrator? From rogue employee? Mr. H. Acker…? Secure against what? Denial of Service? Identity theft? Legally sensitive data acquisition? Or even MPs leaving laptops on the Tube…

14 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 13 Secure for how long? I recommend overwriting a deleted file seven times: the first time with all ones, the second time with all zeros, and five times with a cryptographically secure pseudo-random sequence. Recent developments at the National Institute of Standards and Technology with electron-tunnelling microscopes suggest even that might not be enough. Honestly, if your data is sufficiently valuable, assume that it is impossible to erase data completely off magnetic media. Burn or shared media; it's cheaper to buy media new than to lose your secrets…." -Applied Cryptography 1996, page 229

15 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 14 Secure Technology vs. Secure System Secure technology secure system System using bit encryption technology, packet filtering firewalls, PMIs, PKIs… …. on running laptop in unlocked room … on PC with password on post-it on screen/desk We have heard worse than this, naming no names!

16 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 15 A Quote …if you think that technology can solve your security problems then you dont know enough about the technology, and worse you dont know what your problems are… Bruce Schneier, Secrets and Lies in a Digital Networked World

17 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 16 Definition: Computer Security The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications) An Introduction to Computer Security The NIST Handbook

18 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 17 Fundamentals Key terms that are typically associated with security Authentication Authorisation Audit/accounting Integrity Fabric Management Confidentiality Privacy Trust All are important for Grids but some applications may have more emphasis on certain concepts than others

19 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 18 Fundamentals - Authentication the establishment and safe propagation of a users identity in the system e.g. site X can check that user Y is attempting to gain access to resources does not check what user is allowed to do, only that we know (and can check!) who they are Masquerading always a danger (and realistic possibility) Need for user guidance on security Password selection Treatment of certificates Hardware tokens … Is anonymity required? Authentication on the Grid is achieved with Public Key Infrastructures (PKIs)

20 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 19 Fundamentals - Authorisation concerned with controlling access to services based on policy Can this user invoke this service making use of this data? Complementary to authentication Know it is this user, now can we restrict/enforce what they can/cannot do Many different contenders for authorisation infrastructures e.g: some software components related to authorization aspects developed as open source projects: PERMIS VOMS CAS AKENTI Authorisation on the Grid must be scalable

21 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 20 Fundamentals - Auditing Auditing/Accounting the analysis of records of account (e.g. security event logs) to investigate security events, procedures or the records themselves Includes logging, intrusion detection and auditing of security in managed computer facilities well established in theory and practice Grid computing adds the complication that some of the information required by a local audit system may be distributed elsewhere, or may be obscured by layers of indirection e.g. Grid service making use of federated data resource where data kept and managed remotely Need tools to support diagnostics Do we need to log all information? (Can We? More pertinent probably) How long do we keep it for? … Auditing tools are in development for some authorisation infrastructures

22 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 21 Fundamentals - Integrity Integrity Ensuring that data is not modified since it was created, typically of relevance when data is sent over public network Technical solutions exist to maintain the integrity of data in transit checksums, PKI support, … Grid also raises more general questions e.g. provenance maintaining the integrity of chains or groups of related data Integrity can be checked through the use of digital signatures

23 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 22 Fundamentals - Fabric Management Fabric Management consists of the distributed computing, network resources and associated connections that support Grid applications impacts Grid security in these ways: an insecure fabric may undermine the security of the Grid Are all sites fully patched (middleware/OS)? Can we limit damage of virus infected machine across Grid? Identify it, quarantine it, anti-virus update/patch, re-instate into VO, … fabric security measures may impede grid operations e.g. firewalls may be configured to block essential Grid traffic

24 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 23 Fundamentals - Confidentiality is concerned with ensuring that information is not made available to unauthorised individuals, services or processes It is usually supported by access control within systems, and encryption between systems Confidentiality is generally well understood, but the Grid introduces the new problem of transferring or signalling the intended protection policy when data staged between systems Authentication and Authorisation infrastructures usually implement confidentiality, so we are already there!

25 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 24 Fundamentals - Privacy particularly significant for projects processing personal information, or subject to ethical restrictions e.g. projects dealing with medical, health data Privacy requirements relate to the use of data, in the context of consent established by the data owner Privacy is therefore distinct from confidentiality, although it may be supported by confidentiality mechanisms. Grid technology needs a transferable understanding of suitable policies addressing privacy requirements/constraints Should allow to express how such policies can be defined, applied, implemented, enforced, …

26 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 25 Trust characteristic allowing one entity to assume that a second entity will behave exactly as the first entity expects Important distinction between trust management systems which implement authorisation, and the wider requirements of trust e.g. health applications require the agreement between users and resources providers of restrictions that cannot be implemented by access control e.g. restrictions on the export of software, or a guarantee that personal data is deleted after use therefore a need to understand and represent policy agreements between groups of users and resource providers such policies may exist inside or outside the system, and are typically not supported by technical mechanisms

27 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 26 Authentication Intro Basic Cryptography Digital Signature PKI Proxy

28 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 27 Who Am I?? I am The President of the United States The Secretary General of the United Nations David Beckham Keith Richards The girl who served your cup of coffee this morning.. All of these people may need to use a computer How can we confirm their identities?

29 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 28 Who am I?? I am John Watt (allegedly) To prove it I have A Driving Licence I got by passing my test and producing my passport A Passport I went to the passport office with my Birth certificate A Birth Certificate I cant remember getting this!

30 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 29 Who am I?? Is there a logical chain working here? Note that, generally, the credentials given on the previous page tend to depend on the one below it. But the DVLA (UK Driving Licence Authority) state on their website: Note - Birth certificates are not absolute proof of identity and so we may ask you to provide other evidence to allow us to check your identity. What other evidence? A passport? But that depends on you producing a birth certificate! A bank account? You need a passport for that! NO!

31 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 30 Who am I?? But they do have one thing in common They are non-local credentials They attempt to define a unique (nationally at least) reference that will establish your identity Do we need something similar for the Grid?? First of all, we need to establish how identity can be proved and securely moved around a network. The Grid community are (in principle) in agreement about how this should be done But first we need to look at the basics of this system, and it has to do with an age old problem…

32 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 31 Cryptography Mathematical algorithm that provides important building blocks for the implementation of a security infrastructure Symbology Plaintext: M Cyphertext: C Encryption with key K1 : E K1(M) = C Decryption with key K2 : D K2(C) = M Algorithms Symmetric: K1 = K2 Asymmetric: K1 K2 K2K2 K1K1 Encryption Decryption MCM

33 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 32 Basic Cryptography When I were a lad… My friend would post an important message through my letterbox… But we had code wheels Rotate the inner wheel by the number of jumps indicated at the beginning of the message And translate… 3 Y O U S M E L L 3 V L R P J B I I

34 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 33 Basic Cryptography What if someone else got hold of the wheel? Our plans for world domination are in ruins Because what makes the wheel work is the extra information included with the original encrypted message: Without this number the message will stay encrypted This number is the encryption key And is transmitted UNENCRYPTED We could agree this face-to-face, but why not just give the message then?? What if I was grounded? (happened a lot) Lets look at this at a slightly more mature level… 3 V L R P J B I I

35 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 34 Symmetric Algoritms The same key is used for encryption and decryption Advantages: Fast Disadvantages: how to distribute the keys? the number of keys is O(n2) Examples: DES 3DES Rijndael (AES) Blowfish Kerberos PaulJohn ciao3$rciao PaulJohn ciao3$rciao3$r

36 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 35 Basic Cryptography We need some way of transmitting the key so it cant be stolen. Can we encrypt the key? No, but we can do something analogous… 1) Split the key into two parts, one for encryption and one for decryption 2) Make the encryption key PUBLIC for anyone to use, but keep your decryption key PRIVATE Note that in some implementations the private key may also be used to encrypt and the public key to decrypt (see Digital Signatures)

37 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 36 Public Key Algorithms Every user has two keys: one private and one public: it is impossible to derive the private key from the public one; a message encrypted by one key can be decrypted only by the other one. No exchange of secrets is necessary the sender cyphers using the public key of the receiver; the receiver decripts using his private key; the number of keys is O(n). Examples: Diffie-Helmann (1977) RSA (1978) John keys public Paul keys PaulJohn ciao3$rciao PaulJohn ciaocy7ciao 3$r cy7 public

38 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 37 Solved the key transmission problem We have solved the key transmission problem by only transmitting an encryption key Now anyone who wishes to send you a message uses your PUBLIC key to encrypt it, safe in the knowledge that the only person who can decrypt it is the holder of the PRIVATE key (i.e. you!) The public and private keys are broken apart according to a complex mathematical formula that means it would take months/years to crack messages without the private key. Tends to outlive credentials issued (e.g. credit cards)

39 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 38 Symmetric vs. Asymmetric Symmetric encryption only guarantees privacy The message is still encrypted, but there is no evidence of who encrypted it, nor any guarantee the data has not been tampered with. Asymmetric encryption can be used to authenticate By encrypting a message with someones public key, you can be sure ONLY they will be able to read it. And… Some level of integrity may be provided (digital signatures)

40 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 39 Authentication Intro Basic Cryptography Digital Signature PKI Proxy

41 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 40 One-Way Hash Functions Functions (H) that given as input a variable-length message (M) produce as output a string of fixed length (h) the length of h must be at least 256 bits given M, it must be easy to calculate H(M) = h given h, it must be difficult to calculate M = H-1(h) given M, it must be difficult to find M such that H(M) = H(M) Examples: SNEFRU: hash of 128 or 256 bits; MD4/MD5: hash of 128 bits; now MD6! SHA (Standard FIPS): hash of 160 bits.

42 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 41 Ex $cat prova1 testo di prova $ md5sum prova1 909adc30dcc15239ac640b52d33a12b2 prova1 $ cat prova2 testo di prove $ md5sum prova2 c89ee15b2f056edfbef2dcb62b2249aa prova2 $ ls -l /bin/ls -rwxr-xr-x 1 root root Dec /bin/ls $ md5sum /bin/ls 2636c546ce5ca69687f5dfc74cc3175e /bin/ls

43 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 42 Digital Signature Paul calculates the hash of the message Paul encrypts the hash using his private key: the encrypted hash is the digital signature. Paul sends the signed message to John. John calculates the hash of the message and verifies it with the one received by A and decyphered with As public key. If hashes equal: message wasnt modified; Paul cannot repudiate it. John This is some message Digital Signature Paul This is some message Digital Signature This is some message Digital Signature Hash(A) Paul keys publicprivate Hash(B) Hash(A) = ?

44 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 43 Digital Certificates Pauls digital signature is safe if: Pauls private key is not compromised John knows Pauls public key How can John be sure that Pauls public key is really Pauls public key and not someone elses? A third party guarantees the correspondence between public key and owners identity. Both A and B must trust this third party Two models: X.509: hierarchical organization; PGP: web of trust.

45 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 44 A B C D E F F knows D and E, who knows A and C, who knows A and B. F is reasonably sure that the key from A is really from A. PGP web of trust

46 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 45 Public Key Infrastructures (PKIs) PKIs provide a mechanism for privacy, integrity and authentication using public keys Implemented with DIGITAL CERTIFICATES Your UNIQUE virtualised identity Issued by a CERTIFICATE AUTHORITY Entity which administers certificates and issues them correctly X.509 (1988) is the standard for PKI certificates Binds a globally unique X500 distinguished name to a public key In reality, CAs tend to choose any name they want Legal disclaimer, liability transfer. A mess, but not critical Web browser compatible

47 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 46 An X.509 Certificate contains: –owners public key; –identity of the owner; –info on the CA; –time of validity; –Serial number; –digital signature of the CA Public key Subject:C=CH, O=CERN, OU=GRID, CN=Andrea Sciaba 8968 Issuer: C=CH, O=CERN, OU=GRID, CN=CERN CA Expiration date: Aug 26 08:08: GMT Serial number: 625 (0x271) CA Digital signature Structure of a X.509 certificate X.509 Certificates

48 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 47 Certificate Authorities A Certificate Authority (CA) is a third party that signs certificates and ensures that the subject name and public key actually belong to that person How? The old fashioned way… Example… The INFN Certificate Authority Initial contact – application (online) Credential verification (IN PERSON) Go to CA or Regional Authority (RA) Issue – download (online) INFN CA requires the application and issuing terminals to be the same ( this is where the PRIVATE key of your certificate is)

49 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 48 Certificate Authorities A CA may delegate Regional Operators to confirm peoples identities Saves me having to travel from Bologna to Firenze if I want a certificate CA records a piece of personal identification for their records Passport, Driving Licence, Staff/Student Matric Card CA extends an existing ID infrastructure

50 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 49 Certificate Authorities A CA also is in charge of revoking certificates CA publishes a Certificate Revocation List Download to your browser Shows all invalid certificates in the organisation A CA MUST be explicitly trusted by the system Trusted Root CAs list in Windows Certificate cannot be used until the CAs root certificate has been accepted as trusted Accepted very much like Software Licences i.e. nearly always!

51 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 50 Certificate Authenticity CAs confirm the certificates authenticity by digitally signing it CA computes a hash of the certificate using an agreed (non-secret) algorithm CA encrypts this hash with their private key and appends to bottom of certificate Recipient computes their own hash of the info Recipient decrypts the hash the CA sent (with the CAs public key) and compares with their own Proves the CA signed the info and the info hasnt been tampered with Encryption of the info is optional (for privacy)

52 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 51 A problem Are there any pitfalls to digital certificates? Can we alter their contents? No, the CA signed the certificate thus ensuring its integrity Can we spoof? You will need your own CA, and if the application doesnt trust it, your certificates wont work. So no. What can we do? STEAL IT! Someone who holds your digital certificate (and private key) may safely assume your identity on the Grid This problem isnt going away. How can we deal with this?

53 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 52 Certificate Revocation Lists list of serial numbers of the certificates which have been revoked are no longer valid and should not be relied upon by any system user CRLs are usually signed by the issuing CA and therefore carry a digital signature Type of revocations: Non reversible:a certificate is irreversibly revoked Reversible: the certificate is on hold; this reversible status can be used to notice the temporary invalidity of the certificate, for instance when the user is not sure if the private key has been lost.

54 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 53 PKI basics PKI provides, among other services, an authentication protocol relying on asymmetric encryption. One of the keys is kept private, the other is made public. Public keys are distributed using certificates which are digitally signed by trusted authorities An intro to PKI and few deploy hints Py75c%bn&*)9|f nmdFgegMs An intro to PKI and few deploy hints Clear-text Input Clear-text Output Cipher-text Different keys Encryption Decryption

55 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 54 Alicepub DS Cert PKI: Obtaining a Certificate Priv pub Certification Server User generates a key pair Certificate is sent to the user Public key is submitted to CA for certification Alicepub DS Cert User identity verified, Digital signature added, Certificate produced

56 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 55 Alicepub DS Cert PKI: Authentication with CertificatesPriv Bob verifies the digital signature on the certificate Certificate is sent for authentication He can trust that the public key really belongs to Alice, but is it Alice standing if front of him ? Alicepub DS Cert AliceBob Bob challenges Alice to encrypt for him a random phrase he generated I Like Flowers Alicepub DS Cert ? Encrypt using private key Decrypt using public key in certificate and compare

57 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 56 Authentication Intro Basic Cryptography Digital Signature PKI Proxy

58 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 57 X.509 Proxy Certificate Extension to X.509 Identity Certificates signed by the normal end entity cert (or by another proxy) Enables single sign-on Support Delegation Mutual authentication Has a limited lifetime minimized risk of compromised credentials

59 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 58 Creating a proxy Command: grid-proxy-init User enters pass phrase, which is used to decrypt private key Private key is used to sign a proxy certificate with its own, new public/private key pair. Users private key not exposed after proxy has been signed User certificate file Private Key (Encrypted) Pass Phrase User Proxy certificate file Proxy placed in /tmp the private key of the Proxy is not encrypted: stored in local file: must be readable only by the owner; proxy lifetime is short (typically 12 h) to minimize security risks. NOTE: No network traffic!

60 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 59 Delegation and limited proxy Proxy credential the combination of a proxy certificate and its corresponding private key Delegation = remote creation of a (second level) proxy credential New key pair generated remotely on server Client signs proxy cert and returns it Allows remote process to authenticate on behalf of the user Remote process impersonates the user The client can elect to delegate a limited proxy Each service decides whether it will allow authentication with a limited proxy Job manager service requires a full proxy GridFTP server allows either full or limited proxy to be used

61 Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 60 CONCLUSION Security is a combination of technical implementation and sociological behaviour There can be no overall security policy for the Grid – integrate existing site policies The establishment of identity on the Grid (authentication) is achieved through the use of PKI Certificates and Proxies


Download ppt "Tecnologia dei Servizi Grid e cloud computing - Lezione 005a 0 Lezione 5a - 17 Novembre 2009 Il materiale didattico usato in questo corso è stato mutuato."

Similar presentations


Ads by Google