Security and Trust in a Global Research InfrastructureJens Jensen (Science and Technology Facilities Council, UK) and David L. Groep (National Institute for Subatomic Physics, the Netherlands)
Copyright © 2012.
28 pages.
OnDemand Chapter PDF Download
Download link provided immediately after order completion
| $37.50 | |
Available.
Instant access upon order completion.
DOI: 10.4018/978-1-61350-116-0.ch022
Sample PDFCite
MLA
Jensen, Jens and David L. Groep. "Security and Trust in a Global Research Infrastructure." Handbook of Research on Computational Science and Engineering: Theory and Practice. IGI Global, 2012. 539-566. Web. 25 May. 2013. doi:10.4018/978-1-61350-116-0.ch022
APA
Jensen, J., & Groep, D. L. (2012). Security and Trust in a Global Research Infrastructure. In J. Leng, & W. Sharrock (Eds.), Handbook of Research on Computational Science and Engineering: Theory and Practice (pp. 539-566). Hershey, PA: Engineering Science Reference. doi:10.4018/978-1-61350-116-0.ch022
Chicago
Jensen, Jens and David L. Groep. "Security and Trust in a Global Research Infrastructure." In Handbook of Research on Computational Science and Engineering: Theory and Practice, ed. J. Leng and Wes Sharrock, 539-566 (2012), accessed May 25, 2013. doi:10.4018/978-1-61350-116-0.ch022
Export Reference
  | | TopAbstractModern science increasingly depends on international collaborations. Large instruments are expensive and have to be funded by several countries, and they generate very large volumes of data that must be archived and analysed. Scientific research infrastructures, e-Infrastructures, or cyber infrastructures support these collaborations and many others. In this chapter we look at the issue of trust for such infrastructures, particularly when scaling up from a small one. This growth can be “natural,” as more researchers are added, but can also be dramatic if whole new communities are added, possibly with different requirements. Our focus is on authentication, since for most realistic infrastructures, authentication is the foundation upon which further security is built. Our aim has been to focus on real-life experiences and examples, distilling them into practical advice. TopIntroductionScience and research are increasingly becoming global: where researchers previously only communicated by email, they now collaborate closely across national boundaries using supporting e-infrastructures or cyber infrastructures. For a small group of researchers sharing few resources, it is fairly easy to establish a trusted relationship between the users and the resources: for example by getting everyone together in the same room and hand out passwords. It becomes much more difficult to establish and maintain these relationships when the group grows, when many other resources are added, or when the resources need higher levels of protection (e.g. if accessing sensitive data or controlling an instrument.) This chapter looks at the challenges in scaling up from small infrastructures to large ones. Our emphasis is more on human processes than technology: ultimately trust is between humans, supported by processes and policies; the role of technology is to mediate the trust in a distributed infrastructure. Purely technological proposals for scaling to larger infrastructures have been studied elsewhere, e.g. identity based encryption (Shamir, 1984), or more recently, building PKI (Public Key Infrastructure) with secure “mediators” (Boneh, 2001; Vanrenen, Smith, & Marchesini, 2005) these and others will not be pursued here. When we need to cover aspects of commonly used technology, we do so to assess how much it can help scale the trust infrastructure. In addition to being “sociological,” our overall aim is highly practical: we focus on processes and technology which are known to work on a global scale. A high level outline of this chapter is as follows: - 1.
Introduction - 2.
A discussion of the participants and their trust relationships. - 3.
Investigating scalability issues. - 4.
A discussion of issues and controversies. - 5.
Practical advice for people seeking to scale a trust infrastructure. - 6.
Future directions.
TopParticipants And Security GoalsLet us first look at the simplest case mentioned in the introduction: a group of users accessing a shared resource. They may use a password to authenticate to the resource, and the password can be reset using their email address if they forget it. e-Commerce (see Example 1 and Anderson (2008, sec. 10.5) for further discussion) is similar. In both cases, we have a group of users who interact only with the resource, not with each other. Example 1. Doohickey Inc sells widgets on the Internet. Alice signs up and gets a password mailed to her. She uses the password to log in and buy widgets using her credit card. Each time Alice logs in, she sees her account and can track her order. If she forgets her password, she clicks a reset button and a new (possibly temporary) password is sent to her email account.
The need for security is not high because the account is used mainly for presentation purposes (unless the server remembers her credit card details and no additional checks are performed!) Security in this case appears to be symmetric, being based on a secret shared between the user and the resource, namely the password1. (The trust relationship need not be symmetric, though, as we shall see in sections Resources and Scalability of the Infrastructure.) TopComplete Chapter List
Search this Book:
Reset | 1. |
Gabriele Jost (The University of Texas at Austin, USA), Alice E. Koniges (Lawrence Berkeley National Laboratory, USA)
The upcoming years bring new challenges in high-performance computing (HPC) technology. Fundamental changes in the building blocks of HPC hardware are forcing corres...
Sample PDF |
More details... | $37.50 |
| 2. |
Ivan Girotto (National University of Ireland Galway, Republic of Ireland), Robert M. Farber (Pacific Northwest National Laboratory, USA)
This chapter focuses on the technical/commercial dynamics of multi-threaded hardware architecture development, including a cost/benefit account of current and future...
Sample PDF |
More details... | $37.50 |
| 3. |
Domingo Benitez (University of Las Palmas de Gran Canaria, Spain)
Many accelerator-based computers have demonstrated that they can be faster and more energy-efficient than traditional high-performance multi-core computers. Two type...
Sample PDF |
More details... | $37.50 |
| 4. |
Rasit O. Topaloglu (GlobalFoundries, USA), Swati R. Manjari (Rensselaer Polytechnic Institute, USA), Saroj K. Nayak (Rensselaer Polytechnic Institute, USA)
Interconnects in semiconductor integrated circuits have shrunk to nanoscale sizes. This size reduction requires accurate analysis of the quantum effects. Furthermore...
Sample PDF |
More details... | $37.50 |
| 5. |
Prashobh Balasundaram (IBM Dublin Software Laboratories, Republic of Ireland)
This chapter presents a study of leading open source performance analysis tools for high performance computing (HPC). The first section motivates the necessity of op...
Sample PDF |
More details... | $37.50 |
| 6. |
David Worth (Science and Technology Facilities Council, UK), Chris Greenough (Science and Technology Facilities Council, UK), Shawn Chin (Science and Technology Facilities Council, UK)
The purpose of this chapter is to introduce scientific software developers to software engineering tools and techniques that will save them much blood, sweat, and te...
Sample PDF |
More details... | $37.50 |
| 7. |
Diane Kelly (Royal Military College, Canada), Daniel Hook (Engineering Seismology Group, Canada), Rebecca Sanders (EA Pogo, Canada)
The aim of this chapter is to provide guidance on the challenges and approaches to testing computational applications. Testing in our case is focused on code testing...
Sample PDF |
More details... | $37.50 |
| 8. |
Judith Segal (The Open University, UK), Chris Morris (STFC Daresbury Laboratory, UK)
There are significant challenges in developing scientific software for a broad community. In this chapter, we discuss how these challenges are somewhat different bot...
Sample PDF |
More details... | $37.50 |
| 9. |
Fumie Costen (University of Manchester, UK), Akos Balasko (Hungarian Academy of Sciences, Hungary)
The computational architecture of Enabling Grids for E-sciencE is introduced as it made our code porting very challenging, and the discussion presented is directly a...
Sample PDF |
More details... | $37.50 |
| 10. |
Abid Yahya (Universiti Malaysia Perlis, Malaysia), Farid Ghani (Universiti Malaysia Perlis, Malaysia), R. Badlishah Ahmad (Universiti Malaysia Perlis, Malaysia), Mostafijur Rahman (Universiti Malaysia Perlis, Malaysia), Aini Syuhada (Universiti Malaysia Perlis, Malaysia), Othman Sidek (Collaborative Microelectronic Design Excellence Center, Malaysia), M. F. M. Salleh (Universiti Sains Malaysia, Malaysia)
This chapter presents performance of a new technique for constructing Quasi-Cyclic Low-Density Parity-Check (QC-LDPC) encrypted codes based on a row division method....
Sample PDF |
More details... | $37.50 |
| 11. |
Hubertus J. J. van Dam (Pacific Northwest National Laboratory, USA)
Quantum chemistry was a compute intensive field from the beginning. It was also an early adopter of parallel computing, and hence, has more than twenty years of expe...
Sample PDF |
More details... | $37.50 |
| 12. |
Marc Hafner (Ecole Polytechnique Fédérale de Lausanne (EPFL), Switzerland), Heinz Koeppl (Swiss Federal Institute of Technology Zurich (ETHZ), Switzerland)
With the advances in measurement technology for molecular biology, predictive mathematical models of cellular processes come in reach. A large fraction of such model...
Sample PDF |
More details... | $37.50 |
| 13. |
C. T. J. Dodson (University of Manchester, UK)
Many real processes have stochastic features which seem to be representable in some intuitive sense as `close to Poisson’, `nearly random’, `nearly uniform’ or with...
Sample PDF |
More details... | $37.50 |
| 14. |
Stefania Tomasiello (University of Basilicata, Italy)
Though relatively unknown, the Differential Quadrature Method (DQM) is a promising numerical technique that produces accurate solutions with less computational effor...
Sample PDF |
More details... | $37.50 |
| 15. |
Marco Evangelos Biancolini (University of Rome, Italy)
Radial Basis Functions (RBF) mesh morphing, its theoretical basis, its numerical implementation, and its use for the solution of industrial problems, mainly in Compu...
Sample PDF |
More details... | $37.50 |
| 16. |
Joanna Leng (Visual Conclusions, UK), Theresa-Marie Rhyne (Visualization Consultant, USA), Wes Sharrock (University of Manchester, UK)
This chapter focuses on state of the art at the intersection of visualization and CSE. From understanding current trends it looks to future applications for these te...
Sample PDF |
More details... | $37.50 |
| 17. |
Peter Sarlin (Åbo Akademi University, Finland)
Since the 1980s, two severe global waves of sovereign defaults have occurred in less developed countries (LDCs): the LDC defaults in the 1980s and the LDC defaults a...
Sample PDF |
More details... | $37.50 |
| 18. |
Iain Barrass (Health Protection Agency, UK), Joanna Leng (Visual Conclusions, UK)
Since infectious diseases pose a significant risk to human health many countries aim to control their spread. Public health bodies faced with a disease threat must u...
Sample PDF |
More details... | $37.50 |
| 19. |
Eldon R. Rene (University of La Coruña, Spain), Sung Joo Kim (University of Ulsan, South Korea), Dae Hee Lee (University of Ulsan, South Korea), Woo Bong Je (University of Ulsan, South Korea), Mirian Estefanía López (University of La Coruña, Spain), Hung Suck Park (University of Ulsan, South Korea)
Sequencing batch reactor (SBR) is a versatile, eco-friendly, and cost-saving process for the biological treatment of nutrient-rich wastewater, at varying loading rat...
Sample PDF |
More details... | $37.50 |
| 20. |
Joanna Leng (Visual Conclusions, UK), Wes Sharrock (University of Manchester, UK)
Computational Science and Engineering (CSE) is an emerging, rapidly developing, and potentially very significant force in changing scientific practice by offering a...
Sample PDF |
More details... | $37.50 |
| 21. |
Kerstin Kleese van Dam (Pacific Northwest National Laboratory, USA), Mark James (University of California San Diego, USA), Andrew M. Walker (University of Bristol, UK)
This chapter describes the key principles and components of a good data management system, provides real world examples of how these can be successfully integrated w...
Sample PDF |
More details... | $37.50 |
| 22. |
Jens Jensen (Science and Technology Facilities Council, UK), David L. Groep (National Institute for Subatomic Physics, the Netherlands)
Modern science increasingly depends on international collaborations. Large instruments are expensive and have to be funded by several countries, and they generate ve...
Sample PDF |
More details... | $37.50 |
| 23. |
Matt Ratto (University of Toronto, Canada)
Computational science and engineering (CSE) technologies and methods are increasingly considered important tools for the humanities and are being incorporated into s...
Sample PDF |
More details... | $37.50 |
| 24. |
Phillip L. Manning (University of Manchester, UK, & University of Pennsylvania, USA), Peter L. Falkingham (University of Manchester, UK)
Dinosaurs successfully conjure images of lost worlds and forgotten lives. Our understanding of these iconic, extinct animals now comes from many disciplines, not jus...
Sample PDF |
More details... | $37.50 |
TopKey Terms in this ChapterAuthentication: In the context of this chapter, authentication refers to the process of establishing that a usually remote entity is who or what they claim to be (cf. (Chokhani, S., et al, 2003), section 2.) Authentication of an entity to a verifier usually involves the presentation of an identity token, along with a verification by the verifier of the validity of the token, as well as a check that the entity is the one named in the token. A real-life example is presenting a passport to an immigration official, who will check that it is a valid passport and compare the picture with the person presenting the passport. Cf. identification, below. Identification: “Establishing that a given name of an individual or organization corresponds to a real-world identity of an individual or organization, and establishing that an individual or organization applying for or seeking access to something under that name is, in fact, the named individual or organization” (Chokhani, S., et al, 2003, section 2.) As an example, consider an application for a passport: if you have had one before, it may be sufficient to show it; otherwise a documented process is used to verify your name and the likeness of a recent photo. (Once the passport is issued, another process needs to ensure that it is delivered to you, the applicant.) An example of the second half of the definition is if you pick up a package (in your name) at the post office, and use the passport to prove that you are the person to whom the package is addressed. Policy: In the context of this chapter, a policy is a published statement describing any or all of infrastructure, community, participants, methods, obligations, requirements, jurisdictions, etc., sufficient for a participant to determine the trustworthiness of the publisher. For example, a federation of identity providers (a special case of the hub in section 3) may have a policy that all users shall have individual identity tokens (i.e. tokens must not be shared.) Some identity providers (i.e. token issuers) within the federation may further require that the tokens carry a reasonable resemblance of the token owner’s name. The policy of the federation, and possibly the individual providers, should be sufficient for a resource provider to determine the LoA (see above) of the federation and whether it is sufficient; possibly they will accept tokens only from the providers that issue named tokens. Of course, it is necessary that a participant with a policy follow the policy – an audit may be required to assuage the resource provider. Level of Assurance: (LoA): The LoA is an attempt to measure of the overall strength of the assertions made in the infrastructure (section 2.5.3.) An infrastructure managing public data does not usually need a high LoA; if it manages personal data it needs a much higher one; if it manages state secrets, it needs a higher one still. See (Bolten, J.B., 2003) for an overview, and (Burr, Polk, & Dodson, 2006.) for further details. Trusted Third Party: An intermediary whose role in the infrastructure is to establish or mediate trust, and, possibly, verify the trustworthiness (i.e. reputation) of other participants. Trust: The word “trust” has several meanings (section 3); the ones relevant to this chapter are the belief in the honesty and reliability of, or confidence in, some other party. For example, Alice feels confident lending Bob her car because she trusts that he will return it and she has confidence he will drive well. See also Scalability: Scalability refers to the ability of the trusted infrastructure to scale, usually in terms of the number of participants. A secondary aspect of scalability is scaling geographically, as scaling beyond national boundaries often poses certain problems. As discussed in section 3, scalability should be seen from the perspective of the individual participant making bilateral trust decisions, as well as the total scale of the infrastructure and its ability to grow. It is the purpose of this chapter to give guidelines for building trusted infrastructures that will grow to a global scale. |
| |