NSF Campus Cyberinfrastructure PI and Cybersecurity Innovation for Cyberinfrastructure PI Workshop Case Studies on Cybersecurity Applications and Tools Supporting Scientific Research The panel will focus on the models on CICI projects and transition to practice as well as the plans for/or impact of the applications and tools developed through the CICI grants on scientific advancement.
NSF Campus Cyberinfrastructure PI and Cybersecurity Innovation for Cyberinfrastructure PI Workshop September 24 – 26, 2018 | University of Maryland, College Park, MD EAGER: Cybersecurity Transition to Practice (TTP) Acceleration Award 1650445 - PI: Ana Hunsinger, Internet2 Goals: Accelerate TTP of cybersecurity research into R&E environments • Foster interaction/collaboration between campus cybersecurity • researchers, CIOs, CISOs, and IT staff Facilitate exchange of ideas/lessons learned through nationwide • outreach and workshops Deliverables: NSF cybersecurity research inventory of over 800 awards • 5 regional workshops involving over 200 participants from 116 institutions • Engagement with many campus researchers/staff in over 50 visits • Exchange of findings in federated access management, network security, Smart • Grid, Cyber-physical systems, cloud security/storage, and data analytics/security • Lessons learned for supporting trustworthy campus CI – next slide
EAGER Workshop: Enabling Trustworthy Campus Cyberinfrastructure for Science – Monday September 24, 2018 Partnered with Trusted CI* How can research computing and information security programs work together to effectively support open and regulated research? 17 campus security and research computing leads and 2 regional networks • Challenges, successes, lessons • Next steps *Trusted CI, the NSF Cybersecurity Center of Excellence, also supported by the National Science Foundation under Grant ACI-1547272
NSF Campus Cyberinfrastructure PI and Cybersecurity Innovation for Cyberinfrastructure PI Workshop PANELISTS • Wei-Shinn Ku, Auburn University • NSF Project: III: Indoor Spatial Query Evaluation and Trajectory Tracking with Bayesian Filtering Techniques (Award #1618669) • NSF Project: Secure and Resilient Architecture: Data Integrity Assurance and Privacy Protection Solutions for Secure Interoperability of Cloud Resources (Award #1642133) • Yan Luo, University of Massachusetts-Lowell • NSF Project: SECTOR: Building a Secure and Compliant Cyberinfrastructure for Translational Research (Award #1738965) • NSF Project: STREAMS: Secure Transport and REsearch Architecture for Monitoring Stroke Recovery (Award #1547428) • Ping Yang, SUNY at Binghamton • NSF Project: Infrastructure Support for Securing Large-Scale Scientific Workflows (Award #1738929)
Wei-Shinn Ku Auburn University
Data Integrity Assurance and Privacy Protection Solutions for Secure Interoperability of Cloud Resources • An NSF Collaborative Cybersecurity Innovation for Cyberinfrastructure (CICI) project for three years (10/2016 – 9/2019) • Auburn University (lead institute) and the University of Alabama at Birmingham • Co-PIs from Geosciences, CS, and ECE • Major project goals: 1. Developing query integrity assurance techniques for cloud spatial databases 2. Designing cloud data privacy protection methods 6
Data Integrity Assurance and Privacy Protection Solutions for Secure Interoperability of Cloud Resources 3. Modeling the trade off between query integrity assurance and query evaluation costs 4. Realizing secure cloud data provenance mechanisms 5. Implementing a prototype system, where all the components are integrated for security and performance evaluation
Project Motivation Data Owner (DO) Mobile User Service Provider (SP) 8
CICI: SECTOR: Building a Secure and Compliant Cyberinfrastructure for Translational Research Yan Luo , University of Massachusetts Lowell In collaboration with Drs. Yu Cao (UMass Lowell), Peilong Li (Elizabethtown College), Silvia Corvera and Jomol Mathew (UMass Medical School)
Challenges in Computing on Medical Data • Medical Data and Applications • Diagnosis, monitoring, analysis using heterogeneous data • Compute-intensive, delay-sensitive, or real-time • Data Security and Privacy • HIPAA Compliance: data storage, transfer, processing • Challenges • Traditionally closed environment, not designed for data sharing • Problematic data management: plaintext storage, coarse-grained access control, weak key management policy • Gap between existing CI and emerging technologies
SECTOR Overview • Private SECTOR building blocks sit at UMass Medical Storage Cluster School the “edge” • Analy User Data flows analyzed, de- vDNS tics Portal SECTOR SDI identified or encrypted Blockchain Framework SDN Controller UMass Lowell SECTOR SDI SECTOR SDI • Blockchain prevent data Streaming Engine MGHPCC Datacenter Framework Framework tempering and enforce CPU GPU CPU Analy User Analy User Xeon vDNS vDNS tics Portal tics Portal data access control Phi GPU Storage Blockchain Blockchain Internet • Storage SDN for network flow SDN Controller SDN Controller Streaming Engine Streaming Engine level security control HIPPA All blocks are running Compliant on CORD software Cloud stack
Data Sharing Control • Data Layer – Access control – Key management – Privacy • Blockchain layer – Transaction – Smart contracts • SDN layer – Network access
CICI: Infrastructure Support for Securing Large-Scale Scientific Workflows 09/01/2017-08/31/2020 Goal: support a community of engineers and scientists to securely collect, analyze, and share data using scientific workflows. PI: Ping Yang Co-PI: Guanhua Yan Co-PI: Fengwei Co-PI: Shiyong Lu Computer Science Computer Science Computer Science Zhang Dept. Dept. Dept. Computer Science Dept.
Scientific Workflows Nature survey (2016) ▪ 70%+ of scientists surveyed had experienced failure to reproduce other scientists’ results ▪ 50%+ of scientists surveyed had experienced failure to reproduce their own results P 1 P 2 P 3 P 4 P 5 P 6 P 7 P 8 Scientific workflows T 1 : Identify T 2 : Select T 3 : Recombination ▪ Gene DNAs Analysis Automate and accelerate the scientific Protein Report discovery process Sequence T 4 : DNA T 5 : Gene Conversion ▪ Support reproducibility of scientific discovery Alignment Detection and problem diagnosis ▪ myexperiment.org: 3900+ workflows shared DNA T 6 : Prepare Sequence T 7 : GENECONV Input files by 10700+ users A Gene Conversion Analysis Workflow
Problem Statement and Approach ▪ Motivation: Modern scientific workflow systems lack strong infrastructure support for trustworthy execution of scientific workflows and for protecting the workflow data. ▪ Develop a trusted execution environment for scientific Cyber� Infrastructure Internet workflows to protect the execution of workflow tasks. … ... ▪ Site 1 Site n Develop SciBlock, a tamper- Site 2 ... ... ... proof and non-repudiable Proc Proc Proc Proc Proc Proc ... provenance storage that ... ... SGX-based TEE SGX-based TEE enables scientists to verify the SGX-based TEE trustworthiness of scientific logs logs logs data. ▪ Anomaly detection Develop a machine-learning based anomaly detection …… SciBlock SciBlock Synchronizing authorized modification technique to detect anomalous execution flows.
Project progress ▪ The project started on Sept. 1, 2017. ▪ 5 PhD, 5 MS, and 1 undergraduate student are involved, including 2 female students. ▪ Our prototype is built on top of DATAVIEW, a workflow management tool developed by Co-PI Lu’s group (over 600 registered users) ▪ A trusted execution environment for scientific workflows ▪ Published paper “A Comparison Study of Intel SGX and AMD Memory Encryption Technology”. ▪ Challenges: running java programs inside SGX enclave, performance ▪ SciBlock: a tamper-proof and non-repudiable provenance storage ▪ Developed based on Ethereum blockchain platform ▪ Challenges: efficiency, scalability ▪ PI Yang and Co-PI Yan added a course module on blockchain in their “CS458/558 Introduction to Computer Security” course. ▪ Machine-learning based anomaly detection technique ▪ Collecting logs generated by DATAVIEW and workflows.
NSF Campus Cyberinfrastructure PI and Cybersecurity Innovation for Cyberinfrastructure PI Workshop Case Studies on Cybersecurity Applications and Tools Supporting Scientific Research • What challenges have you faced in implementing your project and promoting it to campus researchers for their work? • As you think about that ecosystem(s) of interconnected infrastructure (networks, IAM, services) via national organizations, state and regional networks represented here, and your campus, can you talk a bit more about what challenges you may have identified related to your project and work? Did you even know about these organizations and their resources? • What has been your experience, if at all, with transition to practice for your award? • What activities have been particularly valuable or impactful to the progress of your CICI award?
Recommend
More recommend
