Monday, September 9, 2019

CCoE Webinar September 23rd at 11am ET: Jupyter Security at LLNL with Thomas Mendoza

Thomas Mendoza is presenting the talk "Jupyter Security at Lawrence Livermore National Laboratory" on Monday September 23rd at 11am (Eastern).

Please register here. Check spam/junk folder for registration confirmation email.
Jupyter Notebooks have become tremendously popular for creating, sharing and reproducing science. While they are relatively easy to setup and use, there has (until recently) been little concern regarding the security implications of running these Notebooks. This presentation will cover the developments and practices used at Lawrence Livermore National Laboratory to secure notebooks running in multi-tenant, HPC environments.
Speaker Bio:
Thomas Mendoza is a staff Computer Scientist at LLNL working for Livermore Computing’s HPC center on web architecture and security.

Presentations are recorded and include time for questions with the audience.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Friday, September 6, 2019

Trusted CI Finishes Engagement with the American Museum of Natural History

The American Museum of Natural History (AMNH) conducts research and education activities spanning multiple branches of science. Through the National Science Foundation's Campus Cyberinfrastructure (CC*) program (NSF OAC-1827153), AMNH developed and installed a Science DMZ to enable high speed transfer of large data sets. Connections were deployed regionally via NYSERnet and nationally via Internet2. Additionally, AMNH's ADFS identity management system was federated with InCommon to give researchers access to Globus data transfer nodes (DTNs).

Trusted CI's engagement with AMNH initially focused on developing an information security program tailored to the new Science DMZ. This effort started by reviewing existing AMNH policies and procedures which might apply to the Science DMZ. After this initial examination, it was decided that the accelerated timeline for installation and configuration of both the Science DMZ and the ADFS federation with InCommon left little time for refinement of a few security policy documents. Instead, effort was focused on fine-tuning system configuration for the Science DMZ by consulting outside expertise from ESnet.

Trusted CI documented the activities of this engagement in a final report. AMNH intends to document the processes of installation and configuration of their Science DMZ and the federation of their ADFS identity management system with InCommon. This documentation may give other similarly sized institutions a good starting point for installation of a Science DMZ or ADFS integration with InCommon.

The Trusted CI-American Museum of Natural History engagement began January 2019 and finished June 2019.

Wednesday, September 4, 2019

Trusted CI begins engagement with SLATE



SLATE accelerates collaborative scientific computing through a secure container orchestration framework focused on the Science DMZ, enabling creation of advanced multi-institution platforms and novel science gateways.  The ATLAS collaboration at the CERN Large Hadron Collider has an R&D program utilizing SLATE to centrally operate a distributed data delivery network having service endpoints at multiple computing facilities in the U.S., CERN, the UK and Germany, and has evaluated a cache deployed using SLATE within the ESnet backbone.  Similar approaches are already in production (the Open Science Grid data federation which is implemented in part using the Pacific Research Platform and Internet2) supporting LIGO and other science domains but as yet lack a generalized trust framework.  While innovation of the  new trust model initially is occurring in the context of the OSG and the worldwide LHC computing grid (WLCG), trusted federated edge infrastructures enabling operation of advanced computing platforms will in future be necessary to sustain a wide range of data intensive science disciplines requiring shared national and international cyberinfrastructure.

The deployment and operation of software through containerized edge services raises issues of trust between many stakeholders with different perspectives. Resource providers require guarantees that services running within their infrastructure are secure and operated within site policies; platform service developers and operators require flexibility to continuously deliver and compose new cyberinfrastructure supporting their scientific collaborations; edge cluster administrators need visibility and operational awareness while delegating some of their traditional deploy and operate responsibilities to centralized platform teams, following a NoOps model; and finally, the application workloads from end-user science communities rely on the foundational capabilities implemented by platform services to realize the full potential of shared cyberinfrastructure.  This engagement will focus on developing SLATE’s cybersecurity program in a way that  balances these needs.

The Trusted CI-SLATE engagement began July 2019 and is scheduled to conclude by the end of December 2019.  For additional information on SLATE, please refer to the paper,  “Building the SLATE Platform,” published in PEARC18.  Trusted CI will document the activities of this engagement in a final report to be made available to the public.

Tuesday, September 3, 2019

Trusted CI co-PI Jim Marsteller heading to Penn State University

With both excitement and sadness, I share with the Trusted CI community that Jim Marsteller, one of Trusted CI’s founders and a long-time leader of the NSF Cybersecurity Summit Program Committee and the Large Facility Security Team, will be leaving Trusted CI as part of moving from PSC to Penn State in September.

We’re excited for Jim in his new role at Penn State and wish him all the best. We are very glad that he is staying in the higher education family that is so important to Trusted CI’s mission of supporting research and look forward to continuing to work with Jim in his new role.

Please stay tuned for more news on how Trusted CI will adapt to this change of leadership.

Von - Trusted CI PI and Director