Browsing by Author "Welch, Von"
Now showing 1 - 20 of 79
- Results Per Page
- Sort Options
Item 20 years of success: the Indiana University Pervasive Technology Institute with a focus on the evolution of the Center for Applied Cybersecurity Research(2019-10-30) Stewart, Craig A.; Welch, VonItem 20 years of success: the Indiana University Pervasive Technology Institute with a focus on the evolution of the Center for Applied Cybersecurity Research.(2019-11-19) Stewart, Craig A.; Welch, VonItem 2015 Annual Report and Strategic Plan (2015-2020)(2016) Welch, VonItem 2016 Annual Report(2017) Welch, VonItem 2021 NSF Cybersecurity Summit Collection of Presentations(2021-10) Welch, Von2021 NSF Cybersecurity Summit Collection of Presentations of slides for Plenary, Workshops & TrainingItem Analysis of authentication events and graphs using Python(2015-05) Heiland, Randy; Welch, VonDiscerning meaningful information from network log files is an ongoing challenge in cybersecurity. We demonstrate techniques for analyzing a large log of authentication events and associated graphs. Our approach is instructional and exploratory, using Python modules and tools.Item Authentication and Authorization Considerations for a Multi-tenant Service(ACM, 2015-06-16) Heiland, Randy; Koranda, Scott; Marru, Suresh; Pierce, Marlon; Welch, VonDistributed cyberinfrastructure requires users (and machines) to perform some sort of authentication and authorization (together simply known as "auth"). In the early days of com- puting, authentication was performed with just a username and password combination, and this is still prevalent today. But during the past several years, we have seen an evolution of approaches and protocols for auth: Kerberos, SSH keys, X.509, OpenID, API keys, OAuth, and more. Not surpris- ingly, there are trade-offs, both technical and social, for each approach. The NSF Science Gateway communities have had to deal with a variety of auth issues. However, most of the early gateways were rather restrictive in their model of access and development. The practice of using community credentials (certificates), a well-intentioned idea to alleviate restrictive access, still posed a barrier to researchers and challenges for security and auditing. And while the web portal-based gate- way clients offered users easy access from a browser, both the interface and the back-end functionality were constrained in the flexibility and extensibility they could provide. Design- ing a well-defined application programming interface (API) to fine-grained, generic gateway services (on secure, hosted cyberinfrastructure), together with an auth approach that has a lower barrier to entry, will hopefully present a more welcoming environment for both users and developers. This paper provides a review and some thoughts on these topics, with a focus on the role of auth between a Science Gateway and a service provider.Item Building a Cybersecurity Program: A Tutorial for Managers and PIs(2013-09-30) Duda, Patrick; Marsteller, James; Butler, Randy; Bobba, Rakesh; Welch, Von; Jackson, CraigItem CACR 2015-2020 Strategic Plan(2015) Welch, VonItem CACR 2015-2020 Strategic Plan(2015) Welch, VonItem CACR Annul Report FY19(2019-12-31) Welch, VonItem CACR final retrospective brochure(2014) Welch, VonItem Campus Bridging Taskforce 0th Draft of Recommendations(2010-10-20) Welch, VonOverview of recommendations regarding campus bridging, presented at the October 2010 Southeastern Universities Research Association Information Technology Committee Meeting.Item Campus Bridging: Software & Software Service Issues Workshop Report(2011-03-23) McGee, John; Welch, Von; Almes, Guy T.This report summarizes the discussion at and findings of a workshop on the software and services aspects of cyberinfrastructure as they apply to campus bridging. The workshop took a broad view of software and services, including services in the business sense of the word, such as user support, in addition to information technology services. Specifically, the workshop addressed the following two goals: * Suggest common elements of software stacks widely usable across the nation/world to promote interoperability/economy of scale; and * Suggested policy documents that any research university should have in place.Item Center for Applied Cybersecurity Research: 2015 Annual Report and Strategic Plan (2015-2020)(2015-10) Delaney, David G.; Welch, Von; Starzynski Coddens, AmyItem Center for Trustworthy Scientific Cyberinfrastructure - The NSF Cybersecurity Center of Excellence: Year One Report(CTSC, 2016-12) Welch, VonThe Center for Trustworthy Scientific Cyberinfrastructure (CTSC) was funded as the NSF Cybersecurity Center of Excellence on January 1st, 2016. This report covers CTSC’s first year (January 1, 2016-December 31, 2016) as the NSF Cybersecurity Center of Excellence. It describes CTSC accomplishments under its mission “to provide the NSF community with a coherent understanding of cybersecurity, its importance to computational science, and what is needed to achieve and maintain an appropriate cybersecurity program.”Item Center for Trustworthy Scientific Cyberinfrastructure - The NSF Cybersecurity Center of Excellence: Year two report(CTSC, 2017-12) Welch, VonTrusted CI was funded as the NSF Cybersecurity Center of Excellence on January 1st, 2016. This report covers Trusted CI second year (January 1, 2017-December 31, 2017) as the NSF Cybersecurity Center of Excellence, covering Trusted CI's accomplishments during that time under its mission “to provide the NSF community with a coherent understanding of cybersecurity, its importance to computational science, and what is needed to achieve and maintain an appropriate cybersecurity program.”Item Center for Trustworthy Scientific Cyberinfrastructure: Final Report(CTSC, 2016-10) Welch, VonItem CTSC poster for NSF SI2 PI meeting(2017-02) Welch, Von; Heiland, RandyThe Center for Trustworthy Scientific Cyberinfrastructure (CTSC) - the NSF Cybersecurity Center of Excellence, engages with NSF projects to help address their security challenges. One focus area is on software security where we offer training, assessment, and guidance on assurance. CTSC is a partner with the Science Gateways Community Institute (SGCI), an NSF Scientific Software Innovation Institute.Item CTSC Recommended Security Practices for Thrift Clients: Case Study - Evernote(2014-05) Heiland, Randy; Marru, Suresh; Pierce, Marlon; Welch, VonThe Science Gateway Platform (SciGaP, scigap.org ) will provide services to help communities create Science Gateways. SciGaP (via Apache Airavata) will use the Apache Thrift framework ( thrift.apache.org ), a language independent, richly typed interface definition language (IDL) to generate both client and server software development kits (SDKs). Thrift takes a departure from many public services in that it is not a RESTful( http://en.wikipedia.org/wiki/Representational_state_transfer ) API. To gain a better understanding of Thrift (for the CTSC-SciGaP engagement), we examine an existing application/service that uses it: Evernote (evernote.com). Hopefully, the design and use cases of Evernote will help inform the design and use cases of SciGaP, at least from a security perspective. This document provides an overview of Evernote with an emphasis on its Cloud API, some examples of its SDKs, and a list of recommended practices for using Evernote.