Security in Open Scientific Computing Environments

Report Introduction

Almost all collaboratories involve multiple institutions - DOE labs, universities, industry, other agency labs and systems. This means that most collaboratories operate in computing environments that are inherently open, involving multiple administrative domains without common security models, even without common threat models. Yet security - access control, confidentiality, and uninterrupted service - is essential for collaboratories to function. The individual participants must agree on what needs to be kept private, the computing systems must not be disrupted by hackers, and the networked instruments must be protected from any sort of cyber tampering.

The unique challenges of providing security in an open, scientific environment are introduced in Section 2 of this report. Many standard protection measures that work well in the commercial or military sectors can actually have severe detrimental effects in the open research environment. Security policies for collaborative scientific communities must take into account the nature of those communities and how they work. For example, collaboration cannot flourish in a fortress mentality; for scientists, protection of service is frequently more important (and more difficult) than protection of information. DOE and its laboratory and university community must establish cyber-security policies that enable and protect the success of the DOE science mission, and these policies will differ from those developed by organizations with different missions. Further, managing the human factors that affect security will be as important as implementing the latest security technologies.

Part II of this report (Sections 3 and 4) looks at the open scientific computing environment five years from now and the potential security threats we will face. The emergence of computational and data Grids - standardized middleware for managing the distributed, large-scale computing and data resources of science and engineering is described in Section 3. There will be many advances in the computing and telecommunications milieu that we could not protect with today's security tools, even assuming that attackers and their tools did not change, which will certainly not be the case. The ways that we use and access computing will change, the numbers of researchers and students using collaboratory environments will increase, and the sophistication of hackers will increase substantially. This is considered in Section 4.

Therefore, the criticality of security together with easy access for collaboratory systems will increase dramatically over the next five years. We must become more sophisticated in how we provide security in an environment that will be increasingly open in terms of the diversity of its population and in its use of open infrastructure. We must also provide security in ways that do not interfere with easy access to the many different services needed to build and use large collaboratories, and do not degrade the high performance of networks and systems needed for scientific productivity. Security, easy access, and high performance must all be maintained. If any one of these three elements fails, the collaboratory systems will fail.

Part III addresses the state of distributed applications security and identifies security issues that require further research and development if they are to be addressed successfully. Section 5 discusses collaboratory security issues such as authentication and authorization, perimeter protection, ease of use, protection and performance tradeoffs, metrics and analytical models, and others. Section 6 explores collaboration domains and enclaves, i.e., cross-organizational resources that share a common security policy. Section 7 discusses issues of code safety, including both mobile code and code reliability. And Section 8 describes the need for a cyber-security science that goes beyond current ad hoc approaches to a disciplined methodology for analyzing and modelling cyber-security scenarios as well as validating security techniques and systems against benchmark metrics and specific requirements.

Part IV presents the conclusions of this report. Because DOE's mission gives it a leadership role in building and using large-scale collaboratory environments, DOE must also take a leadership role in ensuring their security, accessibility, and high performance. This leadership will include sponsoring research into the unique security issues facing open collaboratories, and development of appropriate solutions.

Report Conclusions

The workshop participants were drawn almost equally from the Science and Defense Programs DOE Labs, together with several universities and the DOE ASCR/MICS office. Participation by the Defense Programs Labs was very useful to the workshop, and because the open scientific environment has many of the same characteristics once inside the classified computer environment, it was also useful to the Defense Programs Labs.

The workshop examined the significance of open collaborations to DOE's mission, the cybersecurity issues in these environments, some aspects of the future computing environment, and cybersecurity threats. Following this, issues were identified where computer science R&D could contribute to increasing the security of open science environments.

Because of it's major scientific facilities and science mission, DOE must - and does - have a leadership role in building and using large-scale collaboratory environments. Therefore, DOE must take a leadership role in protecting these environments or they will not reach their potential for fostering new and highly productive ways of doing science. The workshop examined example scenarios from half a dozen DOE science programs in order to characterize the open DOE science environment, and the security issues in those environments. From this examination we concluded:

1) Collaboratories are the combination of human collaborators, computer mediated services, and compute, data, and instrument resources drawn from all over the world that support the large-scale collaborations that are necessary to address the hard science problems that are at the core of DOE's Office of Science mission.

2) Change is the norm in this environment, not the exception: new computing and data services are continually being developed to meet new challenges and more effectively apply computing and data analysis to solve scientific problems - rapid prototyping of digital services is how this is done. A rich set of computer mediated services is critical for collaboratories: security cannot be obtained by exclusion of all but the few most common services.

3) Grid services providing access to resources used by scientific communities - uniform CPU access, resource discovery, resource management, uniform data archive access, security, etc. - will be the Internet Services for 21st Century science, and Collaboratories will be built using this infrastructure.

4) Security - denial of service, access control, confidentiality - is a major concern that must be addressed for viable Collaboratories, but it cannot impede the free flow of ideas and information, and access to computing resources.

5) Collaboration - sharing resources across administrative and security domains - will not happen without approaches to security that both protect and allow access.

6) A wide range of security R&D topics have been identified where DOE has the expertise to make a major contribution toward realizing collaboratories by defining and implementing appropriate security that protects open science environments AND allows widely distributed collaboration at the same time.