5,250 research outputs found
Scalable And Secure Provenance Querying For Scientific Workflows And Its Application In Autism Study
In the era of big data, scientific workflows have become essential to automate scientific experiments and guarantee repeatability. As both data and workflow increase in their scale, requirements for having a data lineage management system commensurate with the complexity of the workflow also become necessary, calling for new scalable storage, query, and analytics infrastructure. This system that manages and preserves the derivation history and morphosis of data, known as provenance system, is essential for maintaining quality and trustworthiness of data products and ensuring reproducibility of scientific discoveries. With a flurry of research and increased adoption of scientific workflows in processing sensitive data, i.e., health and medication domain, securing information flow and instrumenting access privileges in the system have become a fundamental precursor to deploying large-scale scientific workflows. That has become more important now since today team of scientists around the world can collaborate on experiments using globally distributed sensitive data sources. Hence, it has become imperative to augment scientific workflow systems as well as the underlying provenance management systems with data security protocols. Provenance systems, void of data security protocol, are susceptible to vulnerability. In this dissertation research, we delineate how scientific workflows can improve therapeutic practices in autism spectrum disorders. The data-intensive computation inherent in these workflows and sensitive nature of the data, necessitate support for scalable, parallel and robust provenance queries and secured view of data. With that in perspective, we propose , a parallel, robust, reliable and scalable provenance query language and introduce the concept of access privilege inheritance in the provenance systems. We characterize desirable properties of role-based access control protocol in scientific workflows and demonstrate how the qualities are integrated into the workflow provenance systems as well. Finally, we describe how these concepts fit within the DATAVIEW workflow management system
Opportunities and risks of an integrated academic support : [Vortrag ; Tagung] "Integration of Information Services into University Infrastructures" - 7th Frankfurt Symposium: 12.10. - 13.10.2007
In the year 2000 the Deutsche Initiative für Netzwerkinformation (DINI) / German Coalition of Network Information was founded: 10 theses "Changes in information infrastructure – challenges to universities and their information and communications facilities" is the DINI’s founding charter (s. http://www.dini.de).
Thesis 4 states: "The universities need to establish information management structures to integrate departments. University managements, departments and central institutions ought to prepare a university development plan for the areas of information, communication and multimedia." ..
New ADS Functionality for the Curator
In this paper we provide an update concerning the operations of the NASA
Astrophysics Data System (ADS), its services and user interface, and the
content currently indexed in its database. As the primary information system
used by researchers in Astronomy, the ADS aims to provide a comprehensive index
of all scholarly resources appearing in the literature. With the current effort
in our community to support data and software citations, we discuss what steps
the ADS is taking to provide the needed infrastructure in collaboration with
publishers and data providers. A new API provides access to the ADS search
interface, metrics, and libraries allowing users to programmatically automate
discovery and curation tasks. The new ADS interface supports a greater
integration of content and services with a variety of partners, including ORCID
claiming, indexing of SIMBAD objects, and article graphics from a variety of
publishers. Finally, we highlight how librarians can facilitate the ingest of
gray literature that they curate into our system.Comment: Submitted to the Proceedings of Library and Information Services in
Astronomy VIII, Strasbourg, Franc
Leveraging OpenStack and Ceph for a Controlled-Access Data Cloud
While traditional HPC has and continues to satisfy most workflows, a new
generation of researchers has emerged looking for sophisticated, scalable,
on-demand, and self-service control of compute infrastructure in a cloud-like
environment. Many also seek safe harbors to operate on or store sensitive
and/or controlled-access data in a high capacity environment.
To cater to these modern users, the Minnesota Supercomputing Institute
designed and deployed Stratus, a locally-hosted cloud environment powered by
the OpenStack platform, and backed by Ceph storage. The subscription-based
service complements existing HPC systems by satisfying the following unmet
needs of our users: a) on-demand availability of compute resources, b)
long-running jobs (i.e., days), c) container-based computing with
Docker, and d) adequate security controls to comply with controlled-access data
requirements.
This document provides an in-depth look at the design of Stratus with respect
to security and compliance with the NIH's controlled-access data policy.
Emphasis is placed on lessons learned while integrating OpenStack and Ceph
features into a so-called "walled garden", and how those technologies
influenced the security design. Many features of Stratus, including tiered
secure storage with the introduction of a controlled-access data "cache",
fault-tolerant live-migrations, and fully integrated two-factor authentication,
depend on recent OpenStack and Ceph features.Comment: 7 pages, 5 figures, PEARC '18: Practice and Experience in Advanced
Research Computing, July 22--26, 2018, Pittsburgh, PA, US
Watchword-Oriented and Time-Stamped Algorithms for Tamper-Proof Cloud Provenance Cognition
Provenance is derivative journal information about the origin and activities
of system data and processes. For a highly dynamic system like the cloud,
provenance can be accurately detected and securely used in cloud digital
forensic investigation activities. This paper proposes watchword oriented
provenance cognition algorithm for the cloud environment. Additionally
time-stamp based buffer verifying algorithm is proposed for securing the access
to the detected cloud provenance. Performance analysis of the novel algorithms
proposed here yields a desirable detection rate of 89.33% and miss rate of
8.66%. The securing algorithm successfully rejects 64% of malicious requests,
yielding a cumulative frequency of 21.43 for MR
SecFlow: Adaptive Security-Aware Workflow Management System in Multi-Cloud Environments
In this paper, we propose an architecture for a security-aware workflow
management system (WfMS) we call SecFlow in answer to the recent developments
of combining workflow management systems with Cloud environments and the still
lacking abilities of such systems to ensure the security and privacy of
cloud-based workflows. The SecFlow architecture focuses on full workflow life
cycle coverage as, in addition to the existing approaches to design
security-aware processes, there is a need to fill in the gap of maintaining
security properties of workflows during their execution phase. To address this
gap, we derive the requirements for such a security-aware WfMS and design a
system architecture that meets these requirements. SecFlow integrates key
functional components such as secure model construction, security-aware service
selection, security violation detection, and adaptive response mechanisms while
considering all potential malicious parties in multi-tenant and cloud-based
WfMS.Comment: 16 pages, 6 figure
- …