Trusted CI: The NSF Cybersecurity Center of Excellence Environmental Data Initiative (EDI) Engagement Report

Trusted CI final report of the 2018 engagement with the Environmental Data Initiative.NSF #1547272Ope

Trusted CI: The NSF Cybersecurity Center of Excellence American Museum of Natural History (AMNH) Engagement Report

The final report for the Trusted CI engagement with American Museum of Natural History (AMNH).NSF #1547272Ope

The Report of the California State Polytechnic University Pomona SFS Engagement

The Report of the California State Polytechnic University Pomona SFS EngagementNSF Grant #1547272NSF Grant #1504526Ope

Trusted CI Experiences in Cybersecurity and Service to Open Science

This article describes experiences and lessons learned from the Trusted CI project, funded by the US National Science Foundation to serve the community as the NSF Cybersecurity Center of Excellence. Trusted CI is an effort to address cybersecurity for the open science community through a single organization that provides leadership, training, consulting, and knowledge to that community. The article describes the experiences and lessons learned of Trusted CI regarding both cybersecurity for open science and managing the process of providing centralized services to a broad and diverse community.Comment: 8 pages, PEARC '19: Practice and Experience in Advanced Research Computing, July 28-August 1, 2019, Chicago, IL, US

The Report of the 2019 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure

The Report of the 2019 NSF Cybersecurity Summit for Large Facilities and CyberinfrastructureNSF #1547272Ope

Trusted CI SLATE Engagement

Final report of the Trusted CI SLATE Engagement.NSF #1547272NSF #1724821Ope

Mask: a system for privacy-preserving policy-based access to published content

We propose to demonstrate Mask, the first system addressing the seemingly-unsolvable problem of how to selectively share contents among a group of users based on access control policies expressed as conditions against the identity attributes of these users while at the same time assuring the privacy of these identity attributes from the content publisher. Mask consists of three entities: a Content Publisher, Users referred to as Subscribers, and Identity Providers that issue certified identity attributes. The content publisher specifies access control policies against identity attributes of subscribers indicating which conditions the identity attributes of a subscriber must verify in order for this subscriber to access a document or a subdocument. The main novelty of Mask is that, even though the publisher is able to match the identity attributes of the subscribers against its own access control policies, the publisher does not learn the values of the identity attributes of the subscribers; the privacy of the authorized subscribers is thus preserved. Based on the specified access control policies, documents are divided into subdocuments and the subdocuments having different access control policies are encrypted with different keys. Subscribers derive the keys corresponding to the subdocuments they are authorized to access. Key distribution in Mask is supported by a novel group key management protocol by which subscribers can reconstruct the decryption keys from the subscription information they receive from the publisher. The publisher however does not learn which decryption keys each subscriber is able to reconstruct. In this demonstration, we show our system using a healthcare scenario

Trusted CI UCB Engagement: Final Report

Final report of the Trusted CI UC Berkeley Engagemen

Scaling Byzantine Fault-Tolerant Replication to Wide Area Networks

Abstract — This paper presents the first hierarchical Byzantine fault-tolerant replication architecture suitable to systems that span multiple wide area sites. The architecture confines the effects of any malicious replica to its local site, reduces message complexity of wide area communication, and allows read-only queries to be performed locally within a site for the price of additional standard hardware. We present proofs that our algorithm provides safety and liveness properties. A prototype implementation is evaluated over several network topologies and is compared with a flat Byzantine fault-tolerant approach. The experimental results show considerable improvement over flat Byzantine replication algorithms, bringing the performance of Byzantine replication closer to existing benign fault-tolerant replication techniques over wide area networks. Index Terms — Fault-tolerance, scalability, wide-area networks I

CPP-CTSC SFS Cyberinfrastructure Security Workshop

Cal Poly Pomona and NSF Center for Trustworthy Scientific Cyberinfrastructure (CTSC) organized an on-site workshop at Cal Poly Pomona for CyberCorps Scholarship for Service (SFS) students nationwide that discussed the unique cybersecurity challenges of cyberinfrastructure and practical training on cybersecurity topics as it relates to cyberinfrastructure protection. Some presentations include worksheets, which are included in the file list. The VM can be accessed here: https://uofi.box.com/v/ctsc-cpp-vm Presentation Titles: - Welcome, Intro to Supercomputing & Science Projects, CyberInfrastructure (CI) - Example CI projects overview 1: CTSC Projects - HTCondor, DKIST, OSiRIS - Crypto Overview - Example CI projects overview 2: Medical/Genomic Data privacy - Public Key Infrastructure and Deployment - Security Policies - Log Analysis and SPLUNK - Network Security in a Science DMZ - Federated Identity Management and Access Management - Example CI projects overview 3: SDC vending machine - Incident Response - SIEM overview and OSSIM Case Study More information about CTSC can be found at: trustedci.org More information about Cal Poly Pomona's Scholarship for Service program can be found at: http://www.cpp.edu/~sfs/NSF Grant #1547272; NSF Grant #1504526Ope