Wednesday, August 26, 2020

Welcoming Kelli Shute as Trusted CI’s Executive Director

I am happy to announce that Kelli Shute, who joined IU CACR and Trusted CI as a project manager last year, has accepted the role of Executive Director for Trusted CI. During her time, Kelli has demonstrated great leadership in keeping the 30 individuals across six sites that contribute to Trusted CI day-to-day, and our growing set of partners, moving forward in an effective, coordinated manner. Kelli will work closely with myself as the PI and Director, Jim Basney as Trusted CI’s Deputy Director, and the other co-PIs and leadership team.

Please join me in congratulating and welcoming Kelli in her new role.

Von Welch

Trusted CI Director and PI

Tuesday, August 18, 2020

Transition to practice success story: Exploring Unconventional Analog Computing

Designing time-keeping devices that do not require any external power

Shantanu Chakrabartty, Ph.D., is the Clifford Murphy Professor in Electrical and Systems Engineering, Washington University in St. Louis, and the principal investigator and director of the Adaptive Integrated Microsystems (AIM) Laboratory. He is also a Trusted CI TTP Fellow

From his website: Shantanu Chakrabartty's research explores new frontiers in unconventional analog computing techniques using silicon and hybrid substrates. His objective is to approach fundamental limits of energy efficiency, sensing, and resolution by exploiting computational and adaptation primitives inherent in the physics of devices, sensors, and the underlying noise processes. Professor Chakrabartty is using these novel techniques to design self-powered computing devices, analog processors, and instrumentation with applications in biomedical and structural engineering. One such example is the self-powered structural health monitoring technology which is currently being commercialized. 


Our research explores new frontiers in non-conventional analog computing and sensing techniques using silicon, quantum, and biological circuits. We apply these fundamental principles for designing neuromorphic systems, machine learning processors, authentication systems, structural health monitoring sensors, and biomedical instrumentation. 

 

Trusted CI spoke with Chakrabartty about his transition-to-practice journey. We were joined by Florence Hudson, founder and CEO at FDHint and special advisor leading Trusted CI’s Cybersecurity Transition To Practice (TTP) program. 

 

Trusted CI: Tell us about your research interests and how that's translating into your transition to practice journey.  

 

S.C. My research essentially focuses on different aspects of analog computing. When people think about analog, they envision this old clunky thing, not something cool as digital, but one doesn't realize that many naturally occurring processes and phenomena are inherently analog.  

 

My research at a fundamental level tries to first find out these hidden computational gems and then try to exploit them, integrate them, or mimic them on silicon. 

 

The computational models could vary from a very simple dynamical system using only one transistor and one capacitor. In fact, in an analog domain, even that very simple circuit can show a whole wide range of different dynamical behavior. Or it could be a very complex system. 

 

For example, to mimic a part of a human brain, one needs to build a giant neural network with lots of silicon neurons which has billions of transistors. The common theme across all these different research topics is that you start with the fundamental research question first. We don't know if the principle that you think should work, will work, and how well it will work. Effectively, these fundamental questions become the basis for some of the thesis topics for my Ph.D. students.  

 

Then out of those thesis topics, depending on the results we get, there are few which then become a candidate for a transition to practice, maybe further towards commercialization.  

 

Some years back, we looked at a so-called analog phenomenon that exploited some interface physics between the transducers, piezoelectric transducers, and non-volatile memory. We were able to exploit that phenomena to create very energy efficient data loggers. Some of those are now being evaluated in real-world deployments, especially for structural health monitoring. But again, the idea here is that it all depends on the quality of results before we are ready for deployment.  

 

Also, most importantly, it depends on the interest of the student, whether they want to take it to the next level. The platform that we work on uses integrated circuit technology. And that is an inherently mature technology. The challenge comes from doing things in analog rather than doing things digitally. So that's essentially the path that we follow towards transition to practice.  

 

Trusted CI: What kinds of inventions does that translate into?  

S.C. I can give an example relevant to the Trusted CI program. We are looking at a very simple chip-based solution that exploits analog computational primitives in quantum transport of electrons. We are using a phenomenon called Fowler-Nordheim quantum tunneling to design time-keeping devices that do not require any external power to operate. This sounds contradictory, but the idea here is that once we have initialized the device, to run it, it doesn't need any additional power from a battery.  

 

We have been exploring the use of this timer technology for security applications. One example is your credit card which has static numbers on it that could easily be stolen. Applying our technology, one can create a credit card where the numbers keep changing with time and doesn’t require batteries. Hackers cannot probe into the chip without disturbing the property of these timers. So, you can create a secure asset using the technology.  

 

And because it's a platform technology, there may be numerous applications that are possible with this. We are thinking about designing trusted modules for low-resource platforms like IoT devices, medical Fitbit-like devices, and even for secure high-end medical systems which require several layers of protection. In many of these systems, the biggest vulnerability comes from when you are downloading software upgrades. You need to be able to authenticate that module. During those high-value transaction processes, our technology can provide assurance. There are numerous applications. 


This research was started in 2015 when we received an NSF grant (CNS1525476) to investigate the use of these time-keeping devices for authentication. Once we have validated the proof of concept, there are numerous applications that are possible, and so we're exploring that now. And that's also the reason why I was interested in this Trusted CI program to find where exactly and what are the different avenues we could use this fundamental device for. 

 

Trusted CI: How were you introduced to Trusted CI?  

S.C. Florence [Hudson] invited me a few years ago to be a speaker at one of the TTP workshops that she had organized. And since then, we have kept in touch. She has followed up repeatedly asking what progress we're making in terms of transitioning the technology or if we’ve made any improvements to it. Florence also introduced me and my Ph.D. students to several potential stakeholders during some of these workshops’ one-on-one meetings. And it was very interesting to see, at least for me, talking to some of the stakeholders what were the possible applications that might come out of this technology. Something that we hadn't previously thought of. 

 

Also, from the student's point of view, which I think is also very important from an educational point of view, I could see my students see the value in the research that they are doing for a Ph.D. They also see that their research has value in the commercial space as well.  

 

Trusted CI: What's coming up next?  

S.C. The student we are helping to take the technology to the next level is interested in entrepreneurship. After he's done with his Ph.D., he wants to pursue this path where, depending on the feedback that he gets from the market, he can take it to the next level. I have another Ph.D. student working on this. He is working on improving the reliability of the timers. We are looking for some of the physics that we missed on the first iteration that we could exploit. 

 

Our goal in participating in the Trusted CI cohort was to identify those low hanging fruit applications. As I mentioned before, there are numerous applications out there that would work on our platform. We have been approached by several commercial entities that want to evaluate the technology. We need to choose something that is doable, probably within a one- or two-year timeframe, at least two from a deployment point of view, so that we can get some real data.  

 

Trusted CI: What is Trusted CI doing to help Shantanu and his students on their TTP journey? 

F.H. The very experienced researchers like Shantanu want to keep on solving the problems. There's always more to do as the world changes, the applications change, and the device changes. And he can keep going down that path. And the students can enable the transition to a business, perhaps a transition to deployment or open source or whatever they decide to do. So, he's created this very nice complimentary model. We work with Shantanu the professor as our TTP fellow, and his student, Darshit Mehta, joins our calls. When they presented to the IEEE/UL Working Group P2933 on clinical IoT data and device interoperability with TIPPSS – Trust, Identity, Privacy, Protection, Safety and Security for which I am the working group chair, they both presented to a range of industry, government, and academic partners, and we are helping them continue down that path.  

 

Since I've helped introduce a number of people to Shantanu, I try to keep the fires burning a little bit on both sides and find other opportunities for him to pursue potential deployment of the technology and get feedback from users as well.  

 

Trusted CI: Shantanu, tell us a bit more about your journey. 

S.C. The most important aspect for me has been the student. Without the student, if I had to invest my time, it would have been a lot of effort. And given that we have other responsibilities that we also must take care of in academia, students take a lot of the burden in this regard, and especially if they are entrepreneurship-minded students. 

 

Trusted CI: Would you do it again? 

S.C. Yes. 

I see the benefits not just from a translation point of view, but even from my students’ maturity. Whereas before, if they gave a presentation, they would say, ‘I will do the bare minimum possible and be done with it.’ But now, they must be professional. They must put their best foot forward. So, I think for the students, I see a difference between pre-TTP and post-TTP type of experience.  

 

Trusted CI: Anything else that would help your TTP journey? 

S.C. Knowing whether the product fits a market. I want to know what the customer wants, whether they are going to use it. Where is that middle ground? 

We can tweak our technology to meet their needs, but I need to know their needs. And I think that's where that matchmaking definitely helps us.  

 

F.H. One of the things we've talked about in the Trusted CI TTP cohort calls is perhaps linking with the business schools and some of the universities. For example, I think Indiana University's Business School helps with things like that. What Shantanu brings up is the technical researchers are great with the technology. But he needs a partner that can help him do that translation and connect him to the potential client or users, so that he can then harden the asset for that use. And then deploy it through that channel that supports those target users.  

 

I try to help with my business experience. How do we create a partnership for Shantanu? Who's going to do this with them? So we're starting to think through this: should we reach out to the business school and create a little team. Bring in three Ph.D. research students and an MBA student and partner them for the summer. They would work on a problem together and tell a business school: here's the potential market opportunity; here are the market needs; here are the client needs; here's the potential value proposition the research technology brings to the client; here’s the analysis we did. That's the piece that could really help. One of the things we're thinking about is how to create that, probably at the research host institution so there is a local teaming opportunity.  

 

We can do that part-time with mentors like me, but it's not like being in the trenches helping them do it on a day-to-day basis. That's why we have this TTP Fellows program. We're trying to figure out how to make this repeatable and sustainable. 


Tuesday, August 11, 2020

Trusted CI Engagement Application is Open

                 

  Trusted CI Engagement Application Period is Open

                   Applications Due Oct. 2, 2020

            Apply for a one-in-one engagement with Trusted CI for Late 2020.


 Trusted CI is accepting applications for one-on-one engagements to be executed in Jan-June 2021. Applications are due Oct. 2, 2020 (Slots are limited and in demand, so this is a hard deadline!)


To learn more about the process and criteria, and to complete the application form, visit our site:

http://trustedci.org/application


During Trusted CI’s first 5 years, we’ve conducted
 more than 24 one-on-one engagements with NSF-funded projects, Large Facilities, and major science service providers representing the full range of NSF science missions.  We support a variety of engagement types including: assistance in developing, improving, or evaluating an information security program; software assurance-focused efforts; identity management; technology or architectural evaluation; training for staff; and more.  

 As the NSF Cybersecurity Center of Excellence, Trusted CI’s mission is to provide the NSF community a coherent understanding of cybersecurity’s role in producing trustworthy science and the information and know-how required to achieve and maintain effective cybersecurity programs.

 

Friday, August 7, 2020

Chem Compute JupyterHub (1st May, 2020 - 15th July, 2020)

Chem Compute provides free access to computational chemistry software for undergraduate students and for researchers. This is done all without compiling, installing and maintaining software and hardware. Chem Compute also features Jupyter notebooks for students to do data analysis using Python.


Trusted CI partners with Science Gateways Community Institute (SGCI) on SGCI engagements that require cybersecurity expertise. The cybersecurity staff from Trusted CI engaged with Mark Perri from Chem Compute over a period of 2.5 months (May-July 2020) to review its security including servers, services and policies. Recommendations were made around the risks that were identified. The cybersecurity team also made some best practices recommendations for Chem Compute’s JupyterHub. Most of the best practices recommendations were made from the following sources: 

https://jupyterhub.readthedocs.io/en/stable/reference/websecurity.html

https://jupyterhub.readthedocs.io/en/stable/getting-started/security-basics.html


We started the engagement with a kickoff meeting to get an overview of Chem Compute, how the systems are enabled/work and discussed the requirements and expectations from the engagement. Post that, the SGCI cybersecurity team set up weekly meetings amongst themselves to discuss and work on the project. The Cybersecurity team also scheduled meetings with Mark Perri as and when required to provide an update and get some inputs. The final product of the engagement was a 12-page security report containing specific recommendations on how to address the security gaps identified during the engagement.

Overall it was a successful engagement, thanks to Mark Perri’s valuable inputs with quick turnaround time.


Removed language with racial biases

As announced in our June 12 blog post, Trusted CI has joined other organizations in ceasing the use of terms such as “whitelist,” “blacklist,” and similar cybersecurity terms that imply negative and positive attributes and use colors also used to identify people. There simply is no place today for biased language with racial implications. 

In addition to the prior updates to our code of conduct, we have completed a review of the Trusted CI guide and related templates and blog posts and updated instances where found. We recognize the potential use of this language in past presentations and do not intend to rewrite history. No new materials produced will use such language.

We welcome your input on how we can continue to improve, making our community welcoming for all. If we missed any instances of this language, please let us know and we will address it promptly.

Von Welch for Trusted CI

Tuesday, August 4, 2020

Registration is now open for the 2020 NSF Cybersecurity Summit


It is our great pleasure to announce the 2020 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure. The event will take place virtually Tuesday, September 22 through Thursday, September 24, 2020. Attendees will include cybersecurity practitioners, technical leaders, and risk owners from within the NSF Large Facilities and CI community, as well as key stakeholders and thought leaders from the broader scientific and cybersecurity communities.

Registration Complete the online registration form: https://trustedci.org/2020-nsf-summit



Thank you on behalf of the Program and Organizer Committee.