Thursday, March 22, 2018

New name, same mission

Dear friends of CTSC,

We're writing to announce that the Center for Trustworthy Scientific Cyberinfrastructure (CTSC) is becoming Trusted CI, the NSF Cybersecurity Center of Excellence.

Why are we making this change? While it clearly conveyed our mission, our initial name was a mouthful -- and, with the added CCoE designation, we found that people struggled to remember it. Trusted CI will build better name recognition, through consistent branding across our website ( and social media (@TrustedCI). 

The new name still emphasizes what we're about: Achieving the NSF goal of creating high-quality, trusted cyberinfrastructure (CI) that supports high-quality, trusted science. It will also make it easier for you to remember how to get help for your NSF CI projects: Email (be sure to identify which NSF project your query relates to). 
As we roll out the new branding this spring, we'd like to extend an active invitation to engage our services. From quick questions to collaborative engagements lasting months, Trusted CI tackles challenges of all sizes. 

We're happy to assist with anything related to cybersecurity for NSF CI projects, and we're focused on tailored solutions that impact your work as little as possible. And now all you have to remember is Trusted CI!

Monday, March 12, 2018

Trusted CI Webinar Mar. 26th at 11am ET: Data Quality and Security Evaluation Framework

Rochester Institute of Technology's Leon Reznik and Igor Khokhlov are presenting the talk "Data quality and security evaluation framework development" on March 26th at 11am (Eastern).

Please register here. Be sure to check spam/junk folder for registration confirmation email.
In this talk, we are presenting our work on building a data quality and security (DQS) framework, which integrates cybersecurity with other diverse metrics, such as accuracy, reliability, timeliness, and safety into a single methodological and technological framework. This innovation has a high potential to enable a significant improvement in a wide spectrum of science and technology applications as it will create new opportunities for optimizing data structures, data processing and fusion procedures based on a new quality and security information application. While the developed evaluation techniques may cover a wide range of data sources, the current framework’s implementation concentrates on using an ordinary user’s owned mobile devices and Android-based smartphones in particular.  
After discussing a motivation and general concepts of data quality evaluation, we will present preliminary results. As the framework integrates various metrics from accuracy to security and privacy, we will show examples of cyberinfrastructure elements from those areas developed so far. The security evaluation aspect of the framework is introduced with the Android applications that evaluate a smartphone security, gives a comprehensive score, and advises how the smartphone security can be improved. Two applications that are already available on Google Play will be presented and discussed. In addition, we will show some examples of the framework’s user interface designed for data quality metrics assignment and demonstrate its visualization capabilities. 
The data privacy evaluation is presented with the investigation of the colluded application vulnerability in Android OS devices. We will discuss and analyze the results achieved in this domain.
We believe that DQS evaluation framework will stimulate further improvement of the quality of the whole cyberinfrastructure and, in particular, cybersecurity. We will discuss possible further developments and seek the feedback and advice on the further DQS evaluation research directions. In particular, we are looking for a collaboration in the development of our framework applications in various science and technology domains.

Leon Reznik is a Professor of Computer Science (primary affiliation) and Computing Security (secondary affiliation) at the Rochester Institute of Technology. His current research concentrates on data quality and security evaluation and assurance; cognitive sensor networks and systems; intelligent intrusion detection and big data analytics.

Igor Khokhlov is a Ph.D. candidate at the Rochester Institute of Technology. He conducts research on data quality and value evaluation for sensor-originated data. Igor’s fields of interest include Android OS, cyber-security, and AI.
Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Friday, March 2, 2018

NRAO and Trusted CI Launch Engagement

Trusted CI is pleased to announce the start of an engagement with the National Radio Astronomy Observatory (NRAO), an NSF Large Facility supported in part by NSF Award # 1647378. This engagement is expected to continue through the end of June. Our shared goal for this engagement is to assess and facilitate the continued maturation of NRAO’s information security program, as well as to positively impact its adaptiveness and longevity. We will accomplish this by evaluating their existing policies, practices, and documentation, and providing recommendations for opportunities to strengthen these within the overarching framework of the four pillars of cybersecurity: mission, governance, resources, and controls.

Initially established in 1956, the National Radio Astronomy Observatory is operated under cooperative agreement by Associated Universities, Inc. (AUI). NRAO provides state-of-the-art radio telescope facilities for use by the international scientific community, open to all astronomers regardless of institutional or national affiliation. NRAO also provides both formal and informal programs in education and public outreach for teachers, students, the general public, and the media. Their instruments include the Jansky Very Large Array in New Mexico and the North American component of the Atacama Large Millimeter/submillimeter Array in Chile.

With its latest renewal, NRAO’s mandate is to improve not only the accessibility of its scientific instruments, but also the accessibility of its multi-petabytes of archived observational data for re-processing and re-use beyond the initial intent and audience. NRAO’s revised mission seeks to extend beyond the traditional radio astronomy community into the fields of general scientific endeavor looking at complex molecules in space, real-time events, and the explanation of origins of life, planets, solar systems, galaxies, and the universe.

Wednesday, February 14, 2018

CTSC Begins Engagement with GenApp

GenApp (NSF OAC-1740097) is a tool for rapidly generating science gateways. The goal of GenApp is to provide a graphical frontend for command line scientific applications. This is accomplished by creating JSON configuration files which specify input and output parameters for the scientific application, as well as parameters for the GUI elements of the resulting graphical frontend.

The most used GenApp-generated science gateway (SASSIE2), which is focused on the small-angle scattering field, has over 500 registered users and 11K jobs submitted through the gateway in 2017. GenApp-generated gateways are running on dedicated local resources as well as cloud resources, primarily NSF Jetstream at this time, but such functionality has also been tested on AWS.

As vulnerabilities present in GenApp may lead to vulnerabilities in the generated gateway applications, it is imperative to address any security issues which may be in the GenApp framework, to protect the integrity of the gateway applications and the computing platforms they use. CTSC will review GenApp's design and architecture in attempt to identify potential security issues and recommend remediations. CTSC will also use code analysis tools and web-based scanning tools on both the GenApp frontend-generation engine as well as the several web frontends created by the GenApp framework.

The CTSC-GenApp engagement began January 2018 and is scheduled to conclude by the end of June 2018.

Monday, February 12, 2018

CCoE Webinar Feb. 26th at 11am ET: SmartProvenance

The University of Texas at Dallas's Dr. Murat Kantarcioglu is presenting the talk "SmartProvenance: A Distributed, Blockchain Based Data Provenance" on February 26th at 11am (Eastern).

Please register here. Be sure to check spam/junk folder for registration confirmation email.
Blockchain technology has evolved from being an immutable ledger of transactions for cryptocurrencies to a programmable interactive environment for building distributed reliable applications. Although the blockchain technology has been used to address various challenges, to our knowledge none of the previous work focused on using Blockchain to develop a secure and immutable scientific data provenance management framework that automatically verifies the provenance records using off-chain techniques. In this talk, we discuss how we leverage Blockchain as a platform to facilitate trustworthy data provenance collection, verification, and management. The developed system utilizes smart contracts and open provenance model (OPM) to record immutable data trails. We show that our proposed framework can securely capture and validate provenance data that prevents any malicious modification to the captured data as long as the majority of the participants are honest.

Dr. Kantarcioglu is a Professor in the Computer Science Department and Director of the Data Security and Privacy Lab at The University of Texas at Dallas (UTD). Dr. Kantarcioglu’s research focuses on the integration of cyber security and data science.Presentations are recorded and include time for questions with the audience.
Join CTSC's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Friday, February 9, 2018

Deadline extended for REU student applications at IU.

The application deadline for undergraduate students at IU interested it working on software security research with CTSC has been extended to February 18th.

Please see the original post for more details.

Tuesday, February 6, 2018

Apply for an Engagement with the NSF Cybersecurity Center of Excellence (applications due April 6)

We are accepting applications for one-on-one engagements to be executed in July - December 2018.  Applications are due April 6, 2018. (Slots are limited and in demand, so this is a hard deadline!)

To learn more about the process and criteria, and to complete the application form, visit our site:

During CTSC’s first 5 years, we’ve conducted more than 20 one-on-one engagements with NSF-funded projects, Large Facilities, and major science service providers representing the full range of NSF science missions.  We support a variety of engagement types including: assistance in developing, improving, or evaluating an information security program; software assurance-focused efforts; identity management; technology or architectural evaluation; training for staff; and more.  

As the NSF Cybersecurity Center of Excellence, CTSC’s mission is to provide the NSF community a coherent understanding of cybersecurity’s role in producing trustworthy science and the information and know-how required to achieve and maintain effective cybersecurity programs.