2011 Report of NSF Workshop Series on Scientific Software Security Innovation Institute

Over the period of 2010-2011, a series of two workshops were held in response to NSF Dear Colleague Letter NSF 10-050 calling for exploratory workshops to consider requirements for Scientific Software Innovation Institutes (S2I2s). The specific topic of the workshop series was the potential benefits of a security-focused software institute that would serve the entire NSF research and development community. The first workshop was held on August 6th, 2010 in Arlington, VA and represented an initial exploration of the topic. The second workshop was held on October 26th, 2011 in Chicago, IL and its goals were to 1) Extend our understanding of relevant needs of MREFC and large NSF Projects, 2) refine outcome from first workshop with broader community input, and 3) vet concepts for a trusted cyberinfrastructure institute. Towards those goals, the participants other 2011workshop included greater representation from MREFC and large NSF projects, and, for the most part, did not overlap with the participants from the 2010 workshop. A highlight of the second workshop was, at the invitation of the organizers, a presentation by Scott Koranda of the LIGO project on the history of LIGO’s identity management activities and how those could have benefited from a security institute. A key analysis he presented is that, by his estimation, LIGO could have saved 2 senior FTE-years of effort by following suitable expert guidance had it existed. The overarching finding from the workshops is that security is a critical crosscutting issue for the NSF software infrastructure and recommended a security focused activity to address this issue broadly, for example a security software institute (S2I2) under the SI2 program. Additionally, the 2010 workshop participants agreed to 15 key additional findings, which the 2011 workshop confirmed, with some refinement as discussed in this report.NSF Grant # 1043843Ope

Engineering foreign exchange processes via commitment protocols

Foreign exchange (FX) markets see a transaction volume of over $2 trillion per day. A number of standard ways of conducting business have been developed in the FX industry. However, current FX specifications are informal and their business semantics unclear. The resulting implementations tend to be complex and compliance with the standards unverifiable. This results in potential loss of value due to incompatible business processes and possible trades not consummated. This paper validates a formal, protocol-based approach by specifying foreign exchange processes as standardized by the TWIST consortium. The proposed approach formalizes a small, core set of foreign exchange interaction protocols on which the desired processes can be based. The core protocols can be composed to yield a large variety of possible processes. Each protocol is rigorously defined in terms of the commitments undertaken and manipulated by the parties involved. By contrast, traditional approaches as used in the current TWIST specification lead to redundancy in specification and difficulty in understanding the import of the interactions involved. In addition, our approach discovered interesting business scenarios that traditional approaches would have missed

Spatiotemporal Path Planning in Strong, Dynamic, Uncertain Currents

Abstract — This work addresses mission planning for autonomous underwater gliders based on predictions of an uncertain, time-varying current field. Glider submersibles are highly sensitive to prevailing currents so mission planners must account for ocean tides and eddies. Previous work in variablecurrent path planning assumes that current predictions are perfect, but in practice these forecasts may be inaccurate. Here we evaluate plan fragility using empirical tests on historical ocean forecasts for which followup data is available. We present methods for glider path planning and control in a time-varying current field. A case study scenario in the Southern California Bight uses current predictions drawn from the Regional Ocean Monitoring System (ROMS). I