Monday, October 14, 2019

Trusted CI Webinar October 28th at 11am ET: Trends in Global Privacy: GDPR One Year Later with Scott Russell

CACR's Scott Russell is presenting the talk, "Trends in Global Privacy: GDPR One Year Later" on October 28th at 11am (Eastern).

Please register here. Be sure to check spam/junk folder for registration confirmation email.
The past few years have seen a resurgence of privacy laws around the globe, starting with the European Union’s General Data Protection Regulation (GDPR), but leading to proposed laws in South Korea, Brazil, and the United States. These numerous laws may be targeted at enhancing privacy, but their biggest effect has been as a source of fear and confusion for those who are being regulated. This talk will build upon last year’s GDPR webinar, introduce CCPA, and then go on to discuss trends in global privacy more broadly: what’s happening, what’s coming, and what should you do about it.
Scott Russell is a Senior Policy Analyst at the Indiana University Center for Applied Cybersecurity Research (CACR), where his work focuses on privacy and cybersecurity policy. A lawyer and researcher, Scott received his B.A. in Computer Science and History from the University of Virginia, received his J.D. from Indiana University, interned at MITRE, and served as a postdoctoral fellow at CACR.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Wednesday, October 9, 2019

Trusted CI at SFSCon 2019

Group Photo of SFSCon 2019 Participants
On September 27-29, Trusted CI participated in SFSCon 2019, the third annual cybersecurity training and professional development event at Cal Poly Pomona (CPP) for the CyberCorps Scholarship for Service (SFS) students and alumni nationwide. 105 student attendees traveled to California from 42 universities across the country for this event organized by CPP Professor Mohammad Husain. In 2017, Trusted CI helped organize the CPP-CTSC SFS Cyberinfrastructure Security Workshop, the first event in this SFSCon series.

This year, Trusted CI's Barton P. Miller and Elisa Heymann provided a Software Assurance training for the students, and Trusted CI's Jim Basney and John Zage provided an Identity and Access Management training. Ishan Abhinit and Zalak Shah (CACR) also provided a Security Log Analysis training, using training materials developed by Trusted CI.

From 45 student attendees in 2017 to 105 student attendees in 2019, SFSCon is a growing success. It’s great to see the SFS program supporting the development of the next generation cybersecurity workforce. Trusted CI is proud to have the Cal Poly Pomona Scholarship for Service project as one of our partners.

Thursday, October 3, 2019

CI CoE Pilot - NEON IdM Experiences

The Cyberinfrastructure Center of Excellence (CI CoE) Pilot project, in collaboration with Trusted CI, recently completed an identity and access management engagement with the National Ecological Observatory Network (NEON) to update the NEON Data Portal to use OpenID Connect for user authentication. A paper summarizing this engagement is available.

The goal of the CI CoE Pilot project is to develop a model for a CI CoE that facilitates community building and sharing, and applies knowledge of best practices and innovative solutions for NSF's major multi-user research facilities. One sub-component of the Pilot project is to gain experience with implementing identity management (IdM) solutions for facilities.

NEON was selected as the initial IdM engagee with the intent to assist them with moving the NEON Data Portal away from managing local user credentials and towards leveraging industry standards such as OpenID Connect (OIDC). The implementation involved transitioning to Auth0, which not only imported the existing database of Data Portal users, but also allowed users to log in with third-party OIDC Identity Providers (IdPs) Google and CILogon.

Monday, September 30, 2019

Spotlight on Software Assurance and Secure Coding

Bart & Elisa at Cal-Poly Pomona, 09/27/19
Software assurance is the secure design,coding, and assessment of software to ensure it is free from vulnerabilities and works as intended. Since its inception, Trusted CI has dedicated a portion of its engagements and community outreach to software assurance. Much of this work has been led by Profs. Barton P. Miller and Elisa Heymann from the University of Wisconsin-Madison. Through conducting engagements, training events, presenting talks, and building curricula, Bart and Elisa strive to teach programmers, analysts, and managers how to design and program secure software, and how to assess  software to find  flaws and make the software more difficult to be hacked.

Bart and Elisa have conducted numerous engagements for Trusted CI and other organizations. During one engagement for Trusted CI they conducted an in-depth vulnerability assessment of Singularity, an open source container platform optimized for high-performance computing (HPC) and scientific environments. The Open Science Grid engagement involved a vulnerability assessment of OSG's installment of HTCondor, a program that manages jobs submitted to the batch system. In another collaboration outside of Trusted CI, they evaluated Total Soft Bank's (TSB) Terminal Operating System, a system for managing maritime freight shipping, including that manages about 40 percent of container terminals in the world. That work resulted in significant improvements in the security of international shipping, reported in a paper published in Port Technology International.

The pair has conducted workshops for Internet2, Supercomputing, Science Gateways Community Institute (SGCI), IEEE, O’Reilly, the New Jersey FAA; and have traveled to Australia, Germany, South America, and India to give trainings. Much of their work is publicly accessible to broadcast it out to the widest audience possible. And their course, “Introduction to Software Security,” has recently been added to UW-Madison’s Spring 2020 undergrad curriculum. A pilot version of the course had 120 students enrolled, they are optimistic the spring course will be well attended. These training resources focus on real scenarios and hands-on learning to make a lasting impact on students. The training exercises have evolved over time to include different languages and operating systems. It should be noted that, depending on the language, some security problems can be reduced, but they don’t entirely go away.

The future of secure coding relies on as much education as possible. The number of people writing programs has increased at a breathtaking rate. The resources available to them must scale to meet these demands.

Updates about upcoming Trusted CI trainings are regularly posted on our home page. Applications for an engagement with Trusted CI during the early 2020 session are due October 2nd.

Thursday, September 19, 2019

Trusted CI renewed through 2024

We're extremely happy to announce that Trusted CI has been renewed as the NSF Cybersecurity Center of Excellence through 2024 under NSF award 1920430. We thank the community for their support in this endeavor and look forward to our continued collaboration to advance the trustworthy nature of NSF science.

For more information, please see the press releases from Indiana UniversityNCSA and U. of Wisconsin, as well as other press coverage: Indianapolis Business Journal, HPCWire, Indiana Daily Student.

Monday, September 9, 2019

CCoE Webinar September 23rd at 11am ET: Jupyter Security at LLNL with Thomas Mendoza

Thomas Mendoza is presenting the talk "Jupyter Security at Lawrence Livermore National Laboratory" on Monday September 23rd at 11am (Eastern).

Please register here. Check spam/junk folder for registration confirmation email.
Jupyter Notebooks have become tremendously popular for creating, sharing and reproducing science. While they are relatively easy to setup and use, there has (until recently) been little concern regarding the security implications of running these Notebooks. This presentation will cover the developments and practices used at Lawrence Livermore National Laboratory to secure notebooks running in multi-tenant, HPC environments.
Speaker Bio:
Thomas Mendoza is a staff Computer Scientist at LLNL working for Livermore Computing’s HPC center on web architecture and security.

Presentations are recorded and include time for questions with the audience.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Friday, September 6, 2019

Trusted CI Finishes Engagement with the American Museum of Natural History

The American Museum of Natural History (AMNH) conducts research and education activities spanning multiple branches of science. Through the National Science Foundation's Campus Cyberinfrastructure (CC*) program (NSF OAC-1827153), AMNH developed and installed a Science DMZ to enable high speed transfer of large data sets. Connections were deployed regionally via NYSERnet and nationally via Internet2. Additionally, AMNH's ADFS identity management system was federated with InCommon to give researchers access to Globus data transfer nodes (DTNs).

Trusted CI's engagement with AMNH initially focused on developing an information security program tailored to the new Science DMZ. This effort started by reviewing existing AMNH policies and procedures which might apply to the Science DMZ. After this initial examination, it was decided that the accelerated timeline for installation and configuration of both the Science DMZ and the ADFS federation with InCommon left little time for refinement of a few security policy documents. Instead, effort was focused on fine-tuning system configuration for the Science DMZ by consulting outside expertise from ESnet.

Trusted CI documented the activities of this engagement in a final report. AMNH intends to document the processes of installation and configuration of their Science DMZ and the federation of their ADFS identity management system with InCommon. This documentation may give other similarly sized institutions a good starting point for installation of a Science DMZ or ADFS integration with InCommon.

The Trusted CI-American Museum of Natural History engagement began January 2019 and finished June 2019.