Advanced security infrastructures for grid education

This paper describes the research conducted into advanced authorization infrastructures at the National e-Science Centre (NeSC) at the University of Glasgow and their application to support a teaching environment as part of the Dynamic Virtual Organisations in e-Science Education (DyVOSE) project. We outline the lessons learnt in teaching Grid computing and rolling out the associated security authorisation infrastructures, and describe our plans for a future, extended security infrastructure for dynamic establishment of inter-institutional virtual organisations (VO) in the education domain

Grid infrastructures supporting paediatric endocrinology across Europe

Paediatric endocrinology is a highly specialised area of clinical medicine with many experts with specific knowledge distributed over a wide geographical area. The European Society for Paediatric Endocrinology (ESPE) is an example of such a body of experts that require regular collaboration and sharing of data and knowledge. This paper describes work, developed as a corollary to the VOTES project [1] and implementing similar architectures, to provide a data grid that allows information to be efficiently distributed between collaborating partners, and also allows wide-scale analyses to be run over the entire data-set, which necessarily involves crossing domain boundaries and negotiating data access between administrations that only trust each other to a limited degree

Supporting the clinical trial recruitment process through the grid

Patient recruitment for clinical trials and studies is a large-scale task. To test a given drug for example, it is desirable that as large a pool of suitable candidates is used as possible to support reliable assessment of often moderate effects of the drugs. To make such a recruitment campaign successful, it is necessary to efficiently target the petitioning of these potential subjects. Because of the necessarily large numbers involved in such campaigns, this is a problem that naturally lends itself to the paradigm of Grid technology. However the accumulation and linkage of data sets across clinical domain boundaries poses challenges due to the sensitivity of the data involved that are atypical of other Grid domains. This includes handling the privacy and integrity of data, and importantly the process by which data can be collected and used, and ensuring for example that patient involvement and consent is dealt with appropriately throughout the clinical trials process. This paper describes a Grid infrastructure developed as part of the MRC funded VOTES project (Virtual Organisations for Trials and Epidemiological Studies) at the National e-Science Centre in Glasgow that supports these processes and the different security requirements specific to this domain

Trust realisation in multi-domain collaborative environments

In the Internet-age, the geographical boundaries that have previously impinged upon inter-organisational collaborations have become decreasingly important. Of more importance for such collaborations is the notion and subsequent nature of trust - this is especially so in Grid-like environments where resources are both made available and subsequently accessed and used by remote users from a multitude of institutions with a variety of different privileges spanning across the collaborating resources. In this context, the ability to dynamically negotiate and subsequently enforce security policies driven by various levels of inter-organisational trust is essential. In this paper we present a dynamic trust negotiation (DTN) model and associated prototype implementation showing the benefits and limitations DTN incurs in supporting n-tier delegation hops needed for trust realisation in multi-domain collaborative environments

Comparison of advanced authorisation infrastructures for grid computing

The widespread use of grid technology and distributed compute power, with all its inherent benefits, will only be established if the use of that technology can be guaranteed efficient and secure. The predominant method for currently enforcing security is through the use of public key infrastructures (PKI) to support authentication and the use of access control lists (ACL) to support authorisation. These systems alone do not provide enough fine-grained control over the restriction of user rights, necessary in a dynamic grid environment. This paper compares the implementation and experiences of using the current standard for grid authorisation with Globus - the grid security infrastructure (GSI) - with the role-based access control (RBAC) authorisation infrastructure PERMIS. The suitability of these security infrastructures for integration with regard to existing grid technology is presented based upon experiences within the JISC-funded DyVOSE project

Data privacy by design: digital infrastructures for clinical collaborations

The clinical sciences have arguably the most stringent security demands on the adoption and roll-out of collaborative e-Infrastructure solutions such as those based upon Grid-based middleware. Experiences from the Medical Research Council (MRC) funded Virtual Organisations for Trials and Epidemiological Studies (VOTES) project and numerous other real world security driven projects at the UK e-Science National e-Science Centre (NeSC – www.nesc.ac.uk) have shown that whilst advanced Grid security and middleware solutions now offer capabilities to address many of the distributed data and security challenges in the clinical domain, the real clinical world as typified by organizations such as the National Health Service (NHS) in the UK are extremely wary of adoption of such technologies: firewalls; ethics; information governance, software validation, and the actual realities of existing infrastructures need to be considered from the outset. Based on these experiences we present a novel data linkage and anonymisation infrastructure that has been developed with close co-operation of the various stakeholders in the clinical domain (including the NHS) that addresses their concerns and satisfies the needs of the academic clinical research community. We demonstrate the implementation of this infrastructure through a representative clinical study on chronic diseases in Scotland

Experiences in teaching grid computing to advanced level students

The development of teaching materials for future software engineers is critical to the long term success of the grid. At present however there is considerable turmoil in the grid community both within the standards and the technology base underpinning these standards. In this context, it is especially challenging to develop teaching materials that have some sort of lifetime beyond the next wave of grid middleware and standards. In addition, the current way in which grid security is supported and delivered has two key problems. Firstly in the case of the UK e-Science community, scalability issues arise from a central certificate authority. Secondly, the current security mechanisms used by the grid community are not line grained enough. In this paper we outline how these issues are being addressed through the development of a grid computing module supported by an advanced authorisation infrastructure at the University of Glasgow

Initial experiences in developing e-health solutions across Scotland

The MRC funded Virtual Organisations for Trials and Epidemiological Studies (VOTES) project is a collaborative effort between e-Science, clinical and ethical research centres across the UK including the universities of Oxford, Glasgow, Imperial, Nottingham and Leicester. The project started in September 2005 and is due to run for 3 years. The primary goal of VOTES is to develop a reusable Grid framework through which a multitude of clinical trials and epidemiological studies can be supported. The National e-Science Centre (NeSC) at the University of Glasgow are looking at developing the Scottish components of this framework. This paper presents the initial experiences in developing this framework and in accessing and using existing data sets, services and software across the NHS in Scotland

Supporting UK-wide e-clinical trials and studies

As clinical trials and epidemiological studies become increasingly large, covering wider (national) geographical areas and involving ever broader populations, the need to provide an information management infrastructure that can support such endeavours is essential. A wealth of clinical data now exists at varying levels of care (primary care, secondary care, etc.). Simple, secure access to such data would greatly benefit the key processes involved in clinical trials and epidemiological studies: patient recruitment, data collection and study management. The Grid paradigm provides one model for seamless access to such data and support of these processes. The VOTES project (Virtual Organisations for Trials and Epidemiological Studies) is a collaboration between several UK institutions to implement a generic framework that effectively leverages the available health-care information across the UK to support more efficient gathering and processing of trial information. The structure of the information available in the health-care domain in the UK itself varies broadly in-line with the national boundaries of the constituent states (England, Scotland, Wales and Northern Ireland). Technologies must address these political boundaries and the impact these boundaries have in terms of for example, information governance, policies, and of course large-scale heterogeneous distribution of the data sets themselves. This paper outlines the methodology in implementing the framework between three specific data sources that serve as useful case studies: Scottish data from the Scottish Care Information (SCI) Store data repository, data on the General Practice Research Database (GPRD) diabetes trial at Imperial College London, and benign prostate hypoplasia (BPH) data from the University of Nottingham. The design, implementation and wider research issues are discussed along with the technological challenges encountered in the project in the application of Grid technologies

Advanced security infrastructures for grid education

This paper describes the research conducted into advanced authorization infrastructures at the National e-Science Centre (NeSC) at the University of Glasgow and their application to support a teaching environment as part of the Dynamic Virtual Organisations in e-Science Education (DyVOSE) project. We outline the lessons learnt in teaching Grid computing and rolling out the associated security authorisation infrastructures, and describe our plans for a future, extended security infrastructure for dynamic establishment of inter-institutional virtual organisations (VO) in the education domain