Browsing by Author "Vahi, Karan"

Now showing 1 - 2 of 2

A Guide for Software Assurance for SWIP
(2019-08) Heiland, Randy; Rynge, Mats; Vahi, Karan; Deelman, Ewa; Welch, Von
The Scientific Workflow Integrity with Pegasus (SWIP) project adds data integrity checking to the Pegasus workflow management system (https://pegasus.isi.edu/). As part of SWIP, we perform software assurance (SwA) on the Pegasus software using the Software Assurance Marketplace (SWAMP, https://www.mir-swamp.org/). Initially, we planned to perform SwA only on the parts of the code base related to SWIP, i.e., only the code related to the data integrity checks. However, during the course of the SWIP project, a decision was made to perform SwA on the entire Pegasus code base. In addition, the project took on a research effort of trying to quantify differences in SwA results between Pegasus versions. We summarize our SwA process and results here. SwA results provide insight, but they are still subjective; developers of the software being assessed (Pegasus in this project) need to determine how those results need to be addressed.
Modeling Data Integrity Threats for Scientific Workflows Using OSCRP and MITRE ATT&CK
(2022-08-22) Abhinit, Ishan; Adams, Emily K; Chase, Brian; Mandal, Anirban; Xin, Yufeng; Vahi, Karan; Rynge, Mats; Deelman, Ewa
Guaranteeing the data integrity of scientific workflows and their associated data products, in the face of nonmalicious and malicious threats, is of paramount importance for the validity and credibility of scientific research. In this work, we describe how we can leverage two popular cybersecurity classification frameworks - OSCRP and MITRE ATT&CK®, to systematically model threats to the integrity of scientific workflows and data in a research setting. We enumerate nonmalicious and malicious threats to the integrity of scientific workflows, and present the relevant assets, concerns, avenues of attacks and impact of the threats in typical scientific workflow execution scenarios.