Center for Applied Cybersecurity Research
Permanent link for this collectionhttps://hdl.handle.net/2022/15468
The Center for Applied Cybersecurity Research (CACR) leads the creation of IT security policy, security tools, and secure applications in critical areas of cyberinfrastructure, including health. CACR is affiliated with the Indiana University Pervasive Technology Institute and works closely with its partner organizations at Indiana University: CLEAR Health Information, the Maurer School of Law, the Kelley School of Business, the School of Informatics and Computing, REN-ISAC, the University Information Policy Office, and the University Information Security Office.
Browse
Recent Submissions
Now showing 1 - 20 of 193
Item The Report of the 2022 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure(Trusted CI, 2022-12-13) Songer, Julie; Zage, JohnThe report of the 2022 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure comprises an Executive Summary, common themes, and an overview of the sessions, panels, and workshops that occurred during the Oct. 18-20 event. Demographics, a list of speakers, and a survey of attendees are also included.Item Modeling Data Integrity Threats for Scientific Workflows Using OSCRP and MITRE ATT&CK(2022-08-22) Abhinit, Ishan; Adams, Emily K; Chase, Brian; Mandal, Anirban; Xin, Yufeng; Vahi, Karan; Rynge, Mats; Deelman, EwaGuaranteeing the data integrity of scientific workflows and their associated data products, in the face of nonmalicious and malicious threats, is of paramount importance for the validity and credibility of scientific research. In this work, we describe how we can leverage two popular cybersecurity classification frameworks - OSCRP and MITRE ATT&CK®, to systematically model threats to the integrity of scientific workflows and data in a research setting. We enumerate nonmalicious and malicious threats to the integrity of scientific workflows, and present the relevant assets, concerns, avenues of attacks and impact of the threats in typical scientific workflow execution scenarios.Item Identifying Malicious Threats to Scientific Data Integrity Using MITRE ATT&CK®(2022-08) Adams, Emily K.In this paper malicious tactics and techniques leveraged to explicitly manipulate the integrity of transient workflow data, data products, or derived metadata within scientific workflows are considered. This document leverages the MITRE ATT&CK Enterprise knowledge base of adversary tactics and techniques, based on real-world observations, as the foundation for a scoped analysis enumerating malicious attacks against data integrity within scientific workflows.Item Trusted CI - the NSF Cybersecurity Center of Excellence: Award Year 3 Report(2022-07) Shute, KelliTrusted CI was renewed as the NSF Cybersecurity Center of Excellence on October 1st, 2019. This report covers Trusted CI's third year (July 1, 2021 - June 30, 2022) operating under a new NSF award, covering Trusted CI's accomplishments during that time under its mission “to provide the NSF community with a coherent understanding of cybersecurity, its importance to computational science, and what is needed to achieve and maintain an appropriate cybersecurity program.”Item Data Integrity Threat Model (Non-Malicious)(2022-07-27) Abhinit, IshanItem Effective Cybersecurity for Research(2022-06-20) Shankar, Anurag; Drake, WillThe ever-present tension between institutional cybersecurity and researchers has long hampered attempts to secure research. It is also the reason why institutional cybersecurity efforts in academia have been confined to the most sensitive research. The situation has persisted due to other factors also, for instance the complexity of the research environment, but new developments are quickly changing the status quo. Emerging threats and funding requirements scoped beyond individual awards are pointing to a future where securing research holistically is no longer optional. This paper describes an approach to cybersecurity for research that shows great promise in securing research comprehensively. A product of years of work, it focuses exclusively on the researcher and the research mission. It has been stress tested on a large campus, with success exemplified by researchers embracing it voluntarily and research being accelerated greatly.Item Science and Security: Sound odd?(Trusted CI, 2021-01-27) Christopherson, Laura2020 Trusted CI Fellow, Laura Christopherson reports on the lack of security in science research and the importance of making scientific discovery more secure.Item Education researchers need more understanding of security environment(Trusted CI, 2022-03-16) McCaffrey, DebDeb McCaffrey is a Fellow with Trusted CI, the NSF Cybersecurity Center of Excellence, and a research computing facilitator at the University of Michigan. She explores the security needs of higher education research and clinical research and concludes that both groups need a better understanding of their security environments in order to protect their data.Item Manage risk with the classification and protection of digital research data(Trusted CI, 2022-03-16) Kyle, MichaelMichael Kyle is a Fellow with Trusted CI, the NSF Cybersecurity Center of Excellence, and is a scientific applications consultant for the University of Delaware. He describes how researchers can manage their risks with the proper classification and protection of digital research data.Item OOI/Trusted CI Engagement(2021-11-07) Filus, Shane; Adams, AndrewThe Ocean Observatories Initiative (OOI, https://oceanobservatories.org/), funded by the NSF OCE Division of Ocean Sciences #1743430 , is a science-driven ocean observing network that 2 delivers real-time data from more than 800 instruments to address critical science questions regarding the world’s oceans. OOI data are freely available online to anyone with an Internet connection. The OOI provides an exponential increase in the scope and timescale of observations of the world’s oceans. Present and future educators, scientists, and researchers will draw conclusions about climatological and environmental processes based on these measurements, which sets a requirement for the data to be accurate, with a flawless pedigree. As a result, the OOI has a requirement to protect its data from being altered by any external agent. To this end, OOI-CI (OOI Cyberinfrastructure) is seeking consultation from Trusted CI on evaluation of their current security program, along with guidance on reviewing and evaluating potential alternatives for an enhanced security posture. 2 https://www.nsf.gov/awardsearch/showAward?AWD_ID=1743430 OOI Engagement Final Report | Trusted CI Distribution: Public 2 Due to leadership changes, obligations and activities involved in transitioning to a new data center, and schedules during the holiday season, this engagement was conducted on a shorter timeline than typically allocated. We were mindful of this when defining goals and milestones and ensured not to overcommit or overpromise the final engagement deliverables. The OOI team consisted of Craig Risien (lead), Jeffrey Glatstein, Jim Housell, and Casey Dinsmore, while the Trusted CI personnel were Shane Filus (lead), and Andrew Adams. The engagement ran from August 16, 2021 to December 31, 2021.Item The Report of the 2021 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure(Trusted CI, 2021-12-20) Songer, Julie; Zage, JohnThe report of the 2021 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure comprises an Executive Summary, common themes, and an overview of the sessions, panels, and workshops that occurred during the Oct. 12-19 online event. Demographics, a list of speakers, and a survey of attendees are also included.Item Science DMZ: Secure High Performance Data Transfer(2022-01-06) Abhinit, Ishan; Addleman, Hans; Benninger, Kathy; DuRousseau, Don; Krenz, Mark; Meade, BrennaScience DMZs are a unique network architecture for allowing high low latency high speed data transfers for science research data. This white paper introduces the idea and explains some of the security challenges and solutions. This document also explains some of the high level implementation details and makes security recommendations for decreasing the security risk while using a Science DMZItem 2021 NSF Cybersecurity Summit Collection of Presentations(2021-10) Welch, Von2021 NSF Cybersecurity Summit Collection of Presentations of slides for Plenary, Workshops & TrainingItem The State of the Scientific Software World: Findings of the 2021 Trusted CI Software Assurance Annual Challenge Interviews(2021-09) Peisert, Sean; Adams, Andrew; Avila, Kay; Heymann, Elisa; Krenz, Mark; Lee, Jason; Miller, BartonItem Trusted CI Success Story Wildbook(Trusted CI, 2021-09-22) Songer, JulieTrusted CI helps Wildbook protect endangered speciesItem Trusted CI Success Story UC Berkeley(Trusted CI, 2021-09-22) Songer, JulieUC Berkeley was looking for experts in higher ed cybersecurity and found Trusted CIItem Trusted CI Success Story TransPAC(Trusted CI, 2021-09-22) Songer, JulieTrusted CI guides TransPAC through NSF cybersecurity requirementsItem Trusted CI Success Story Pegasus(Trusted CI, 2021-09-22) Songer, JulieTrusted CI engagement with Pegasus focuses on credentialsItem Trusted CI Success Story Open XDMoD(Trusted CI, 2021-09-22) Songer, JulieTrusted CI helps Open XDMoD harden its defensesItem Trusted CI Success Story Gemini Observatory(Trusted CI, 2021-09-22) Songer, JulieTrusted CI creates roadmap to ensure data integrity for Gemini Observatory