SGCI Webinar: Security recommendations for science gateways, Sept 29th @ 1pm EDT

This webinar announcement was originally posted on SGCI's website.

Security recommendations for science gateways

Wednesday, September 29, 2021, 1 pm Eastern/10 am Pacific

Presented by Mark Krenz, Chief Security Analyst, Center for Applied Cybersecurity Research, Indiana University

Trusted CI has recently published a four-page document targeted at small team science gateways. This document provides a prioritized list of security recommendations to help reduce overall security risk. In this webinar Mark Krenz, from Trusted CI, will be providing an introduction and overview of the document, as well as a discussion of the lessons learned from the last few years of providing security consultations for science gateways.

See SGCI's webinars page for the Zoom link and password.

Trusted CI and SGCI Collaborate to Secure the Galaxy Science Gateway Platform

Galaxy, an open-source, scientific workflow system developed by the Galaxy Project (GP) Community, provides a means to build multi-step computational analyses using a graphical web user interface that allows a user to specify the type of data to operate on, what steps to take, and in what order. It accelerates innovation by allowing researchers to carry out analyses without having to do any programming. Galaxy is also heavily used as a tool integration platform for biology and genomics with thousands of popular tools available. It supports data uploads from a user endpoint and many well-known, online data sources (such as the UCSC Genome Browser, BioMart, and InterMine), allowing users to analyze public data or bring their own.

In the second half of 2020, the Galaxy Project team engaged with Trusted CI to review the security of a new Galaxy software distribution being developed as a containerized package, with an eye toward its use with sensitive information such as protected health information (PHI). The Trusted CI team used effort funded by the SGCI and Trusted CI partnership.

The teams met weekly over the engagement period to develop a shared understanding of Galaxy’s architecture, data flows, existing safeguards, and software development practices. Trusted CI used the NIST 800-53 control catalog to guide the discussions and created a Galaxy System Security Plan (SSP), which will be offered to the Galaxy Community as a template to support compliance with security regulations for local installations. The engagement concluded with a report containing a series of recommendations to further improve Galaxy’s security posture. Trusted CI also identified opportunities for future engagements between Trusted CI and Galaxy as the scope for the present engagement was limited to the containerized package.

The Trusted CI team would like to extend our sincere thanks to the entire Galaxy team for their partnership throughout the engagement and we look forward to future opportunities to collaborate.

PEARC20: Another successful workshop and training at PEARC

Trusted CI had another successful exhibition at PEARC20.

We hosted our Fourth Workshop on Trustworthy Scientific Cyberinfrastructure for our largest audience to date. The topics covered during the year's workshop were:

• Community Survey Results from the Trustworthy Data Working Group (slides) 
• Presenters: Jim Basney, NCSA / Trusted CI; Jeannette Dopheide, NCSA / Trusted CI; Kay Avila, NCSA / Trusted CI; Florence Hudson, Northeast Big Data Innovation Hub / Trusted CI
  
• Characterization and Modeling of Error Resilience in HPC Applications (slides)
• Presenter: Luanzheng Guo, University of California-Merced 
  
• Trusted CI Fellows Panel (slides)
• Moderator: Dana Brunson, Internet2
• Panelists: Jerry Perez, University of Texas at Dallas; Laura Christopherson, Renaissance Computing Institute; Luanzheng Guo, University of California, Merced; Songjie Wang, University of Missouri; Smriti Bhatt, Texas A&M University - San Antonio; Tonya Davis, Alabama A&M University
• Analysis of attacks targeting remote workers and scientific computing infrastructure during the COVID19 pandemic at NCSA/UIUC (slides)
• Presenters: Phuong Cao, NCSA / University of Illinois at Urbana-Champaign; Yuming Wu, Coordinated Science Laboratory / University of Illinois at Urbana-Champaign; Satvik Kulkarni, University of Illinois at Urbana-Champaign; Alex Withers, NCSA / University of Illinois at Urbana-Champaign; Chris Clausen, NCSA / University of Illinois at Urbana-Champaign
• Regulated Data Security and Privacy: DFARS/CUI, CMMC, HIPAA, and GDPR (slides)
• Presenters: Erik Deumens, University of Florida; Gabriella Perez, University of Iowa;  Anurag Shankar, Indiana University
• Securing Science Gateways with Custos Services (slides)
• Presenters: Marlon Pierce, Indiana University; Enis Afgan, Johns Hopkins University; Suresh Marru, Indiana University; Isuru Ranawaka, Indiana University; Juleen Graham, Johns Hopkins University
  

We will post links to the recordings when they are made public.

In addition to the workshop, Trusted CI team member Kay Avila co-presented a Jupyter security tutorial titled “The Streetwise Guide to Jupyter Security” (event page) with Rick Wagner.  This presentation was based on the “Jupyter Security” training developed by Rick Wagner, Matthias Bussonnier, and Trusted CI’s Ishan Abhinit and Mark Krenz for the 2019 NSF Cybersecurity Summit.

PEARC20: Join us at the Fourth Workshop on Trustworthy Scientific Cyberinfrastructure

Join us at the Fourth Workshop on Trustworthy Scientific Cyberinfrastructure at PEARC20 on Monday July 27th, 8:00am - 12:00pm Pacific Time (11:00am - 3:00pm Eastern Time / 15:00 - 19:00 UTC). The workshop provides an opportunity for sharing experiences, recommendations, and solutions for addressing cybersecurity challenges in research computing. It also provides a forum for information sharing and discussion among a broad range of attendees, including cyberinfrastructure operators, developers, and users.

The workshop is organized according to the following goals:

• Increase awareness of activities and resources that support the research computing community's cybersecurity needs. 
• Share information about cybersecurity challenges, opportunities, and solutions among a broad range of participants in the research computing community.
• Identify shared cybersecurity approaches and priorities among workshop participants through interactive discussions.
  

Schedule

See our workshop page for the full presentation abstracts. The order of presentations is subject to change and will be posted to the workshop page. 

• 8:00 am Pacific / 11:00 am Eastern 
• Community Survey Results from the Trustworthy Data Working Group   
• Presenters: Jim Basney, NCSA / Trusted CI
  Jeannette Dopheide, NCSA / Trusted CI
  Kay Avila, NCSA / Trusted CI
  Florence Hudson, Northeast Big Data Innovation Hub / Trusted CI
• 8:30 am Pacific / 11:30 am Eastern 
• Characterization and Modeling of Error Resilience in HPC Applications 
• Presenter: Luanzheng Guo, University of California-Merced
• 9:00 am Pacific / 12:00 pm Eastern
• Trusted CI Fellows Panel
• Moderator: Dana Brunson, Internet2 
• Panelists: Jerry Perez, University of Texas at Dallas
  Laura Christopherson, Renaissance Computing Institute
  Luanzheng Guo, University of California, Merced
  Songjie Wang, University of Missouri
  Smriti Bhatt, Texas A&M University - San Antonio
  Tonya Davis, Alabama A&M University
  
• 9:30 - 10:30 am Pacific / 12:30 pm - 1:30 pm Eastern ***Break/Lunch***
• 10:30 am Pacific / 1:30 pm Eastern
• Analysis of attacks targeting remote workers and scientific computing infrastructure during the COVID19 pandemic at NCSA/UIUC
• Presenters: Phuong Cao, NCSA/U of Illinois at Urbana-Champaign
  Yuming Wu, Coordinated Science Lab/UIUC
  Satvik Kulkarni, U of Illinois at Urbana-Champaign
  Alex Withers, NCSA/U of Illinois at Urbana-Champaign
  Chris Clausen, NCSA/U of Illinois at Urbana-Champaign
• 11:00 am Pacific / 2:00 pm Eastern
• Regulated Data Security and Privacy: DFARS/CUI, CMMC, HIPAA, and GDPR
• Presenters: Erik Deumens, University of Florida
  Gabriella Perez, University of Iowa
  Anurag Shankar, Indiana University
• 11:30 am Pacific / 2:30 pm Eastern
• Securing Science Gateways with Custos Services
• Presenters: Marlon Pierce, Indiana University
  Enis Afgan, Johns Hopkins University
  Suresh Marru, Indiana University
  Isuru Ranawaka, Indiana University
  Juleen Graham, Johns Hopkins University

For any questions regarding this workshop, please contact workshop-cfp@trustedci.org.

Transition to Practice success story, part two: How CILogon powers science gateways

Different authentication scenarios must all work together for science gateways
 
Marlon Pierce, Ph.D., is director of the Cyberinfrastructure Integration Research Center at Indiana University (formerly the Science Gateways Research Center). Pierce leads distributed systems research into scalable cyberinfrastructure to support computational and data-driven science.

Trusted CI spoke with Pierce about how science gateways use CILogon. CILogon enables researchers to log on to cyberinfrastructure (CI). CILogon provides an integrated open source identity and access management platform for research collaborations, combining federated identity management (Shibboleth, InCommon) with collaborative organization management (COmanage). (Read the interview with Jim Basney who leads the CILogon project >>)

Pierce and his team have worked with Jim Basney and the CILogon team for quite a while, especially with two projects. One of those is an NSF-funded project called the Science Gateway Platform as a Service (SciGaP) that uses their Apache Airavata software-as-a-service.

The platform and one code-based installation can support many different gateway tenants. Each of those gateway tenants can support many different users.

“We might have a gateway that could be out of anywhere,” says Pierce. “They could work with communities all over the country or all over the world that are not tied to Indiana University, for example, where we are. We work with PIs from all over the country who want to offer their gateways.”

The essence of a gateway is that it supports communities of users who need to be authenticated. The gateways are not just anonymous. In fact, that is an important characteristic that they are not an anonymous science service. They need to be able to log in and use it through a sequence of actions that need to be recorded so that the gateway can keep track of work they do.

“You could think of those as creating digital objects,” says Pierce, “so the ability to do federated authentication is a cornerstone of all these projects which we outsource to the CILogon team. That is extremely valuable because it’s already solved for us.”

Pierce says now they can automate through some new services that CILogon provides. “Now every time we create a new gateway tenant, it also becomes a new tenant inside the CILogon system. That gateway could decide what authentication providers it wants to use. It could turn on the spigot and say, ‘come with whatever you have.’ For example, ‘I only want this for my university.’ CILogon provides many different capabilities.

Pierce has another NSF-funded project called Custos (NSF Award 1840003) that is about halfway finished that incorporates CILogon.

“It’s a cyberinfrastructure program that Jim Basney is co-PI on,” says Pierce, “that takes on some of the things we learned from SciGaP. Many gateways want some of our services but not all of them. Let’s say a gateway has solved for their own purposes this problem of running a job with a supercomputer but they'd like to outsource some of the other things that we built. For example, the security pieces. CILogon is a key part of the Custos project for us to provide a targeted set of capabilities that are specifically for gateways use cases with authentication being the cornerstone.”

Currently, Pierce estimates that between 2,000 and 3,000 science gateway users are directly impacted by CILogon.

Pierce and his team first started using CILogon several years ago with a project called SeaGrid that was part of the SciGaP project. At the time, their other projects were using in-house authentication methods. During the SeaGrid project and designing the security infrastructure, they realized early on that CILogon was the way to go.

“We’d worked with Jim on an earlier project in 2010 or 2012,” says Pierce. “We realized there was no other service that offered this type of reliability and the type of support we get from them.”

“They've done all the hard work with the ‘plumbing’ of authentication systems, so we don't have to do it. There are things out there like Open ID Connect, which they support, but we needed more than that. Since gateways are typically with academic partners, that means that we need solutions where we have any number of different authentication scenarios that all work together that are appropriate for a gateway.”

SciGaP is funded by the National Science Foundation's Software Infrastructure for Sustained Innovation (SI2) program through award #'s 1339774, 1339856, and 1339649.

Transition to Practice success story: Simplifying scientist access to cyberinfrastructure with CILogon

Service provides identity management, so research projects don’t have to.

[Want to learn the basics about Transition to Practice? Read an introduction to the Trusted CI Cybersecurity Technology Transition to Practice (TTP) program >>] 

CILogon enables researchers to log on to cyberinfrastructure (CI). CILogon provides an integrated open source identity and access management platform for research collaborations, combining federated identity management (Shibboleth, InCommon) with collaborative organization management (COmanage).

Jim Basney is a senior research scientist, cybersecurity division, National Center for Supercomputing Applications (NCSA), University of Illinois at Urbana-Champaign. Jim is also deputy director for Trusted CI. We spoke with Jim about CILogon and about its transition to practice.

TRUSTED CI: Please tell us about the scope of your work, and how CILogon fits into that.

I'm here in the security group at NCSA. We are focused on enabling secure access to computational resources for scientists.

One aspect of that is working with Trusted CI. In my role as the deputy director for Trusted CI, I help researchers with their cybersecurity challenges. That includes identity and access management but also cybersecurity policies, data management, and operational security topics -- a wide range of cybersecurity topics.

Outside of my Trusted CI work, I mainly focus on the topic of identity and access management. CILogon is one of the projects that I work on in that context.

I also work on a related project called SciTokens which is about using JSON Web Tokens for access to scientific cyberinfrastructure.

We are integrating the research that's coming out of the SciTokens project into the CILogon service.

TRUSTED CI: How will that help CILogon?

It's going to give researchers more options for authorizing access to the variety of scientific services that they're using. Right now, CILogon is providing ID tokens that identify the researcher. This allows research collaborations to do attribute-based access control and identity-based access control using the researcher’s login.

SciTokens also adds capability-based access control so that you can have a least-privilege access control policy based on a potentially complex set of policy rules to say, “Yes, you are authorized to access this file” or “You're authorized to access this cloud resource or this space on the wiki.” It does not need to be based on your individual identity.

TRUSTED CI: Users can get lots of information on the CILogon website. Tell us in your own words what you see as the primary benefit and what value it brings to users.

Our goal is to enable logon to scientific cyberinfrastructure. We want to make it seamless for researchers to access the cyberinfrastructure that they need to conduct their research and their scientific collaborations.

Part of making that seamless is we want researchers to be able to use their existing identities. In most cases that's a campus identity through their campus identity provider. That could be part of the InCommon Federation or globally part of the eduGAIN interfederation service, in many cases using the open source Shibboleth single sign-on software. But it could also be identities from other providers like Google or GitHub or ORCID.

In addition to enabling that logon, we want to enable the providers of cyberinfrastructure to manage the access to those resources through onboarding and offboarding procedures that control how researchers log on; the duration of the collaboration; the ability to set collaboration-specific attributes, groups, and roles; and to do that in one place so that researchers have a consistent level of access across all the different cyberinfrastructure services that they're using.

Enabling that consistency means that we need to provide a service that supports many APIs and protocols for integrating identity management with the variety of research applications that the scientists need to use.

In CILogon, we support a long list of standards including OpenID Connect, OAuth, JSON Web Tokens, SAML [Security Assertion Markup Language], LDAP, certificates, and public keys.

We provide all these capabilities in a nonprofit, open-source, reliable, hosted software-as-a-service offering from NCSA, which manages our resources, contracting, and subscription process.

The goal of providing it as a service is that we understand that identity and access management software is fairly complex to operate, so we have a team on the CILogon project with the needed operational experience. We provide that as a service to a variety of research projects so they don't have to become experts in the software themselves -- they can just rely on us.

Institutions can make it available to the research projects that their researchers are part of. Because we're using standards like SAML, Shibboleth, and the InCommon Federation, we connect with what the institutions are doing because so many institutions in the US and around the world are part of these academic research and education federations.

We are compatible with the identity and access management services that are already on campus, and we're providing the glue to make that work with research cyberinfrastructure.

TRUSTED CI: Can you give some specific examples or scenarios of the kind of infrastructure you're describing; who might be connecting to that and why?

First, I'll talk about different types of applications.

We see in different science projects that scientists may use a science gateway, which is a web portal that hosts a variety of science applications and data through a web interface. They may be logging in to an HPC cluster to submit a large simulation. They may create a Jupyter Notebook to develop their reproducible workflow for their scientific work. They may be posting results and having discussions on wikis or mailing lists. They might also be developing services and deploying them on Kubernetes. These are some of the services that we get requests to integrate with a common identity and access management system.

LIGO [Laser Interferometer Gravitational-Wave Observatory] is an example of a scientific collaboration that uses many of these services and is a CILogon subscriber. LIGO is an international collaboration making it possible for the researchers that are part of that collaboration to access all of these different applications in a convenient way. This means that they can get access to the signals from the scientific instrument so that they can quickly analyze those results and publish their scientific results in a collaborative and secure way.

We're focused on the academic research and scholarship use case and that's a very broad set of researchers -- thousands of researchers on thousands of campuses across the US and many more globally.

On one end of the scale, we serve the research project that is only one or two investigators with some grad students on one campus. Then on the other end of the scale are international collaborations that may have thousands of participants. By offering a software-as-a-service platform that has these common integration points and is easy to get connected to, we intend to make it easy both for the small projects and larger projects to take advantage of the services.

TRUSTED CI: Do they pay for this service?

We have a free tier and then we have paid tiers that provide additional functionality and that also provide the contracted service-level agreements that especially the larger research projects depend on.

TRUSTED CI: Any restrictions on your target audience? In other words, do you have to be a US facility to be a paid client or a free client or could it be any other country?

It's not restricted to US facilities or just to NSF projects. Our requirement is that you do need to be focused on academic research. We're not serving the commercial research space.

In part, our target audience is meant to be compatible with what's called the REFEDS Research and Scholarship Entity category. That's an internationally recognized identity management policy about information sharing between academic institutions to support research using Federated Identity. That really enables all the work that we do with CILogon.

It's very important for us to stay within the bounds of that policy focused on the academic research use case.

TRUSTED CI: Do you have many international users?

Yes. We currently have about 8,000 active users each month and a significant percentage of those users are international. For example, we have over 100 active users from CERN [the European Organization for Nuclear Research]. We also see users from Germany, the UK, Italy, the Czech Republic, South Korea, Australia, and elsewhere.

TRUSTED CI: Anything else our readers need to know that is not documented on the website?

Everything should be documented on the CILogon website, and users can log in right from there.

TRUSTED CI: Talk a bit more about your support structure and particularly the paid tiers.

We have three tiers that are described on the website where your readers can find more details.

We call the no-charge tier our basic authentication tier. As the name implies, it's just providing our authentication service without any group management or attribute management -- just a basic authentication service with best-effort support.

The first paid tier is called Essential Collaboration Management. That adds the collaboration support -- the onboarding and offboarding, groups, attributes, and roles that are managed through open source software called COmanage. We publish that information into an LDAP directory and a SAML attribute authority providing multiple standard interfaces to the information about the researcher’s role in the collaboration. When a collaboration subscribes to that tier, that gives them the ability to manage that information about their collaboration in our environment.

The full-service tier includes all those capabilities plus it adds the SciTokens capability and adds Grouper for advanced access management and also provides dedicated service instances for more customized capabilities and improved performance.

TRUSTED CI: What is the chronology of CILogon?

CILogon grew out of NSF grants back in 2004 called GridShib for grid computing and Shibboleth. Combining those two technologies, we've built up the capability thanks to several NSF grants over the years, along with a Department of Energy grant. We had our first CILogon award from NSF in 2009 but we built that using software that was developed from the 2004 GridShib award [NSF award 0438385]. CILogon went live in 2010 with the free service tier.

In 2019, we transitioned from grant funding to the subscription funding model. We're now in our second year of subscription funding support.

Except for some core operational support that we get from XSEDE [the Extreme Science and Engineering Discovery Environment], which is really critical for the sustainability of that free tier, we are fully subscriber-funded.

TRUSTED CI: Are there other collaborators that you want to mention?

Scott Koranda is my co-PI. Scott works for a company called Spherical Cow Group. And of course, none of this would be possible without InCommon.

TRUSTED CI: Are there other things you've spawned from CILogon that are adding additional value?

Grouper and COmanage are existing products that we integrated into the CILogon service offering. Out of CILogon, SciTokens is one example where we spun off research building on some of the existing CILogon technology, developed new capabilities, and are bringing it back into the CILogon operational service.

TRUSTED CI: Is the software available to others?

All of our software is open source and published on GitHub.

The RCauth.eu service in Europe is an example of offering similar services using our open source software. Other large infrastructure providers can take the software and operate it themselves if they’d like, though we believe there is significant value provided by the CILogon operational team through our software-as-a-service offering.
___
This material is based upon work supported by the National Science Foundation under grant numbers 0850557, 0943633, 1053575, 1440609, 1547268, and 1548562 and by the Department of Energy under award number DE-SC0008597. CILogon operations is supported by subscribers.

Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the United States Government or any agency thereof.

Trusted CI Webinar Mar 23rd at 11am ET: OnTimeURB with Prasad Calyam

University of Missouri-Columbia's Prasad Calyam is presenting the talk, "OnTimeURB: Multi-cloud Broker Framework for Creation of Secure and High-performance Science Gateways," on March 23rd at 11am (Eastern).

Please register here. Be sure to check spam/junk folder for registration confirmation email.

Data-intensive science applications in research fields such as bioinformatics, chemistry, and material science are increasingly becoming multi-domain in nature. To augment local campus CyberInfrastructure (CI) resources, these applications rely on multi-institutional resources that are remotely accessible (e.g., scientific instruments, supercomputers, public clouds). Provisioning of such federated CI resources has been traditionally based on applications’ performance and quality of service (QoS) requirements. This talk will detail our project that aims to augment traditional resource provisioning schemes through novel schemes for formalizing end-to-end security requirements to align security posture across multi-domain resources with heterogeneous policies. We will present our OnTimeURB broker design to foster end-to-end multi-domain security for science gateway applications in bioinformatics and health information sharing that involves defining, formalizing and implementing security specifications along an application's workflow lifecycle stages.

More information about OnTimeURB is available at https://sites.google.com/view/ontimebroker/.

Speaker Bio: Prasad Calyam is an Associate Professor in the Department of Electrical Engineering and Computer Science at University of Missouri-Columbia. His research and development areas of interest include: Distributed and Cloud Computing, Cyber Security, Computer Networking, Networked-Multimedia Applications, and Advanced Cyberinfrastructure. He has published over 125 papers in various conference and journal venues. He is a Senior Member of IEEE.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Spotlight on the Trusted CI partnership with the Science Gateway Community Institute

The Science Gateway Community Institute (SGCI) is an NSF-funded initiative to provide services, resources, community support, and education to those seeking to create and sustain science gateways -- online interfaces that give researchers, educators, and students easy access to specialized, shared resources that are specific to a science or engineering discipline.

Trusted CI began its partnership with SGCI about three years ago. The partnership has developed into two main functions: to provide specialized engagements to gateway developers and operators seeking cybersecurity support, and to present on relevant cybersecurity topics during SGCI focus weeks (formerly called "bootcamps") and related events.

Trusted CI Engagements with Science Gateways

Below are a few examples of Trusted CI's contributions to science gateways

• GISandbox: Reviewed their operational security and science gateway code
• 'Ike Wai: Reviewed their identity and access management (IAM) implementation
• EarthCube Data Discovery Studio: Reviewed the security of the project server and website
• UC SanDiego's BRAIN Lab: Advised on using the cloud storage service, Box, for one of their projects
• The Rolling Deck to Repository (R2R): Presented best practices in transferring and archiving data
• SeedMeLab: Advised the project on using software penetration testing
• cloudperm: Trusted CI has written an app that checks permissions on Google documents to identify potential sensitive material accessible to the public. This scan has been used by SGCI to review its own documents.

Resources offered by Trusted CI include:

• Developing a Cybersecurity Program: a tractable method to build policies and procedures for cyberinfrastructure
• Cybersecurity checkups: a tailored approach to accessing the maturity of a security program
• Identity and Access Management: a collection of resources to improve authentication and authorization
• Open Science Cyber Risk Profile: Providing risk profiles for common scientific assets.
• Training: providing training on cybersecurity via Science Gateway focus weeks and webinars
• Providing advice to the SGCI team on protecting their own internal information assets.

Upcoming events

The next SGCI focus week is September 9 - 13 in Chicago, IL. According to the website, a few spots are still available.
The Gateways 2019 Conference is September 23 - 25 in San Diego, CA.

Trusted CI at Gateways '18

On September 25-27, Gateways '18 will happen in Austin, Texas, and Trusted CI is attending as a bronze-level sponsor. The conference, delivered by Science Gateways Community Institute (SGCI), provides a venue for creators and enthusiasts of science gateways -- typically a web portal or a suite of desktop applications that allow science & engineering communities to access shared resources specific to their disciplines -- to learn, share, connect, and shape the future of gateways as part of a vibrant community with common interests.

This gathering for gateway creators and enthusiasts features hands-on tutorials, demos, keynotes, presentations, panels, posters, and plenty of opportunities to connect with colleagues, as well as a Resource Expo which Trusted CI is proud to be participating in. So, if you attend the conference, please stop by our exhibitor’s table, say hello, and learn about Trusted CI’s current activities and resources available for the Gateways Community.

SGCI Webinar Feb. 14th at 1pm ET: Cybersecurity for the Modern Science Gateway.

CTSC's Von Welch and Mark Krenz are presenting the talk "Cybersecurity for the Modern Science Gateway" on February 14th at 1pm (Eastern) for the Science Gateway Community Institute's (SGCI) February Webinar.

Please register here.

  Science Gateways may be varied in their individual design and purpose, but can all benefit from a commonly used approach to Cybersecurity. Join security experts from the Center for Trustworthy Scientific Cyberinfrastructure (CTSC) as they present an easy to follow overview of the resources available to start or improve your gateway's cybersecurity program. From this presentation you will learn the three key cybersecurity aspects that science gateways share as well as the three goals your program should strive to achieve in cybersecurity program. An overview of techniques and tools will be shown to provide guidance to those not focused on cybersecurity, but wishing to address it's challenges.

This talk is presented by Von Welch and Mark Krenz. Von Welch is the Director and PI of the Center for Trustworthy Scientific Cyberinfrastructure and Director of the Center for Applied Cybersecurity Research at Indiana University. Mark Krenz is the Lead Security Analyst for the Center for Applied Cybersecurity Research at Indiana University.

CTSC at Gateways 2016

The Gateways 2016 conference (Nov 2-3, 2016) drew about 120 attendees to learn more about science gateways and the communities they serve. As the lead for CTSC’s collaboration with the Science Gateways Community Institute (SGCI), Randy Heiland (CTSC) led a tutorial on Secure Software Engineering Best Practices and presented an overview of CTSC and its partnership with SGCI.
Science gateways help expand and broaden participation in science - research and education, by providing user-friendly interfaces to computing, data, networking and scientific instrumentation. The goal of the SGCI is to speed the development and application of robust, cost-effective, sustainable gateways and address the needs of scientists and engineers. Within the five-component design of SGCI, CTSC will formally be part of the Incubator component and will focus on security education for gateway software developers and operators.

One of many “open spaces” topical sessions at Gateways 2016. To learn more about CTSC’s training, including Secure Software Engineering Best Practices, visit: http://trustedci.org/trainingmaterials/
To apply for a one-on-one engagement with CTSC, visit http://trustedci.org/application/

CTSC Collaboration with Science Gateways Community Institute

On Friday, NSF announced $35 million in funding for two new Software Institutes to improve scientific software. We are excited that CTSC already has a collaboration established with one of the two institutes, the Science Gateway Community Institute (SGCI).

SGCI and CTSC are jointly funding one half of an analyst who will work as part of CTSC on security issues for the science gateway community and play a key consulting role in SGCI’s Incubator program by advising gateway developers on cybersecurity issues and providing security reviews for existing gateways.

Science gateways are used by a large portion of the science community and CTSC’s ability to impact cybersecurity for this key cyberinfrastructure component will allow us to increase the trustworthiness of a broad segment of science. We applaud SGCI’s leadership in cybersecurity by engaging with us when they wrote their proposal.

Congratulations to both of the new software institutes! We look forward to our collaboration with SGCI and also stand ready to help the Molecular Science Software Institute as we would any other NSF project through our application process.

You can read more about CTSC’s involvement in SGCI in the IU press release for the SGCI.

Science Gateway Security Recommendations

Jim Basney is presenting "Science Gateway Security Recommendations" today at the Science Gateway Institute Workshop in Indianapolis. This paper is a joint effort between CTSC and the Science Gateway Security project. We invite discussions and comments in the Trusted CI Forum.

Updated to add: Jim's slides.