Center for Applied Cybersecurity Research

Permanent link for this collection

The Center for Applied Cybersecurity Research (CACR) leads the creation of IT security policy, security tools, and secure applications in critical areas of cyberinfrastructure, including health. CACR is affiliated with the Indiana University Pervasive Technology Institute and works closely with its partner organizations at Indiana University: CLEAR Health Information, the Maurer School of Law, the Kelley School of Business, the School of Informatics and Computing, REN-ISAC, the University Information Policy Office, and the University Information Security Office.

Browse

Recent Submissions

Now showing 1 - 20 of 193
  • Item
    The Report of the 2022 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure
    (Trusted CI, 2022-12-13) Songer, Julie; Zage, John
    The report of the 2022 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure comprises an Executive Summary, common themes, and an overview of the sessions, panels, and workshops that occurred during the Oct. 18-20 event. Demographics, a list of speakers, and a survey of attendees are also included.
  • Item
    Modeling Data Integrity Threats for Scientific Workflows Using OSCRP and MITRE ATT&CK
    (2022-08-22) Abhinit, Ishan; Adams, Emily K; Chase, Brian; Mandal, Anirban; Xin, Yufeng; Vahi, Karan; Rynge, Mats; Deelman, Ewa
    Guaranteeing the data integrity of scientific workflows and their associated data products, in the face of nonmalicious and malicious threats, is of paramount importance for the validity and credibility of scientific research. In this work, we describe how we can leverage two popular cybersecurity classification frameworks - OSCRP and MITRE ATT&CK®, to systematically model threats to the integrity of scientific workflows and data in a research setting. We enumerate nonmalicious and malicious threats to the integrity of scientific workflows, and present the relevant assets, concerns, avenues of attacks and impact of the threats in typical scientific workflow execution scenarios.
  • Item
    Identifying Malicious Threats to Scientific Data Integrity Using MITRE ATT&CK®
    (2022-08) Adams, Emily K.
    In this paper malicious tactics and techniques leveraged to explicitly manipulate the integrity of transient workflow data, data products, or derived metadata within scientific workflows are considered. This document leverages the MITRE ATT&CK Enterprise knowledge base of adversary tactics and techniques, based on real-world observations, as the foundation for a scoped analysis enumerating malicious attacks against data integrity within scientific workflows.
  • Item
    Trusted CI - the NSF Cybersecurity Center of Excellence: Award Year 3 Report
    (2022-07) Shute, Kelli
    Trusted CI was renewed as the NSF Cybersecurity Center of Excellence on October 1st, 2019. This report covers Trusted CI's third year (July 1, 2021 - June 30, 2022) operating under a new NSF award, covering Trusted CI's accomplishments during that time under its mission “to provide the NSF community with a coherent understanding of cybersecurity, its importance to computational science, and what is needed to achieve and maintain an appropriate cybersecurity program.”
  • Item
    Data Integrity Threat Model (Non-Malicious)
    (2022-07-27) Abhinit, Ishan
  • Item
    Effective Cybersecurity for Research
    (2022-06-20) Shankar, Anurag; Drake, Will
    The ever-present tension between institutional cybersecurity and researchers has long hampered attempts to secure research. It is also the reason why institutional cybersecurity efforts in academia have been confined to the most sensitive research. The situation has persisted due to other factors also, for instance the complexity of the research environment, but new developments are quickly changing the status quo. Emerging threats and funding requirements scoped beyond individual awards are pointing to a future where securing research holistically is no longer optional. This paper describes an approach to cybersecurity for research that shows great promise in securing research comprehensively. A product of years of work, it focuses exclusively on the researcher and the research mission. It has been stress tested on a large campus, with success exemplified by researchers embracing it voluntarily and research being accelerated greatly.
  • Item
    Science and Security: Sound odd?
    (Trusted CI, 2021-01-27) Christopherson, Laura
    2020 Trusted CI Fellow, Laura Christopherson reports on the lack of security in science research and the importance of making scientific discovery more secure.
  • Item
    Education researchers need more understanding of security environment
    (Trusted CI, 2022-03-16) McCaffrey, Deb
    Deb McCaffrey is a Fellow with Trusted CI, the NSF Cybersecurity Center of Excellence, and a research computing facilitator at the University of Michigan. She explores the security needs of higher education research and clinical research and concludes that both groups need a better understanding of their security environments in order to protect their data.
  • Item
    Manage risk with the classification and protection of digital research data
    (Trusted CI, 2022-03-16) Kyle, Michael
    Michael Kyle is a Fellow with Trusted CI, the NSF Cybersecurity Center of Excellence, and is a scientific applications consultant for the University of Delaware. He describes how researchers can manage their risks with the proper classification and protection of digital research data.
  • Item
    OOI/Trusted CI Engagement
    (2021-11-07) Filus, Shane; Adams, Andrew
    The Ocean Observatories Initiative (OOI, https://oceanobservatories.org/), funded by the NSF OCE Division of Ocean Sciences #1743430 , is a science-driven ocean observing network that 2 delivers real-time data from more than 800 instruments to address critical science questions regarding the world’s oceans. OOI data are freely available online to anyone with an Internet connection. The OOI provides an exponential increase in the scope and timescale of observations of the world’s oceans. Present and future educators, scientists, and researchers will draw conclusions about climatological and environmental processes based on these measurements, which sets a requirement for the data to be accurate, with a flawless pedigree. As a result, the OOI has a requirement to protect its data from being altered by any external agent. To this end, OOI-CI (OOI Cyberinfrastructure) is seeking consultation from Trusted CI on evaluation of their current security program, along with guidance on reviewing and evaluating potential alternatives for an enhanced security posture. 2 https://www.nsf.gov/awardsearch/showAward?AWD_ID=1743430 OOI Engagement Final Report | Trusted CI Distribution: Public 2 Due to leadership changes, obligations and activities involved in transitioning to a new data center, and schedules during the holiday season, this engagement was conducted on a shorter timeline than typically allocated. We were mindful of this when defining goals and milestones and ensured not to overcommit or overpromise the final engagement deliverables. The OOI team consisted of Craig Risien (lead), Jeffrey Glatstein, Jim Housell, and Casey Dinsmore, while the Trusted CI personnel were Shane Filus (lead), and Andrew Adams. The engagement ran from August 16, 2021 to December 31, 2021.
  • Item
    The Report of the 2021 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure
    (Trusted CI, 2021-12-20) Songer, Julie; Zage, John
    The report of the 2021 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure comprises an Executive Summary, common themes, and an overview of the sessions, panels, and workshops that occurred during the Oct. 12-19 online event. Demographics, a list of speakers, and a survey of attendees are also included.
  • Item
    Science DMZ: Secure High Performance Data Transfer
    (2022-01-06) Abhinit, Ishan; Addleman, Hans; Benninger, Kathy; DuRousseau, Don; Krenz, Mark; Meade, Brenna
    Science DMZs are a unique network architecture for allowing high low latency high speed data transfers for science research data. This white paper introduces the idea and explains some of the security challenges and solutions. This document also explains some of the high level implementation details and makes security recommendations for decreasing the security risk while using a Science DMZ
  • Item
    2021 NSF Cybersecurity Summit Collection of Presentations
    (2021-10) Welch, Von
    2021 NSF Cybersecurity Summit Collection of Presentations of slides for Plenary, Workshops & Training
  • Item
    The State of the Scientific Software World: Findings of the 2021 Trusted CI Software Assurance Annual Challenge Interviews
    (2021-09) Peisert, Sean; Adams, Andrew; Avila, Kay; Heymann, Elisa; Krenz, Mark; Lee, Jason; Miller, Barton
  • Item
    Trusted CI Success Story Wildbook
    (Trusted CI, 2021-09-22) Songer, Julie
    Trusted CI helps Wildbook protect endangered species
  • Item
    Trusted CI Success Story UC Berkeley
    (Trusted CI, 2021-09-22) Songer, Julie
    UC Berkeley was looking for experts in higher ed cybersecurity and found Trusted CI
  • Item
    Trusted CI Success Story TransPAC
    (Trusted CI, 2021-09-22) Songer, Julie
    Trusted CI guides TransPAC through NSF cybersecurity requirements
  • Item
    Trusted CI Success Story Pegasus
    (Trusted CI, 2021-09-22) Songer, Julie
    Trusted CI engagement with Pegasus focuses on credentials
  • Item
    Trusted CI Success Story Open XDMoD
    (Trusted CI, 2021-09-22) Songer, Julie
    Trusted CI helps Open XDMoD harden its defenses
  • Item
    Trusted CI Success Story Gemini Observatory
    (Trusted CI, 2021-09-22) Songer, Julie
    Trusted CI creates roadmap to ensure data integrity for Gemini Observatory