CCoE Webinar July 22nd at 11am ET: Ancile: Enhancing Privacy for Ubiquitous Computing with Use-Based Privacy

Vassar College's Jason Waterman is presenting the talk "Ancile: Enhancing Privacy for Ubiquitous Computing with Use-Based Privacy" on Monday July 22nd at 11am (Eastern).

Please register here. Check spam/junk folder for registration confirmation email.

The recent proliferation of sensors has created an environment in which human behaviors are continuously monitored and recorded. However, many types of this passively-generated data are particularly sensitive.  For example, locations traces can be used to identify shopping, fitness, and eating habits.  These traces have also been used to set insurance rates and to identify individual users in large, anonymized databases. To develop a trustworthy platform for ubiquitous computing applications, it will be necessary to provide strong privacy guarantees for the data consumed by these applications. Use-based privacy, which re-frames privacy as the prevention of harmful uses, is well-suited to address this problem.

This webinar introduces Ancile, a platform for enforcing use-based privacy for applications. Ancile is a run-time monitor positioned between applications and the data (such as location) they wish to utilize. Applications submit requests to Ancile; each request contains a program to be executed in Ancile’s trusted environment along with credentials to authenticate the application to Ancile.  Ancile fetches data from a data provider, executes the program, and returns any output data to the application if and only if all commands in the program are authorized. We find that Ancile is both expressive and scalable. This suggests that use-based privacy is a promising approach to developing a privacy-enhancing platform for implementing location-based services and other applications that consume passively-generated data.

Speaker Bio:  Jason Waterman is an Assistant Professor of Computer Science at Vassar College.  He received his Ph.D in Computer Science at Harvard University in the area of Coordinated Resource Management in Sensor Networks.  He has also worked as research staff at MIT's Computer Science & Artificial Intelligence Laboratory, where he helped to build a system for monitoring patients in disaster situations.

Presentations are recorded and include time for questions with the audience.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Trusted CI Participates in ResearchSOC’s EDUCAUSE SPC Workshop

This blog post is cross-posted from the ResearchSOC blog. The ResearchSOC is a peer project of Trusted CI’s focused on providing operational cybersecurity services to the NSF community. It recently hosted a workshop at the 2019 EDUCAUSE Security Professionals Conference to which Trusted CI contributed.

--

“Securing and Supporting Research Projects: Facilitation Design Patterns” workshop

Posted on May 24, 2019 by toddston

In case you missed the above workshop at EDUCAUSE SPC (and you may well have missed it—the workshop filled up early, had a long wait list, and was almost standing room only), the slides from “Securing and Supporting Research Projects: Facilitation Design Patterns” are now available.

Presented by Michael Corn (CISO, UCSD) and Cyd Burrows-Schilling (Research Facilitator, UCSD), the workshop helped prepare security professionals to support sponsored research projects. It provided an overview of how research operates within Universities; taught facilitation skills for working with faculty; and provided guidance on how to develop a project specific security plan that meets the requirements of NSD, DoD, and other sponsoring organizations.

We were honored to have Professor Tanya Berger-Wolf from the University of Illinois at Chicago join us in person. The session with Professor Berger-Wolf was a highlight of the workshop, and helped attendees understand how cybersecurity professionals can work with researchers and learn to navigate the gap between the traditional top-down approach to security and the practicalities of everyday research lab infrastructures.

And she is doing some really cool research.

Claire Mizumoto, Director of Research IT Services at UCSD joined us remotely and gave a thought-provoking presentation on the hurdles researchers face in obtaining funding, preparing grants, and meeting the aggressive time demands of obtaining tenure.

Florence D. Hudson, who is Founder and CEO at FDHint, LLC and Special Adviser to our friends at Trusted CI, the NSF Cybersecurity Center of Excellence, gave an overview of three extremely useful tools: the NSF Cybersecurity Planning Guide, the Software Engineering Guide, and the Information Security Practice Principles. If you’re charged with providing cybersecurity for research projects of any size, these are pretty much required reading.

Vlad Grigorescu, Security Engineer at ESnet, led a deep dive into ScienceDMZ, which is an excellent network design pattern for data-intensive research projects.
We’re grateful to all our guests for their participation and incredibly useful information. If you need more information on any of the topics presented, contact us at rsoc@iu.edu.

The workshop was organized by the ResearchSOC project (researchsoc.iu.edu – NSF award 1840034).

• Slide deck available here
• Cyber Ambassadors case scripts available here
• Intake Interview preparation example available here

Couldn’t make the workshop or hungry for more? No problem. Mark your calendar now for December 4-6, when we’ll present a full three-day workshop on the above topic. This hands-on workshop will be held on the University of California, San Diego campus. Details to follow.

The Research Security Operations Center (ResearchSOC) is a collaborative security response center that addresses the unique cybersecurity concerns of the research community. ResearchSOC helps make scientific computing resilient to cyberattacks and capable of supporting trustworthy, productive research. For more information on the ResearchSOC, visit our website or email rsoc@iu.edu.

Von Welch presenting a talk at NCSA, Thursday May 30th

Update: The talk has been posted to YouTube. The slides have been archived.

Von Welch will be presenting the talk, "Cybersecurity to Enable Science: Hindsight & Vision from the NSF Cybersecurity Center of Excellence," at the National Center for Supercomputing Applications on Thursday, May 30th at 10am Central.

Read the full event details here. We are streaming the presentation online if you are not able to attend in person.

How can cybersecurity play an enabling role in scientific research? This talk describes the first five years of experience from NSF Cybersecurity Center of Excellence, its vision for the next five, and its take on how cybersecurity supports scientific integrity, reproducibility, and productivity.

Speaker Bio: Von Welch has been enabling scientific research through cybersecurity for over twenty years. He serves as the Director and PI for the NSF Cybersecurity Center of Excellence (Trusted CI) and for the recently announced NSF-funded Research Security Operations Center (ResearchSOC). At Indiana University he is the Director of the Center for Applied Cybersecurity Research (CACR) and an Associate Director for the IU Pervasive Technology Institute.

Join Trusted CI's announcements mailing list for information about upcoming events.

CTSC presents half-day workshop at PEARC17

On Thursday July 13th, CTSC held a workshop on trustworthy scientific cyberinfrastructure at PEARC 2017 in New Orleans. CTSC PI Von Welch Started the day with an overview of NSF Cybersecurity Center of Excellence, including CTSC’s mission, vision, and engagements. Co-PI James Marsteller introduced the cybersecurity challenges for smaller projects and its impact on science, followed by Co-PI Jim Basney presenting the key aspects that define a cybersecurity program.

In the second session, XSEDE’s Nancy Wilkins-Diehr introduced the Science Gateways Community Institute (SGCI), which was established to provide solutions for sustaining science gateways. Von followed with a presentation on security for science gateways, concentrating on three key aspects: secure software development, identity and access control management, and operational cybersecurity. The remainder of the session was dedicated to lightning talks from workshop attendees. Internet2’s Florence Hudson presented on cybersecurity research transition to practice (TTP) acceleration; a concept aimed at accelerating transitions from NSF-funded late-stage cybersecurity research into research and education environments. Tom Barton (also of Internet2) discussed the globally federated system and what support is needed for research activities. He presented a summary of the current state of eduGAIN, which connects different national federation systems across the globe. And lastly, University of Pittsburgh’s Brian Stengel presented the NSF project Towards Security Assured Cyberinfrastructure in Pennsylvania (SAC-PA), which brings PA-based campus CI-practitioners, IT, and security professionals together to facilitate beneficial relationships in the region.

Slides from the workshop, as well as many more CTSC training materials, are available on our website.

CTSC Staff Present One-Day Training at GPN-GWLA All Hands Meeting

On June 2nd, CTSC’s Warren Raquel and Mark Krenz presented a one-day training workshop at the Great Plains Network & Greater Western Library Alliance annual All Hands Meeting in Kansas City. The training was a two-part presentation on Computer Incident Response and Security Log Analysis. The training was at the request of GPN, and we welcome such invitations in the future.

Warren began the training with a presentation on Computer Incident Response. He walked the attendees through the steps to take when preparing for security incident, how to detect and analyze the incident, and finally how to contain, eradicate, and recover machines and data. He ended the presentation by applying these steps to four different case studies of real security incidents. Warren said the case studies really helped reinforce the main points he wanted the attendees to learn and apply to their IR programs.

Mark presented the afternoon session on Security Log Analysis. He began with the security log analysis life cycle (collection, event management, analysis, and response) and provided examples of real attacks using Bro logs, Apache, Postfix, and more. The presentation gave the attendees ideas on how to improve their security, learn real command-line examples to apply at their organizations, as well as new methods to connect events across logs. Mark said the open Q&A format of the presentation was very rewarding. In one example, the group discussed their shared frustrations with a well known Wordpress plugin vulnerability that allows file systems to be “walked”. Mark then demonstrated a command (shown below) that could be used to detect these attempts to walk the filesystem in Bro and Apache logs.

grep -E "wp-admin.*\.\./.*\” 200 " access_log

While In Kansas City, Mark also had a chance to meet up with followers of his Command Line Magic (@climagic) Twitter account.

Mark’s and Warren’s presentations, as well as many more training materials, can be found on CTSC’s website. To contact us about presenting a training at your event, submit a request to our contact form.

About the GPN & GWLA

The GPN is a non-profit consortium of networks in the Midwest and Great Plains for the purpose of collaboration, cyberinfrastructure, and research. The GWLA is a non-profit consortium of libraries across the central and western US for the purpose of sharing technologies and programs related to scholarly communication and information sciences.

CTSC Netcast Wednesday at #I2Summit16

The CTSC session at the Internet2 Global Summit on Wednesday May 18 at 3pm Central Time will be streamed online. Please join us in person in the Indiana/Iowa room (on the 6th Floor) or online at https://meetings.internet2.edu/2016-global-summit/detail/10004146 for an update on CTSC activities and a discussion about cybersecurity challenges and opportunities for science. Tom Barton (University of Chicago) and Kim Milford (REN-ISAC) will present their perspective on this topic and participate in the discussion.

Also please don't forget the CCoE Webinar Series Kickoff on Monday May 23 at 10am Central Time. Visit http://trustedci.org/webinars for details.

CTSC at Educause Security Professionals

Susan Sons of CTSC will be presenting on CTSC at the Educause Security Professionals conference on April 19th from Noon-12:30. Addition, from 8-10pm on the 18th, she'll be leading a BoF on cybersecurity for science.

Analyzing authentication events

Part of CTSC's mission is to help educate the NSF community about tools and processes related to cybersecurity. For example, our software assurance team offers tutorials on static analysis tools and to test those tools, they provide benchmark datasets (code). In this article, we describe tools (Python modules) and a benchmark dataset for analyzing authentication data. However, the tools are sufficiently general that they could apply to other types of data related to cybersecurity, e.g. network traffic or more general data flows.

I recently had the pleasure of attending the SIAM Workshop on Network Science where I presented our poster on the analysis of a rather large authentication¹ dataset. The public dataset was made available from Los Alamos National Laboratory (LANL) and represented over 700 million anonymized authentication events over a nine-month period.[1][2]

Our poster submission demonstrated the use of Python to analyze and visualize the data. Since our scripts relied on various Python modules not found in the standard library, we recommended using the Anaconda Python distribution (3.x) which contained those modules (and a lot more). One key module that we used, to perform some of the network analysis, was NetworkX. Another module, to plot results, was matplotlib. We also demonstrated how one could use the IPython Notebook in a browser.

An authentication event was represented as a simple entry: "time,user,computer", where "time" was in seconds offset from the beginning, and "user, computer" were anonymized entries with unique numeric identifiers (e.g. U214,C148). We preprocessed the dataset to generate two files: one containing just the time values, another representing the user-computer information as a global, static graph. This type of graph, with two disjoint sets of nodes (users and computers), is known as a bipartite graph. Since the second file, containing the graph, took about 8 hours to generate, we made it publicly available in case others wanted to experiment. (Generating the first file, with only time values, just took a few minutes using one of our scripts.)

Our first step was to perform a sanity check on the time values for the authentication events. Fig. 1 is a histogram plot of all events over the nine-month period. Using the matplotlib module, we can interactively select a region to zoom into and see general daily and weekly usage patterns. The script to generate this histogram is parameterized so that a user can see more detailed (or coarse) plots.

Fig. 1: A histogram, over time, of all authentication events (top); zooming into a 2 week window (bottom)

Next, we use the NetworkX module to plot the graph and zoom in on particular nodes that seem to be hubs in the network. In the following two figures, the User nodes are colored red and Computer nodes are colored white. Fig. 2 shows C148 as a hub with numerous User nodes connected to it. Fig. 3, in contrast, shows U12 connecting to numerous computers. Obviously, if we had more information about the authentication events, we might be able to determine that certain User hubs were, for example, just the result of system administrators performing maintenance. On the other hand, it may be an indication of questionable user behavior.

Fig. 2: Node C148 as a hub.

Fig. 3: Node U12 as a hub.

In addition to visually inspecting the graph, we can programmatically analyze it to discover certain features, e.g., hubs or connected components. These techniques can be found in our poster and scripts.

Discussing results with LANL's Hagberg (left)

According to LANL's Aric Hagberg, there will likely be another dataset coming sometime this year that will have more metadata.

Our abstract, poster, Python scripts, and additional documentation can be found at https://github.com/rheiland/authpy.

We welcome your comments.

^{1. Authentication, in this context, is the process of verifying the identity of a person connecting to, e.g. logging into, a computer.}

---

[1] A. Hagberg, A. Kent, N. Lemons, and J. Neil. Credential hopping in authentication graphs. In 2014 International Conference on Signal-Image Technology Internet-Based Systems (SITIS). IEEE Computer Society, Nov. 2014.

[2] A. D. Kent, L. M. Liebrock, and J. C. Neil. Authentication graphs: Analyzing user behavior within an enterprise network. Computers & Security, 48:150-166, 2015.

Seeking CC-NIE projects for peer-to-peer cybersecurity reviews

Last week I had the opportunity to speak about cybersecurity for science at the NSF CC-NIE PI meeting.  As I mentioned in my presentation, CTSC is offering to facilitate cybersecurity peer reviews between CC-NIE PI projects. CTSC will provide a framework and guidance for the reviews, and facilitate them to make sure they complete successfully. We're excited about this process as it represents something that can both scale to the 80+ CC-NIE projects as well as help the projects share practices and build up expertise.

We've got one project already interested, if there are others, please let me know.

If you are a NSF project outside of the CC-NIE program and this sounds interesting, please let me know as we're interested in expanding this program if is proves successful.

Science Gateway Security Recommendations

Jim Basney is presenting "Science Gateway Security Recommendations" today at the Science Gateway Institute Workshop in Indianapolis. This paper is a joint effort between CTSC and the Science Gateway Security project. We invite discussions and comments in the Trusted CI Forum.

Updated to add: Jim's slides.

CTSC Presentation on NSF CI Cybersecurity Challenges and CTSC Activities

Earlier this month I had the opportunity to make a presentation at the NSF on cybersecurity challenges facing NSF cyberinfrastructure (CI) and what CTSC and the NSF CI community is doing to tackle those challenges. That presentation is available at http://pres.vonwelch.com/pres/CTSC-NSF-Jul-2013.pdf.