GenApp (NSF OAC-1740097) is a tool for rapidly generating science gateways. The goal of GenApp is to provide a graphical frontend and associated server backend for command line scientific applications. Trusted CI began an engagement with GenApp in January 2018, and completed the engagement in June 2018.
The engagement focused on performing a security review of the GenApp codebase and the various web applications generated by GenApp, as well as evaluating the technologies and architectures utilized by the GenApp development framework. Trusted CI worked with the GenApp team to create architectural diagrams, ran automated tools to analyze GenApp systems, and manually inspected key components of source code for vulnerabilities.
Findings included the need for more systematic sanitization of user input, keeping libraries up to date, and recommendations for secure settings of web services of GenApp-generated applications.
The GenApp staff has graciously consented to publication of the engagement report after a sufficient period to implement suggestions for remediation of issues. Trusted CI will contact GenApp towards the end of 2018 to verify that issues have been addressed, after which the engagement report will be made available to the public. The hope is that other NSF-funded projects which are primarily software-based can learn from the tasks accomplished during this engagement.
Friday, June 29, 2018
Thursday, June 21, 2018
NCSA video and news story about Trusted CI
The Trusted CI team is made of a partnership with Indiana University, the National Center for Supercomputing Applications (NCSA) at the University of Illinois, the University of Wisconsin-Madison, and the Pittsburgh Supercomputing Center.
Recently NCSA produced a short video about Trusted CI, titled "NCSA's Partnership with Trusted CI helps secure over $7 Billion worth of Science." Click below to see the video. Read the corresponding news story here.
Recently NCSA produced a short video about Trusted CI, titled "NCSA's Partnership with Trusted CI helps secure over $7 Billion worth of Science." Click below to see the video. Read the corresponding news story here.
Thursday, June 14, 2018
2018 NSF Cybersecurity Call For Participation (CFP) Extended to June 20th
We've extended the CFP deadline an additional week for community submissions.
Program content for the Cybersecurity Summit is driven by our community. We invite proposals for plenary presentations, training sessions, student scholarships, Table Top Talks and new this year the Community Leadership Recognition Program.
To learn more about the CFP, please visit: https://trustedci.org/call-for-participation-2018
Labels:
events,
NSF Summit
Monday, June 11, 2018
Announcing the 2017 NSF Community Cybersecurity Benchmarking Survey Report and the 2017 NSF Cybersecurity Summit Report
The second NSF Community Cybersecurity Benchmarking Survey Report is now available:
http://hdl.handle.net/2022/22171
The Community Survey’s purpose is to collect, analyze, and publish useful baseline benchmarking information about the NSF science community’s cybersecurity programs, practices, challenges, and concerns. This year’s survey is significant for receiving responses from 15 of the 25 NSF Large Facilities, and should provide particular insight into the specific cybersecurity practices and concerns of Large Facilities. Notable takeaways from this year’s survey include the dramatic increase in respondents who use multi-factor authentication, the lack of standardization or uniformity around cybersecurity budgets, and the highly variable implementation of software best practices, operational and programmatic cybersecurity safeguards, and cybersecurity governance.
Additionally, the report of the 2017 NSF Cybersecurity Summit to the community is also available. The report outlines progress the community has made based on recommendations from the previous year, attendee details and survey results for both the plenary and training portions of the Summit. The report in its entirety can be reviewed here:
http://hdl.handle.net/2022/21882
We hope the results and analysis provide by these reports offer insight and inspire discussion.
http://hdl.handle.net/2022/22171
The Community Survey’s purpose is to collect, analyze, and publish useful baseline benchmarking information about the NSF science community’s cybersecurity programs, practices, challenges, and concerns. This year’s survey is significant for receiving responses from 15 of the 25 NSF Large Facilities, and should provide particular insight into the specific cybersecurity practices and concerns of Large Facilities. Notable takeaways from this year’s survey include the dramatic increase in respondents who use multi-factor authentication, the lack of standardization or uniformity around cybersecurity budgets, and the highly variable implementation of software best practices, operational and programmatic cybersecurity safeguards, and cybersecurity governance.
Additionally, the report of the 2017 NSF Cybersecurity Summit to the community is also available. The report outlines progress the community has made based on recommendations from the previous year, attendee details and survey results for both the plenary and training portions of the Summit. The report in its entirety can be reviewed here:
http://hdl.handle.net/2022/21882
We hope the results and analysis provide by these reports offer insight and inspire discussion.
Labels:
benchmarking,
Survey
CCoE Webinar June 25th at 11am ET: Security Program at LSST
NCSA's Alex Withers is presenting the talk "Security Program at LSST" on Monday June 25th at
11am (Eastern).
The concept behind the Large Synoptic Survey Telescope (LSST) is simple: conduct a digital image-based survey over an enormous area of the sky and build an extensive astronomical catalogue over the course of ten years. LSST’s astronomical data is the ultimate deliverable to its users. This unique scientific computing environment presents many cyber security challenges. LSST has in place a cyber security program to facilitate its scientific mission: to protect its data access requirements and rights. We will discuss the beginnings of LSST’s cyber security program, adoption and experience with its risk management framework, existing and planned security operations at LSST sites, including the observatory site in Chile and the National Center for Supercomputing Operations (NCSA).Presentations are recorded and include time for questions with the audience.
This talk is presented by Alex Withers. Alex is a Senior Cybersecurity Engineer at the National Center for Supercomputing Applications (NCSA). He is the Information Security Officer for the Large Synoptic Survey Telescope (LSST). He is also a PI and co-PI for a number of NSF-funded cybersecurity projects.
Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."
Tuesday, June 5, 2018
2018 NSF Cybersecurity Summit Call For Participation Deadline Nearing & Registration Now Open
Greetings everyone, just a reminder that the 2018 NSF Cybersecurity Summit Call For Participation (CFP) deadline of June 13th is nearing.
Program content for the summit is driven by our community. We invite proposals for plenary presentations, training sessions, student scholarships and new this year is the Community Leadership Recognition Program. The deadline for CFP submissions is June 13th. To learn more about the CFP, please visit: https://trustedci.org/call-for-participation-2018
Registration - Now Open
We’re happy to announce that registration for the NSF Large Facilities community is now open: https://cacr.iu.edu/events/nsf-summit/registration.php
We’re happy to announce that registration for the NSF Large Facilities community is now open: https://cacr.iu.edu/events/nsf-summit/registration.php
Ensure your participation and register today.
On behalf of the 2018 NSF Cybersecurity Summit organizers and program committee, we welcome your participation and hope to see you in August.
Jim Marsteller
Program Chair
Labels:
events,
NSF Summit
Subscribe to:
Posts (Atom)