Applications and Tools Supporting Scientific Research The panel - - PowerPoint PPT Presentation

applications and tools supporting
SMART_READER_LITE
LIVE PREVIEW

Applications and Tools Supporting Scientific Research The panel - - PowerPoint PPT Presentation

May 31, 2023 196 likes •383 views

NSF Campus Cyberinfrastructure PI and Cybersecurity Innovation for Cyberinfrastructure PI Workshop Case Studies on Cybersecurity Applications and Tools Supporting Scientific Research The panel will focus on the models on CICI projects and

slide-1
SLIDE 1

Case Studies on Cybersecurity Applications and Tools Supporting Scientific Research

The panel will focus on the models on CICI projects and transition to practice as well as the plans for/or impact of the applications and tools developed through the CICI grants on scientific advancement.

NSF Campus Cyberinfrastructure PI and Cybersecurity Innovation for Cyberinfrastructure PI Workshop

slide-2
SLIDE 2

NSF Campus Cyberinfrastructure PI and Cybersecurity Innovation for Cyberinfrastructure PI Workshop

September 24 – 26, 2018 | University of Maryland, College Park, MD

Deliverables:

  • NSF cybersecurity research inventory of over 800 awards
  • 5 regional workshops involving over 200 participants from 116 institutions
  • Engagement with many campus researchers/staff in over 50 visits

Goals:

  • Accelerate TTP of cybersecurity research into R&E environments
  • Foster interaction/collaboration between campus cybersecurity

researchers, CIOs, CISOs, and IT staff

  • Facilitate exchange of ideas/lessons learned through nationwide
  • utreach and workshops

EAGER: Cybersecurity Transition to Practice (TTP) Acceleration Award 1650445 - PI: Ana Hunsinger, Internet2

  • Exchange of findings in federated access management, network security, Smart

Grid, Cyber-physical systems, cloud security/storage, and data analytics/security

  • Lessons learned for supporting trustworthy campus CI – next slide
slide-3
SLIDE 3

EAGER Workshop: Enabling Trustworthy Campus Cyberinfrastructure for Science – Monday September 24, 2018

Partnered with Trusted CI* How can research computing and information security programs work together to effectively support open and regulated research? 17 campus security and research computing leads and 2 regional networks

  • Challenges, successes, lessons
  • Next steps

*Trusted CI, the NSF Cybersecurity Center of Excellence, also supported by the National Science Foundation under Grant ACI-1547272

slide-4
SLIDE 4

PANELISTS

  • Wei-Shinn Ku, Auburn University
  • NSF Project: III: Indoor Spatial Query Evaluation and Trajectory Tracking with

Bayesian Filtering Techniques (Award #1618669)

  • NSF Project: Secure and Resilient Architecture: Data Integrity Assurance and

Privacy Protection Solutions for Secure Interoperability of Cloud Resources (Award #1642133)

  • Yan Luo, University of Massachusetts-Lowell
  • NSF Project: SECTOR: Building a Secure and Compliant Cyberinfrastructure for

Translational Research (Award #1738965)

  • NSF Project: STREAMS: Secure Transport and REsearch Architecture for

Monitoring Stroke Recovery (Award #1547428)

  • Ping Yang, SUNY at Binghamton
  • NSF Project: Infrastructure Support for Securing Large-Scale Scientific Workflows

(Award #1738929)

NSF Campus Cyberinfrastructure PI and Cybersecurity Innovation for Cyberinfrastructure PI Workshop

slide-5
SLIDE 5

Wei-Shinn Ku Auburn University

slide-6
SLIDE 6

Data Integrity Assurance and Privacy Protection Solutions for Secure Interoperability of Cloud Resources

  • An NSF Collaborative Cybersecurity Innovation for

Cyberinfrastructure (CICI) project for three years (10/2016 – 9/2019)

  • Auburn University (lead institute) and the University
  • f Alabama at Birmingham
  • Co-PIs from Geosciences, CS, and ECE
  • Major project goals:
  • 1. Developing query integrity assurance techniques for cloud spatial

databases

  • 2. Designing cloud data privacy protection methods

6

slide-7
SLIDE 7

Data Integrity Assurance and Privacy Protection Solutions for Secure Interoperability of Cloud Resources

  • 3. Modeling the trade off between query integrity assurance and query

evaluation costs

  • 4. Realizing secure cloud data provenance mechanisms
  • 5. Implementing a prototype system, where all the components are

integrated for security and performance evaluation

slide-8
SLIDE 8

Data Owner (DO)

Project Motivation

8

Service Provider (SP) Mobile User

slide-9
SLIDE 9

CICI: SECTOR: Building a Secure and Compliant Cyberinfrastructure for Translational Research

Yan Luo, University of Massachusetts Lowell In collaboration with Drs. Yu Cao (UMass Lowell), Peilong Li (Elizabethtown College), Silvia Corvera and Jomol Mathew (UMass Medical School)

slide-10
SLIDE 10

Challenges in Computing on Medical Data

  • Medical Data and Applications
  • Diagnosis, monitoring, analysis using heterogeneous data
  • Compute-intensive, delay-sensitive, or real-time
  • Data Security and Privacy
  • HIPAA Compliance: data storage, transfer, processing
  • Challenges
  • Traditionally closed environment, not designed for data sharing
  • Problematic data management: plaintext storage, coarse-grained

access control, weak key management policy

  • Gap between existing CI and emerging technologies
slide-11
SLIDE 11

SECTOR Overview

  • SECTOR building blocks sit at

the “edge”

  • Data flows analyzed, de-

identified or encrypted

UMass Lowell Datacenter UMass Medical School MGHPCC SECTOR SDI Framework Internet GPU CPU

User Portal vDNS

CPU Xeon Phi Private Cluster HIPPA Compliant Cloud GPU Storage Storage

Blockchain SDN Controller Analy tics Streaming Engine

SECTOR SDI Framework

User Portal vDNS Blockchain SDN Controller Analy tics Streaming Engine

SECTOR SDI Framework

User Portal vDNS Blockchain SDN Controller Analy tics Streaming Engine

Storage

All blocks are running

  • n CORD software

stack

  • Blockchain prevent data

tempering and enforce data access control

  • SDN for network flow

level security control

slide-12
SLIDE 12

Data Sharing Control

  • Data Layer

– Access control – Key management – Privacy

  • Blockchain layer

– Transaction – Smart contracts

  • SDN layer

– Network access

slide-13
SLIDE 13

Goal: support a community of engineers and scientists to securely collect, analyze, and share data using scientific workflows.

CICI: Infrastructure Support for Securing Large-Scale Scientific Workflows

09/01/2017-08/31/2020

PI: Ping Yang Computer Science Dept. Co-PI: Guanhua Yan Computer Science Dept. Co-PI: Shiyong Lu Computer Science Dept. Co-PI: Fengwei Zhang Computer Science Dept.

slide-14
SLIDE 14

Nature survey (2016)

▪ 70%+ of scientists surveyed had experienced failure to reproduce other scientists’ results ▪ 50%+ of scientists surveyed had experienced failure to reproduce their own results

Scientific Workflows

T1: Identify Gene

Protein Sequence P1 P2

T2: Select DNAs

P3 P4

T3: Recombination Analysis

P5 P6 P7 P8 Report DNA Sequence

T4: DNA Alignment T5: Gene Conversion Detection T6: Prepare Input files T7: GENECONV

Scientific workflows

▪ Automate and accelerate the scientific discovery process ▪ Support reproducibility of scientific discovery and problem diagnosis ▪ myexperiment.org: 3900+ workflows shared by 10700+ users

A Gene Conversion Analysis Workflow

slide-15
SLIDE 15

▪ Develop a trusted execution environment for scientific workflows to protect the execution of workflow tasks. ▪ Develop SciBlock, a tamper- proof and non-repudiable provenance storage that enables scientists to verify the trustworthiness of scientific data. ▪ Develop a machine-learning based anomaly detection technique to detect anomalous execution flows.

Problem Statement and Approach

▪ Motivation: Modern scientific workflow systems lack strong infrastructure support for trustworthy execution of scientific workflows and for protecting the workflow data.

Anomaly detection

SGX-based TEE Proc

...

SciBlock Proc Proc

...

Proc

... ...

SGX-based TEE Proc

...

Proc

...

SciBlock

Site 1 Internet

Cyber Infrastructure

Site 2 Site n

…...

SGX-based TEE

logs logs logs

……

Synchronizing authorized modification

slide-16
SLIDE 16

▪ The project started on Sept. 1, 2017. ▪ 5 PhD, 5 MS, and 1 undergraduate student are involved, including 2 female students. ▪ Our prototype is built on top of DATAVIEW, a workflow management tool developed by Co-PI Lu’s group (over 600 registered users) ▪ A trusted execution environment for scientific workflows

▪ Published paper “A Comparison Study of Intel SGX and AMD Memory Encryption Technology”. ▪ Challenges: running java programs inside SGX enclave, performance

▪ SciBlock: a tamper-proof and non-repudiable provenance storage

▪ Developed based on Ethereum blockchain platform ▪ Challenges: efficiency, scalability ▪ PI Yang and Co-PI Yan added a course module on blockchain in their “CS458/558 Introduction to Computer Security” course.

▪ Machine-learning based anomaly detection technique

▪ Collecting logs generated by DATAVIEW and workflows.

Project progress

slide-17
SLIDE 17

Case Studies on Cybersecurity Applications and Tools Supporting Scientific Research

  • What challenges have you faced in implementing your project and

promoting it to campus researchers for their work?

  • As you think about that ecosystem(s) of interconnected infrastructure

(networks, IAM, services) via national organizations, state and regional networks represented here, and your campus, can you talk a bit more about what challenges you may have identified related to your project and work? Did you even know about these organizations and their resources?

  • What has been your experience, if at all, with transition to practice

for your award?

  • What activities have been particularly valuable or impactful to the

progress of your CICI award?

NSF Campus Cyberinfrastructure PI and Cybersecurity Innovation for Cyberinfrastructure PI Workshop