Fifth Workshop on Trustworthy Scientific Cyberinfrastructure (TrustedCI@PEARC21)

PEARC21 will be held virtually on July 19-22, 2021 (PEARC website)

Date: Monday July 19th at 8am - 11am Pacific time

LINK TO WORKSHOP

WORKSHOP MATERIALS

Jump to workshop schedule

The Fifth Workshop on Trustworthy Scientific Cyberinfrastructure (TrustedCI@PEARC21) provides an opportunity for sharing experiences, recommendations, and solutions for addressing cybersecurity challenges in research computing. The half-day (3 hour) workshop provides a forum for information sharing and discussion among a broad range of attendees, including cyberinfrastructure operators, developers, and users.

The workshop is organized according to the following goals:

  • Increase awareness of activities and resources that support the research computing community's cybersecurity needs.

  • Share information about cybersecurity challenges, opportunities, and solutions among a broad range of participants in the research computing community.

  • Identify shared cybersecurity approaches and priorities among workshop participants through interactive discussions.

Implementing cybersecurity for open science across the diversity of scientific research projects presents a significant challenge. There is no one-size-fits-all approach to cybersecurity for open science that the research community can adopt. Even NSF Major Facilities, the largest of the NSF projects, struggle to develop effective cybersecurity programs. To address this challenge, practical approaches are needed to manage risks while providing both flexibility for project-specific adaptations and access to the necessary knowledge and human resources for implementation. This workshop brings community members together to further develop a cybersecurity ecosystem, formed of people, practical knowledge, processes, and cyberinfrastructure, that enables research projects to both manage cybersecurity risks and produce trustworthy science.

Program Committee

Jim Basney (NCSA)
Kathy Benninger (PSC)
Dana Brunson (Internet2)
Barton Miller (UW-Madison)
Sean Peisert (LBNL)
Von Welch (Indiana University)

Workshop Schedule & Abstracts

8:00 am Pacific / 11:00 am Eastern - Welcome and opening remarks

8:10 am Pacific / 11:10 am Eastern - The Trusted CI Framework: A Minimum Standard for Cybersecurity Programs

Presenters: Scott Russell, Ranson Ricks, Craig Jackson, and Emily Adams; Trusted CI / Indiana University’s Center for Applied Cybersecurity Research

Abstract: This presentation will introduce how your organization can use the Trusted CI Framework and the Framework Implementation Guide. The presentation will focus on key cybersecurity program enablers of mission alignment, governance, resourcing, and controls. It will include walking through the Framework’s 4 Pillars and 16 Musts, highlighting the Framework Implementation Guide and other tools and templates supporting the Framework, and overviewing strategies for adopting the Framework.

8:40 am Pacific / 11:40 am Eastern - Google Drive: The Unknown Unknowns

Presenters: Mark Krenz; Trusted CI / Indiana University’s Center for Applied Cybersecurity Research

Abstract: In this talk we will briefly introduce the audience to Google Drive, sharing some of our own experiences with dealing with security concerns surrounding it. Then we will provide an overview of the issues that academic and research institutions face when using it. We'll highlight the security threats to your data and how to deal with various situations, such as when someone leaves a project, when data is accidentally deleted, or when data is shared and you don't know it. In the 2nd half of the presentation we'll provide the audience with some solutions to these security issues that are useful to a variety of institutions large and small as well as individual projects and people. Some of these solutions were developed by our team to solve our own issues and so now we're sharing these solutions and tools with the

9:10 am Pacific / 12:10 pm Eastern - Experiences Integrating and Operating Custos Security Services

Presenters:

  • Isuru Ranawaka, Dimuthu Wannipurage, Samitha Liyanage, Yu Ma, Suresh Marru, and Marlon Pierce; Indiana University

  • Dannon Baker, Alexandru Mahmoud, Juleen Graham, and Enis Afgan; Johns Hopkins University

  • Terry Fleury, and Jim Basney; University of Illinois Urbana Champaign

Abstract: Science gateways provide researchers and educators with a variety of user environments for accessing scientific software, computing, and data resources. Managing user identities, accounts, and permissions are essential tasks for science gateways, and gateways likewise must manage secure connections between their middleware and remote resources. The Custos project is built on open source software and is operated as a multi-tenanted service that provides reliable implementations of common science gateway cybersecurity needs. These include federated authentication, identity management, group and authorization management, and resource credential management. Custos aims further to provide integrated solutions across these capabilities that provide end-to-end support for several science gateway usage scenarios. In this presentation, we will examine the details and benefits of the following scenarios between Custos and a science gateway: Galaxy, HathiTrust Research Center (HTRC), and Science Gateways Platform as a service (SciGaP).

9:40 am Pacific / 12:40 pm Eastern - 10 minute Break

9:50 am Pacific / 12:50 pm Eastern - Drawing parallels and synergies between NSF and NIH cybersecurity projects

Presenters:

  • Enis Afgan, Alexandru Mahmoud, Dannon Baker, and Michael Schatz; Johns Hopkins University

  • Jeremy Goecks; Oregon Health and Sciences University

Abstract: User authentication and identity are core pillars of modern software applications that often operate in the cloud, across federated domains, and utilize protected datasets. These circumstances have been recognized as a widespread need that the NSF and NIH have both funded. The goal of the presentation is to stimulate lively discussion among the participants on how to increase synergy and compatibility between the projects funded by the different agencies so downstream applications can simultaneously benefit from both. Example topics include feasibility of connecting NIH and NSF IdPs better, how to propagate user identities from infrastructure to a dataset, and collecting additional use cases and requirements when aggregating datasets from different sources.

10:20 am Pacific / 1:20 pm Eastern - How InCommon is helping its members to meet NIH requirements for federated credentials

Presenters: Tom Barton; Internet2

Abstract: NIH is in process of implementing new and stronger requirements on credentials used to access some of their services, notably services related to grants management and sensitive data access. They are deeply vested in relying on federated credentials since they have seen that improve the speed with which research happens. The objective of the presentation is to make more people aware of the emergence among InCommon members of support for strong authentication, identity proofing, and other protections for their federated credentials.

10:50 am Pacific / 1:50 am Eastern - Wrap up and final thoughts (10 minutes)

About the Workshop Series

This is the fifth workshop in the series. The workshop has been held previously at PEARC17 through PEARC20. There were 52 attendees at the workshop last year. Please visit https://trustedci.org/workshops for materials from prior workshops.