In the second half of 2019, Trusted CI and Services Layer at the Edge (SLATE) collaborated in an engagement to address cybersecurity concerns for the SLATE system.
SLATE is funded by an NSF grant managed by the Office of Advanced Cyberinfrastructure (Award #1724821). SLATE accelerates collaborative scientific computing through a secure container orchestration framework focused on the Science DMZ, enabling creation of advanced multi-institution platforms and novel science gateways. Similar approaches are already in production supporting LIGO and other scientific collaborations but as yet lack a generalized trust framework. While innovation of the new trust model is initially occurring in the context of the OSG and the worldwide LHC computing grid (WLCG), trusted federated edge infrastructures enabling operation of advanced computing platforms will be necessary in the future to sustain a wide range of data intensive science disciplines requiring shared, scalable national and international cyberinfrastructure.
In the Trusted CI SLATE engagement, we performed an overall security analysis of the SLATE platform, identified trust relationships and key user/administrator workflows, identified a set of needed security policy documents, and began drafting the security policies. We also evaluated container security tools, explored existing applicable OSG and WLCG security policies, and gathered community input on the SLATE security program, resulting in an initial consensus around the security policies and procedures needed to enable wider adoption of the SLATE platform.
Community-driven work on the SLATE security program continues through the WLCG Federated Operations Security Working Group, which is open to all who are interested. Visit https://trustedci.org/slate for pointers to current status of the working group and https://slateci.io/docs/security-and-policies/ for pointers to current SLATE security policies as they are developed. Visit https://hdl.handle.net/2142/106019 for the Trusted CI Slate engagement final report.