iSGTW - International Science Grid This Week
iSGTW - International Science Grid This Week

Home > 12 November 2008 > iSGTW Feature - Security through collaboration part II: framework for investigations

Feature - Security through collaboration, part II: a framework for investigations

Image courtesy of NCSA.

Last week, Randal Butler of NCSA, University of Illinois, discussed cyber security in today’s world of cross-domain computing, trust relationships and sophisticated cyber attacks. This week, he follows up with a discussion of collaborative cyber security and a prototype framework for cyber investigation developed by NCSA.  

In today’s cyber-climate, a single attack can affect multiple organizations, increasing the need for security professionals to collaborate in both incident prevention and response.  

The challenges that cyber investigators face are very much like those of their counterparts in academic research. The data they collect often comes from many sites and in a variety of formats, making it difficult to analyze.  Cyber security at academic sites is often underfunded and understaffed.

They also share benefits. In both research and security, the combination of unique problem-solving skills, perspectives and information that individuals bring to a team significantly enhances what can be accomplished alone.

In The Lord of the Rings, the three remaining palantirs (palaníri) were used primarily for deception.  NCSA's palantir will instead help root it out.  Image courtesy of  

“Build me an army”

NCSA has developed a Web-based collaborative problem solving environment, or framework, for cyber security investigations. Called Palantir, it houses and manages investigation data within an advanced data repository that supports auditing and data provenance capture. The data’s provenance—its origin, how it was produced and by whom, how it has been processed—is particularly critical information for the investigative process. The framework also supports tools for data analysis, secure communications, and the capacity to add sites and investigators as the investigation expands. Investigators can create workflows for analyzing, visualizing and publishing data using the integrated CyberIntegrator scientific workflow system.

A collaborative framework of this type acts as a force multiplier, bringing the expertise and experience of a network of security professionals, in a variety of roles, to bear on an investigation. It brings organization to a very complicated process that may involve tens or hundreds of people and sites, and thousands of security logs, tracking all the different approaches to analysis and ensuring that the investigative steps can be retraced.

Palantir is based on a collaborative environment called the NCSA CyberCollaboratory, designed to enable academic research communities to interact and share data using Web-based applications and portal technology.

Cyber security—especially incident response—is now benefiting from collaboration concepts and technologies developed by the very researchers it has been protecting. 

Randal Butler, NCSA, for iSGTW


 iSGTW 22 December 2010

Feature – Army of Women allies with CaBIG for online longitudinal studies

Special Announcement - iSGTW on Holiday

Video of the Week - Learn about LiDAR


NeHC launches social media

PRACE announces third Tier-0 machine

iRODS 2011 User Group Meeting

Jobs in distributed computing


Enter your email address to subscribe to iSGTW.


 iSGTW Blog Watch

Keep up with the grid’s blogosphere

 Mark your calendar

December 2010

13-18, AGU Fall Meeting

14-16, UCC 2010

17, ICETI 2011 and ICSIT 2011

24, Abstract Submission deadline, EGI User Forum


January 2011

11, HPCS 2011 Submission Deadline

11, SPCloud 2011

22, ALENEX11

30 Jan – 3 Feb, ESCC/Internet2


February 2011

1 - 4, GlobusWorld '11

2, Lift 11

15 - 16, Cloudscape III

More calendar items . . .


FooterINFSOMEuropean CommissionDepartment of EnergyNational¬†Science¬†Foundation RSSHeadlines | Site Map