Friday, February 1, 2013
Control systems security at CERN
Interesting article on control systems security at CERN and the steps they have taken with regards to cybersecurity in light of Stuxnet and similar malware.
Labels:
CERN
Friday, January 25, 2013
NSF-Sponsored Workshop to Explore Social Science Contributions to Understanding Cyber Security
There is a call for white papers, due Feb 1, for the NSF-Sponsored Workshop to Explore Social Science Contributions to Understanding Cyber Security. For information see the workshop announcement (pdf).
Labels:
events
Monday, January 21, 2013
Software security needs survey and vulnerability handling
Last week, I was part of a panel at the NSF SI2 PI meeting. It was a good meeting discussing a lot of the challenges we are facing with sustainability and engaging the science community. Two presentations I found of particular interest were Neil Chue Hong's presentation on Software Sustaibaility (I'm very happy to have Neil on CTSC's advisory committee) and Jim Herbsleb's presentation on software ecosystems (not posted at this time unfortunately).
My presentation was on things software projects should do in order to handle vulnerabilities, something members of the CTSC team have from being leaders of software projects, from being part of the team running large production infrastructures and doing research into finding software vulnerabilities. For those wanting more information on this topic, I wrote a white paper on it a couple years ago.
I also announced that CTSC has a survey for NSF projects writing software. We'd like to better understand your projects needs, so please take a few minutes to complete it. Or if you prefer, just contact me directly at vwelch@indiana.edu or (812) 856-0363.
My presentation was on things software projects should do in order to handle vulnerabilities, something members of the CTSC team have from being leaders of software projects, from being part of the team running large production infrastructures and doing research into finding software vulnerabilities. For those wanting more information on this topic, I wrote a white paper on it a couple years ago.
I also announced that CTSC has a survey for NSF projects writing software. We'd like to better understand your projects needs, so please take a few minutes to complete it. Or if you prefer, just contact me directly at vwelch@indiana.edu or (812) 856-0363.
Tuesday, January 15, 2013
CTSC and LIGO Collaborate on Interfederation
CTSC and LIGO are working together to enable international access to cyberinfrastructure through interfederation.
By leveraging federated identity, LIGO seeks to streamline electronic collaboration with other gravitational wave, astronomy, and astrophysics projects throughout the world. LIGO is a member of the InCommon Federation, which enables federation with institutions in the United States but does not, at this time, address federation with entities outside the US. Today, federation with entities in Europe, Japan, Australia, and Canada requires LIGO to negotiate peer-to-peer federation individually with each entity.
The CTSC-LIGO collaboration is:
By leveraging federated identity, LIGO seeks to streamline electronic collaboration with other gravitational wave, astronomy, and astrophysics projects throughout the world. LIGO is a member of the InCommon Federation, which enables federation with institutions in the United States but does not, at this time, address federation with entities outside the US. Today, federation with entities in Europe, Japan, Australia, and Canada requires LIGO to negotiate peer-to-peer federation individually with each entity.
The CTSC-LIGO collaboration is:
- Documenting the challenges LIGO faces today when negotiating peer-to-peer federation with individual entities.
- Setting the stage for LIGO and EGO to federate in the future.
- Working to enable interfederation for LIGO through InCommon.
- Investigating and reporting on the likelihood and timescale for federation between LIGO and other entities in Europe via eduGAIN.
- Assisting LIGO-India with documenting federation use cases and engaging with federation efforts in India.
- Actively participating in REFEDS, the leading discussion and coordination forum for international interfederation.
Labels:
iam
Friday, December 7, 2012
Workshop on Changing Landscapes in HPC Security (CLHS), 2013
I'm excited about this workshop, which is June 17, 2013 and co-located with HPDC. A couple of us from CTSC, myself and Jim Marsteller, are on the program committee. Please see the workshop website for more information and note that abstracts are due February 4th, 2013.
From Scott Campbell and Aashish Sharma's description:
Providing effective and non-intrusive security within a HPC
environment provides a number of challenges for both researchers and
operational personnel. What constitutes HPC has expanded to include
cloud computing, 100G networking, cross-site integration, and web 2.0
based interfaces for job submission and reporting, increasing the
complexity of the aggregate system dramatically. This growing
complexity and it's new issues is set against a backdrop of routine
user and application attacks, which remain surprisingly effective over
time.
The CLHS workshop will focus on the problems inherent in securing
contemporary large-scale compute and storage systems. To provide some
clarification we have broken this out into four general areas or
questions. First is Attribution: who is doing what in terms of
process activity and/or network traffic? Second is looking beyond the
interactive nodes: what is going on in the computing pool? Third
involves job scheduler activity and usage: what is being run, how has
it is been submitted and is this activity abnormal? Finally a more
philosophical topic of why securing complex systems is so difficult
and what can be done about it. While these specific areas are
interesting starting points for papers and presentations, any original
and interesting topic will be considered.
This year there will be two separate tracks for paper submission:
* Research Paper track
* State of the Practice
We will ask participants in the research paper track to add a section
describing in some detail their ongoing and future data needs. This
is principally to help researchers articulate the details of their
data oriented needs, as well as improving communications between data
generators and consumers.
For the State of of the Practice papers, the focus will be on the
resolution of specific issues - ideally those identified in the
Overview section, but really any significant problem which is endemic
to the HPC domain. Within the paper an explanation and exploration of
the issue, resolution description and a numerical analysis showing
that the proposed issue resolution was successful. Like in the
Research Papers track, it would be desirable to add a section on data
resources that might be available to researchers - either individually
or in larger sets.
From Scott Campbell and Aashish Sharma's description:
Providing effective and non-intrusive security within a HPC
environment provides a number of challenges for both researchers and
operational personnel. What constitutes HPC has expanded to include
cloud computing, 100G networking, cross-site integration, and web 2.0
based interfaces for job submission and reporting, increasing the
complexity of the aggregate system dramatically. This growing
complexity and it's new issues is set against a backdrop of routine
user and application attacks, which remain surprisingly effective over
time.
The CLHS workshop will focus on the problems inherent in securing
contemporary large-scale compute and storage systems. To provide some
clarification we have broken this out into four general areas or
questions. First is Attribution: who is doing what in terms of
process activity and/or network traffic? Second is looking beyond the
interactive nodes: what is going on in the computing pool? Third
involves job scheduler activity and usage: what is being run, how has
it is been submitted and is this activity abnormal? Finally a more
philosophical topic of why securing complex systems is so difficult
and what can be done about it. While these specific areas are
interesting starting points for papers and presentations, any original
and interesting topic will be considered.
This year there will be two separate tracks for paper submission:
* Research Paper track
* State of the Practice
We will ask participants in the research paper track to add a section
describing in some detail their ongoing and future data needs. This
is principally to help researchers articulate the details of their
data oriented needs, as well as improving communications between data
generators and consumers.
For the State of of the Practice papers, the focus will be on the
resolution of specific issues - ideally those identified in the
Overview section, but really any significant problem which is endemic
to the HPC domain. Within the paper an explanation and exploration of
the issue, resolution description and a numerical analysis showing
that the proposed issue resolution was successful. Like in the
Research Papers track, it would be desirable to add a section on data
resources that might be available to researchers - either individually
or in larger sets.
Labels:
events
Monday, December 3, 2012
CTSC Position at Indiana U.
CACR has a postition open for CTSC. This is an exciting opportunity to work both in cybersecurity and some of the coolest computational science. To apply, please see the position notice below. Contact Von Welch with any questions.
Postition posting: http://www.indiana.edu/~uitshr/services/jobs/SrSysAnCACR_38537.html
Postition posting: http://www.indiana.edu/~uitshr/services/jobs/SrSysAnCACR_38537.html
MAGIC Identity Management Meeting at SC12
As mentioned in a prior post, the Middleware
And Grid Interagency Coordination (MAGIC) group met at SC12 to discuss identity management with an international perspective. Presentation slides and meeting minutes are now available on the MAGIC Meetings page. Scott Koranda presented on LIGO's need for international federation (more on that in a future CTSC blog post). Steven Newhouse presented two documents (Federated Identity Management for Research Collaborations and Authentication Solutions in the European Grid Infrastructure) on international community practice and needs. Ian Foster presented Globus Online's identity and group management hub (called Globus Nexus), and Jim Basney presented the CILogon federated online certificate authority.
Participation in MAGIC is open to the public. The next MAGIC meeting is this Wednesday (December 5) from 2-4pm EST. Mine Altunay will discuss identity management for Open Science Grid. To participate by teleconference, dial 877-937-5634 and use access code 139891.
Participation in MAGIC is open to the public. The next MAGIC meeting is this Wednesday (December 5) from 2-4pm EST. Mine Altunay will discuss identity management for Open Science Grid. To participate by teleconference, dial 877-937-5634 and use access code 139891.
Labels:
iam
Subscribe to:
Posts (Atom)