Wednesday, August 14, 2019

Trusted CI Engagement Applications Due Oct 2 2019


Apply for a one-in-one engagement with Trusted CI for Early 2020.
 Applications due Oct 2, 2019.


Trusted CI is accepting applications for one-on-one engagements to be executed in Jan-June 2020.  Applications are due Oct 2, 2019 (Slots are limited and in demand, so this is a hard deadline!)

To learn more about the process and criteria, and to complete the application form, visit our site:


During Trusted CI’s first 5 years, we’ve conducted
 more than 24 one-on-one engagements with NSF-funded projects, Large Facilities, and major science service providers representing the full range of NSF science missions.  We support a variety of engagement types including: assistance in developing, improving, or evaluating an information security program; software assurance-focused efforts; identity management; technology or architectural evaluation; training for staff; and more.  

As the NSF Cybersecurity Center of Excellence, Trusted CI’s mission is to provide the NSF community a coherent understanding of cybersecurity’s role in producing trustworthy science and the information and know-how required to achieve and maintain effective cybersecurity programs.


Monday, August 12, 2019

PEARC19 wrap-up: Continuing our Commitment to Open Science

Jim Basney and Von Welch
Trusted CI had another successful presence at PEARC19. As noted in our pre-conference post, we presented our technical paper, a workshop, a panel, a poster, and exhibitor table; as well as attending and contributing to many other PEARC-related events.

A few highlights:
  • Von's panel, "Community Engagement at Scale: NSF Centers of Expertise," was attended at full capacity.
  • Our workshop, "Trustworthy Scientific Cyberinfrascture," was the first public debut of our Fellows. Matias Carrasco Kind, Jay Yang, Aunshul Rege, and Gabriella Perez shared their research backgrounds and discussed their specific cybersecurity needs.
  • Members of the NSF project Services Layer at the Edge (SLATE) met face to face with Trusted CI to discuss their upcoming engagement.
  • A series of lightning talks from Science Gateway operators during the Trusted CI workshop provided four gateway operators a chance to connect with the community on their cybersecurity issues.
  • A random lunch encounter between Trusted CI staff and people in the Jupyter community led to a lively discussion on Jupyter security and is expected to lead to an upcoming collaboration on providing a Jupyter security workshop at a future conference.
  • We presented at the AI4GOOD workshop regarding cybersecurity and ethics of artificial intelligence.
Von's Panel - Not a single open seat!
We thank the PEARC program committee for providing the opportunity to connect with members of our community and look forward to PEARC20.


Trusted CI Fellows at the workshop
Kay Avila, Mark Krenz, Florence Hudson
Anurag Shankar and Andrew Adams at the poster session

CCoE Webinar August 26th at 11am ET: Integrity Protection for Scientific Workflow Data: Motivation and Initial Experiences

Anirban Mandal and Mats Rynge arepresenting the talk "Integrity Protection for Scientific Workflow Data: Motivation and Initial Experiences" on Monday August 26th at 11am (Eastern).

Anirban and colleagues are the recent recipient of PEARC's Phil Andrew's Award for most transformative contribution within its area of research.

Please register here. Check spam/junk folder for registration confirmation email.
With the continued rise of scientific computing and the enormous increases in the size of data being processed, scientists must consider whether the processes for transmitting and storing data sufficiently assure the integrity of the scientific data. When integrity is not preserved, computations can fail and result in increased computational cost due to reruns, or worse, results can be corrupted in a manner not apparent to the scientist and produce invalid science results. Technologies such as TCP checksums, encrypted transfers, checksum validation, RAID and erasure coding provide integrity assurances at different levels, but they may not scale to large data sizes and may not cover a workflow from end-to-end, leaving gaps in which data corruption can occur undetected.

In this talk, we will present our findings from the “Scientific Workflow Integrity with Pegasus” (SWIP) project by describing an approach of assuring data integrity - considering either malicious or accidental corruption - for workflow executions orchestrated by the Pegasus Workflow Management System (WMS). A key goal of SWIP is to provide assurance that any changes to input data, executables, and output data associated with a given workflow can be efficiently and automatically detected. Towards this goal, SWIP has integrated data integrity protection into a newly released version of Pegasus WMS by automatically generating and tracking checksums for both when inputs files are introduced and for the files generated during execution. We will describe how we validate our integrity protection approach by leveraging Chaos Jungle - a toolkit providing an environment for validating integrity verification mechanisms by allowing researchers to introduce a variety of integrity errors during data transfers and storage. We will also provide an analysis of integrity errors and associated overheads that we encountered when running production workflows using Pegasus.
Speaker Bios:

Anirban Mandal serves as the Assistant Director for network research and infrastructure group at Renaissance Computing Institute (RENCI), UNC-Chapel Hill. He leads efforts in science cyberinfrastructures. His research interests include resource provisioning, scheduling, performance analysis, and anomaly detection for distributed computing systems, cloud computing, and scientific workflows. Prior to joining RENCI, he earned his PhD degree in Computer Science from Rice University in 2006 and a Bachelor’s degree in Computer Science & Engineering from IIT Mumbai, India in 2000.

Mats Rynge is a computer scientist in the Science Automation Technologies group at the USC Information Sciences Institute. He is a developer on the Pegasus Workflow Management System and related projects. He is also involved in several national cyberinfrastructure deployments such as the Open Science Grid and XSEDE, for which he provides user support, software engineering and system administration. Previously, he was at the Renaissance Computing institute where he was the technical lead on the RENCI Science TeraGrid Gateway and the Open Science Grid Engagement activities. Before that he was a release manager on the NPACI NPACKage and NSF Middleware Initiative projects where he planned, created, and tested software middleware stacks for larger science communities.He also worked on improving grid software as part of Community Driven Improvement of Globus Software (CDIGS) and Coordinated TeraGrid Software and Services (CTSS) efforts.

Presentations are recorded and include time for questions with the audience.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Tuesday, July 23, 2019

Trusted CI begins engagement with the United States Academic Research Fleet

The United States Academic Research Fleet (ARF, funded by multiple NSF awards) consists of eighteen oceanographic research vessels organized by the University-National Oceanographic Laboratory System (UNOLS) that vary in size and capability from large Global Class vessels to Coastal Class vessels. As a large facility, the ARF is unique because its primary assets (research vessels) are owned by several different agencies and independently operated by fourteen different oceanographic research institutions. The ARF supports seagoing research for scientific disciplines which require access to the sea. It is vital to programs as small as single-PI nearshore projects and as large as global multi-PI expeditions. The ARF provides multi-institutional and multi-disciplinary shared research infrastructure to serve these research projects. This infrastructure helps to advance research and education across a wide variety of disciplines for a diverse community.

The US ARF faces unique cybersecurity challenges due to the remote nature of the platforms and the increasing use of operational technology on research vessels. The fact that the platforms are operated by different institutions with distinct standards and policies further compounds these issues. As the platforms serve the same customers, a unified CI solution that works across institutional requirements would provide a more consistent environment to all personnel coming aboard US ARF ships. The engagement between Trusted CI and ARF will work to establish a unified cyber infrastructure security plan that will both serve the evolving security needs of its community and prepare the ARF for operational cybersecurity requirements due to be enforced by the International Maritime Organization in 2021.  

This engagement began in July 2019 and is scheduled to conclude by the end of December 2019.

Thursday, July 11, 2019

Registration is now open for the 2019 NSF Cybersecurity Summit

It is our great pleasure to announce registration is now open for  the 2019 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure.  The event will take place Tuesday, October 15 thru Thursday, October 17, 2019, at the Catamaran Hotel, San Diego, CA.  Attendees will include cybersecurity practitioners, technical leaders, and risk owners from within the NSF Large Facilities and CI community, as well as key stakeholders and thought leaders from the broader scientific and cybersecurity communities.


Complete the online registration form by October 9, 2019: https://trustedci.org/2019-nsf-cybersecurity-summit


Tuesday, July 9, 2019

CCoE Webinar July 22nd at 11am ET: Ancile: Enhancing Privacy for Ubiquitous Computing with Use-Based Privacy

Vassar College's Jason Waterman is presenting the talk "Ancile: Enhancing Privacy for Ubiquitous Computing with Use-Based Privacy" on Monday July 22nd at 11am (Eastern).

Please register here. Check spam/junk folder for registration confirmation email.
The recent proliferation of sensors has created an environment in which human behaviors are continuously monitored and recorded. However, many types of this passively-generated data are particularly sensitive.  For example, locations traces can be used to identify shopping, fitness, and eating habits.  These traces have also been used to set insurance rates and to identify individual users in large, anonymized databases. To develop a trustworthy platform for ubiquitous computing applications, it will be necessary to provide strong privacy guarantees for the data consumed by these applications. Use-based privacy, which re-frames privacy as the prevention of harmful uses, is well-suited to address this problem.

This webinar introduces Ancile, a platform for enforcing use-based privacy for applications. Ancile is a run-time monitor positioned between applications and the data (such as location) they wish to utilize. Applications submit requests to Ancile; each request contains a program to be executed in Ancile’s trusted environment along with credentials to authenticate the application to Ancile.  Ancile fetches data from a data provider, executes the program, and returns any output data to the application if and only if all commands in the program are authorized. We find that Ancile is both expressive and scalable. This suggests that use-based privacy is a promising approach to developing a privacy-enhancing platform for implementing location-based services and other applications that consume passively-generated data.
Speaker Bio:  Jason Waterman is an Assistant Professor of Computer Science at Vassar College.  He received his Ph.D in Computer Science at Harvard University in the area of Coordinated Resource Management in Sensor Networks.  He has also worked as research staff at MIT's Computer Science & Artificial Intelligence Laboratory, where he helped to build a system for monitoring patients in disaster situations.

Presentations are recorded and include time for questions with the audience.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Monday, July 8, 2019

Trusted CI Completes REED+ Engagement

The Research Ecosystem for Encumbered Data (REED+) at Purdue University (https://www.rcac.purdue.edu/compute/reed), funded under the Office of Advanced Cyberinfrastructure (OAC #1840043), is a vision to implement a cost-effective ecosystem to manage regulated data. Researchers at Purdue, led by Preston Smith, Director of Research Services and Support, developed a strategic framework to address the compliance requirements for Controlled Unclassified Information (CUI) which is appearing in research sectors, e.g., defense and aerospace.

The foundation of the REED+ framework integrates NIST SP 800-171 and other related publications, including NIST’s Cybersecurity Framework (CSF) and the Big Ten Academic Alliance guidelines. It is intended to serve as a standard for campus IT to align with security regulations and best practices. Leveraging the framework, a single process for intake and contracting can be followed by the university’s Sponsored Programs Office (SPS), Human Research Protection Program (which oversees the IRB), Export Controls and Research Information Assurance (EC/IAO), and Information Technology at Purdue (ITaP) Research Computing division (formally the Rosen Center for Advanced Computing, or RCAC). Moreover, the framework also facilitates a tractable mapping of controlled research to cyberinfrastructure (CI) resources. The overarching goal of the REED+ framework is to enable researchers, administrators, and campus IT to better understand complicated data security regulations affecting research projects.

To assist in developing the framework, Trusted CI engaged with the REED+ team at Purdue from January through June of 2019. The initial step in the engagement was a review of existing documents and processes, followed by exploring proposed policies. Trusted CI found the flow of REED+ framework sound, and soon switched to working with Preston’s team in focusing on specific aspects of the process, e.g., providing controlled research ‘use cases’. The engagement proved especially rewarding, as both the REED+ researchers and Trusted CI came away from the engagement with a greater understanding in the nascent and vanguard processes involved in handling CUI compliance in the domain of research and education.