Monday, August 26, 2019

Spotlight on the Trusted CI partnership with the Science Gateway Community Institute

The Science Gateway Community Institute (SGCI) is an NSF-funded initiative to provide services, resources, community support, and education to those seeking to create and sustain science gateways -- online interfaces that give researchers, educators, and students easy access to specialized, shared resources that are specific to a science or engineering discipline.

Trusted CI began its partnership with SGCI about three years ago. The partnership has developed into two main functions: to provide specialized engagements to gateway developers and operators seeking cybersecurity support, and to present on relevant cybersecurity topics during SGCI focus weeks (formerly called "bootcamps") and related events.

Trusted CI Engagements with Science Gateways

Below are a few examples of Trusted CI's contributions to science gateways
  • GISandbox: Reviewed their operational security and science gateway code
  • 'Ike Wai: Reviewed their identity and access management (IAM) implementation
  • EarthCube Data Discovery Studio: Reviewed the security of the project server and website
  • UC SanDiego's BRAIN Lab: Advised on using the cloud storage service, Box, for one of their projects
  • The Rolling Deck to Repository (R2R): Presented best practices in transferring and archiving data
  • SeedMeLab: Advised the project on using software penetration testing
  • cloudperm: Trusted CI has written an app that checks permissions on Google documents to identify potential sensitive material accessible to the public. This scan has been used by SGCI to review its own documents.

Resources offered by Trusted CI include:

  • Developing a Cybersecurity Program: a tractable method to build policies and procedures for cyberinfrastructure
  • Cybersecurity checkups: a tailored approach to accessing the maturity of a security program
  • Identity and Access Management: a collection of resources to improve authentication and authorization
  • Open Science Cyber Risk Profile: Providing risk profiles for common scientific assets.
  • Training: providing training on cybersecurity via Science Gateway focus weeks and webinars
  • Providing advice to the SGCI team on protecting their own internal information assets.

Upcoming events

The next SGCI focus week is September 9 - 13 in Chicago, IL. According to the website, a few spots are still available.
The Gateways 2019 Conference is September 23 - 25 in San Diego, CA.

Wednesday, August 14, 2019

Trusted CI Engagement Applications Due Oct 2 2019


Apply for a one-in-one engagement with Trusted CI for Early 2020.
 Applications due Oct 2, 2019.


Trusted CI is accepting applications for one-on-one engagements to be executed in Jan-June 2020.  Applications are due Oct 2, 2019 (Slots are limited and in demand, so this is a hard deadline!)

To learn more about the process and criteria, and to complete the application form, visit our site:


During Trusted CI’s first 5 years, we’ve conducted
 more than 24 one-on-one engagements with NSF-funded projects, Large Facilities, and major science service providers representing the full range of NSF science missions.  We support a variety of engagement types including: assistance in developing, improving, or evaluating an information security program; software assurance-focused efforts; identity management; technology or architectural evaluation; training for staff; and more.  

As the NSF Cybersecurity Center of Excellence, Trusted CI’s mission is to provide the NSF community a coherent understanding of cybersecurity’s role in producing trustworthy science and the information and know-how required to achieve and maintain effective cybersecurity programs.


Monday, August 12, 2019

PEARC19 wrap-up: Continuing our Commitment to Open Science

Jim Basney and Von Welch
Trusted CI had another successful presence at PEARC19. As noted in our pre-conference post, we presented our technical paper, a workshop, a panel, a poster, and exhibitor table; as well as attending and contributing to many other PEARC-related events.

A few highlights:
  • Von's panel, "Community Engagement at Scale: NSF Centers of Expertise," was attended at full capacity.
  • Our workshop, "Trustworthy Scientific Cyberinfrascture," was the first public debut of our Fellows. Matias Carrasco Kind, Jay Yang, Aunshul Rege, and Gabriella Perez shared their research backgrounds and discussed their specific cybersecurity needs.
  • Members of the NSF project Services Layer at the Edge (SLATE) met face to face with Trusted CI to discuss their upcoming engagement.
  • A series of lightning talks from Science Gateway operators during the Trusted CI workshop provided four gateway operators a chance to connect with the community on their cybersecurity issues.
  • A random lunch encounter between Trusted CI staff and people in the Jupyter community led to a lively discussion on Jupyter security and is expected to lead to an upcoming collaboration on providing a Jupyter security workshop at a future conference.
  • We presented at the AI4GOOD workshop regarding cybersecurity and ethics of artificial intelligence.
Von's Panel - Not a single open seat!
We thank the PEARC program committee for providing the opportunity to connect with members of our community and look forward to PEARC20.


Trusted CI Fellows at the workshop
Kay Avila, Mark Krenz, Florence Hudson
Anurag Shankar and Andrew Adams at the poster session

CCoE Webinar August 26th at 11am ET: Integrity Protection for Scientific Workflow Data: Motivation and Initial Experiences

Anirban Mandal and Mats Rynge are presenting the talk "Integrity Protection for Scientific Workflow Data: Motivation and Initial Experiences" on Monday August 26th at 11am (Eastern).

Anirban and colleagues are the recent recipient of PEARC's Phil Andrew's Award for most transformative contribution within its area of research.

Please register here. Check spam/junk folder for registration confirmation email.
With the continued rise of scientific computing and the enormous increases in the size of data being processed, scientists must consider whether the processes for transmitting and storing data sufficiently assure the integrity of the scientific data. When integrity is not preserved, computations can fail and result in increased computational cost due to reruns, or worse, results can be corrupted in a manner not apparent to the scientist and produce invalid science results. Technologies such as TCP checksums, encrypted transfers, checksum validation, RAID and erasure coding provide integrity assurances at different levels, but they may not scale to large data sizes and may not cover a workflow from end-to-end, leaving gaps in which data corruption can occur undetected.

In this talk, we will present our findings from the “Scientific Workflow Integrity with Pegasus” (SWIP) project by describing an approach of assuring data integrity - considering either malicious or accidental corruption - for workflow executions orchestrated by the Pegasus Workflow Management System (WMS). A key goal of SWIP is to provide assurance that any changes to input data, executables, and output data associated with a given workflow can be efficiently and automatically detected. Towards this goal, SWIP has integrated data integrity protection into a newly released version of Pegasus WMS by automatically generating and tracking checksums for both when inputs files are introduced and for the files generated during execution. We will describe how we validate our integrity protection approach by leveraging Chaos Jungle - a toolkit providing an environment for validating integrity verification mechanisms by allowing researchers to introduce a variety of integrity errors during data transfers and storage. We will also provide an analysis of integrity errors and associated overheads that we encountered when running production workflows using Pegasus.
Speaker Bios:

Anirban Mandal serves as the Assistant Director for network research and infrastructure group at Renaissance Computing Institute (RENCI), UNC-Chapel Hill. He leads efforts in science cyberinfrastructures. His research interests include resource provisioning, scheduling, performance analysis, and anomaly detection for distributed computing systems, cloud computing, and scientific workflows. Prior to joining RENCI, he earned his PhD degree in Computer Science from Rice University in 2006 and a Bachelor’s degree in Computer Science & Engineering from IIT Mumbai, India in 2000.

Mats Rynge is a computer scientist in the Science Automation Technologies group at the USC Information Sciences Institute. He is a developer on the Pegasus Workflow Management System and related projects. He is also involved in several national cyberinfrastructure deployments such as the Open Science Grid and XSEDE, for which he provides user support, software engineering and system administration. Previously, he was at the Renaissance Computing institute where he was the technical lead on the RENCI Science TeraGrid Gateway and the Open Science Grid Engagement activities. Before that he was a release manager on the NPACI NPACKage and NSF Middleware Initiative projects where he planned, created, and tested software middleware stacks for larger science communities.He also worked on improving grid software as part of Community Driven Improvement of Globus Software (CDIGS) and Coordinated TeraGrid Software and Services (CTSS) efforts.

Presentations are recorded and include time for questions with the audience.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."