64 research outputs found
Identity Management Best Practices: A CTSC Blog Series
This technical report collects a series of CTSC blog posts on identity management (IdM) best practices published in 2014 for archival purposes
Center for Trustworthy Scientific Cyberinfrastructure Engagement Plan: Final Report for LIGO Engagement
The Center for Trustworthy Scientific Cyberinfrastructure (CTSC) engages with NSF-funded projects to
address their cybersecurity challenges. This document presents the results of one such engagement
with the Laser Interferometer Gravitational-Wave Observatory (LIGO), a large research project funded
by the National Science Foundation. LIGO seeks to make the first direct detection of gravitational waves,
use them to explore the fundamental physics of gravity, and develop the emerging field of gravitational
wave science as a tool of astronomical discovery.
The primary goal of this engagement was to apply CTSC experience and expertise in leveraging
SAML identify federations to support scientific projects to remove barriers for efficient international
collaboration between LIGO and other astronomy and astrophysics projects by decreasing the effort
required for LIGO to federate with those projects
Center for Trustworthy Scientific Cyberinfrastructure Engagement Plan: Final Report for LIGO Engagement
The Center for Trustworthy Scientific Cyberinfrastructure (CTSC) engages with NSF-funded projects to
address their cybersecurity challenges. This document presents the results of one such engagement
with the Laser Interferometer Gravitational-Wave Observatory (LIGO), a large research project funded
by the National Science Foundation. LIGO seeks to make the first direct detection of gravitational waves,
use them to explore the fundamental physics of gravity, and develop the emerging field of gravitational
wave science as a tool of astronomical discovery.
The primary goal of this engagement was to apply CTSC experience and expertise in leveraging
SAML identify federations to support scientific projects to remove barriers for efficient international
collaboration between LIGO and other astronomy and astrophysics projects by decreasing the effort
required for LIGO to federate with those projects
A Study of Three Approaches to International Identity Federation for the LIGO Project
This document is a product of the Center for Trustworthy Scientific Cyberinfrastructure (CTSC).
CTSC is supported by the National Science Foundation under Grant Number OCI-1234408. For more
information about the Center for Trustworthy Scientific Cyberinfrastructure please visit:
http://trustedci.org/. Any opinions, findings, and conclusions or recommendations expressed in
this material are those of the author(s) and do not necessarily reflect the views of the National Science
Foundation
Trusted CI's Approach to Security for Open Science Projects
Presentation at the 13th FIM4R Workshop: Federated Identity Management for Research Collaborations.Ope
A Comparative Analysis Between SciTokens, Verifiable Credentials, and Smart Contracts: Novel Approaches for Authentication and Secure Access to Scientific Data
Managing and exchanging sensitive information securely is a paramount concern
for the scientific and cybersecurity community. The increasing reliance on
computing workflows and digital data transactions requires ensuring that
sensitive information is protected from unauthorized access, tampering, or
misuse. This research paper presents a comparative analysis of three novel
approaches for authenticating and securing access to scientific data:
SciTokens, Verifiable Credentials, and Smart Contracts. The aim of this study
is to investigate the strengths and weaknesses of each approach from trust,
revocation, privacy, and security perspectives. We examine the technical
features and privacy and security mechanisms of each technology and provide a
comparative synthesis with the proposed model. Through our analysis, we
demonstrate that each technology offers unique advantages and limitations, and
the integration of these technologies can lead to more secure and efficient
solutions for authentication and access to scientific data.Comment: ACM Practice & Experience in Advanced Research Computing (PEARC) 202
SciTokens: Capability-Based Secure Access to Remote Scientific Data
The management of security credentials (e.g., passwords, secret keys) for
computational science workflows is a burden for scientists and information
security officers. Problems with credentials (e.g., expiration, privilege
mismatch) cause workflows to fail to fetch needed input data or store valuable
scientific results, distracting scientists from their research by requiring
them to diagnose the problems, re-run their computations, and wait longer for
their results. In this paper, we introduce SciTokens, open source software to
help scientists manage their security credentials more reliably and securely.
We describe the SciTokens system architecture, design, and implementation
addressing use cases from the Laser Interferometer Gravitational-Wave
Observatory (LIGO) Scientific Collaboration and the Large Synoptic Survey
Telescope (LSST) projects. We also present our integration with widely-used
software that supports distributed scientific computing, including HTCondor,
CVMFS, and XrootD. SciTokens uses IETF-standard OAuth tokens for
capability-based secure access to remote scientific data. The access tokens
convey the specific authorizations needed by the workflows, rather than
general-purpose authentication impersonation credentials, to address the risks
of scientific workflows running on distributed infrastructure including NSF
resources (e.g., LIGO Data Grid, Open Science Grid, XSEDE) and public clouds
(e.g., Amazon Web Services, Google Cloud, Microsoft Azure). By improving the
interoperability and security of scientific workflows, SciTokens 1) enables use
of distributed computing for scientific domains that require greater data
protection and 2) enables use of more widely distributed computing resources by
reducing the risk of credential abuse on remote systems.Comment: 8 pages, 6 figures, PEARC '18: Practice and Experience in Advanced
Research Computing, July 22--26, 2018, Pittsburgh, PA, US
DataONE: Identity Management System Review
This document is a product of the Center for Trustworthy Scientific Cyberinfrastructure (CTSC). CTSC is supported by the National Science Foundation under Grant Number OCI-1234408. For more information about the Center for Trustworthy Scientific Cyberinfrastructure please visit: http://trustedci.org/. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation
A Credential Store for Multi-tenant Science Gateways
Science Gateways bridge multiple computational grids and clouds, acting as overlay cyberinfrastructure. Gateways have three logical tiers: a user interfacing tier, a resource tier and a bridging middleware tier. Different groups may operate these tiers. This introduces three security challenges. First, the gateway middleware must manage multiple types of credentials associated with different resource providers. Second, the separation of the user interface and middleware layers means that security credentials must be securely delegated from the user interface to the middleware. Third, the same middleware may serve multiple gateways, so the middleware must correctly isolate user credentials associated with different gateways. We examine each of these three scenarios, concentrating on the requirements and implementation of the middleware layer. We propose and investigate the use of a Credential Store to solve the three security challenges
Report of NSF Workshop Series on Scientific Software Security Innovation Institute
Many individuals attended these workshops and contributed to the writing of this report. They are named in the report itself.Over the period of 2010‐2011, a series of two workshops were held in response to NSF Dear Colleague Letter NSF 10‐050 calling for exploratory workshops to consider requirements for Scientific Software Innovation Institutes (S2I2s). The specific topic of the workshop series was the potential benefits of a security-‐focused software institute that would serve the entire NSF research and development community. The first workshop was held on August 6th, 2010 in Arlington, VA and represented an initial exploration of the topic. The second workshop was held on October 26th, 2011 in Chicago, IL and its goals were to 1) Extend our understanding of relevant needs of MREFC and large NSF Projects, 2) refine outcome from first workshop with broader community input, and 3) vet concepts for a trusted cyberinfrastructure institute. This report summarizes the findings of these workshops.This material is based upon work supported by the National Science Foundation under grant number 1043843. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science
- …