iSGTW - International Science Grid This Week
iSGTW - International Science Grid This Week

Home > iSGTW 09 April 2008 > iSGTW Opinion - Five pillars for secure scientific computing

Opinion - Five pillars for secure scientific computing

Should cybersecurity be reactive or proactive? Should it be both? As scientific computing becomes more important to fundamental progress and research, can we intercede to prevent futures such as the above?
Images courtesy of Oak Ridge National Laboratory

Cybersecurity, as currently practiced, is a mixed bag of electronic patches and reactionary physical and administrative controls aimed at fixing the “crisis du jour.” We rely heavily on black-box commercial solutions, despite the critical importance of cyber resources and infrastructure to the scientific missions of our time.

As the cyber threat continues to grow, scientific assets—like grid computing, supercomputers and perhaps even the fundamental means of scientific communication—will become threatened. It becomes increasingly clear that we must embark on a scientific process of inquiry, investigation and sound decision-making to combat the cyber-threat we face.

Rather than waiting to discover a cyber attack—perhaps days, weeks or months after it has happened—we need to implement a scientifically rooted approach to cybersecurity with a rigorous technical foundation.

Here, we propose five pillars of research that will pave the way for the interdisciplinary advances needed to thwart the growing cyber-threat and the risks it poses to our critical scientific infrastructure.
The defence of cybersecurity requires a many-pillared plan, say Christopher Griffin and Louis Wilder.
Image courtesy of Oak Ridge National Laboratory

Pillar 1: Risk assessment and evaluation for complex distributed systems

Risk assessment methods are needed to understand our current state of affairs and to identify the inherent security of systems yet to be built. Currently, we do a very poor job at analyzing risks associated with information or information systems, usually relying on a post-mortem analysis—when it is too late.

Pillar 2: Knowledge discovery for detection and forensics

New knowledge discovery and data mining techniques are needed to help with forensics on current systems and to aid in online detection and forensics in future systems. Scientific system produce enormous amounts of data and grid computing system use numerous numbers of network transactions to achieve computational parallelism. Forensic analysis on such systems is a mammoth undertaking requiring new statistical techniques for enormous quantities of data.

Pillar 3: Active response to attack

Active response to attack is necessary for future systems because (i) we know we can never produce 100 percent secure general-purpose computing systems, and (ii) the speed of attack and the ensuing spread of system damage is more rapid than a human can manage or mitigate.

Pillar 4: Attack deterrence

An understanding of the motivations of attackers and methods for deterring attacks—either by education or fear of detection—will be necessary to enhance future systems security.

Pillar 5: Hardware as a security enabler in specialized systems

Poorly designed or closed hardware can be an enabler of poor security. BIOS viruses, while not yet detected in the wild, are a distinct possibility. Well-designed hardware, specifically for custom systems like those employed in grid computing or distributed scientific endeavors, can enable system security and reduce the number of potential attack vectors that are unknown to a system’s users and maintainers.

- Christopher Griffin and Louis Wilder, Oak Ridge National Laboratory

The annual Cyber Security and Information Intelligence Research Workshop will be held at Oak Ridge National Laboratory in Oak Ridge, TN, U.S., from 12-14 May 2008. 


 iSGTW 22 December 2010

Feature – Army of Women allies with CaBIG for online longitudinal studies

Special Announcement - iSGTW on Holiday

Video of the Week - Learn about LiDAR


NeHC launches social media

PRACE announces third Tier-0 machine

iRODS 2011 User Group Meeting

Jobs in distributed computing


Enter your email address to subscribe to iSGTW.


 iSGTW Blog Watch

Keep up with the grid’s blogosphere

 Mark your calendar

December 2010

13-18, AGU Fall Meeting

14-16, UCC 2010

17, ICETI 2011 and ICSIT 2011

24, Abstract Submission deadline, EGI User Forum


January 2011

11, HPCS 2011 Submission Deadline

11, SPCloud 2011

22, ALENEX11

30 Jan – 3 Feb, ESCC/Internet2


February 2011

1 - 4, GlobusWorld '11

2, Lift 11

15 - 16, Cloudscape III

More calendar items . . .


FooterINFSOMEuropean CommissionDepartment of EnergyNational¬†Science¬†Foundation RSSHeadlines | Site Map