NCSA CyberSecurity Team Awarded NSF Grants

January 21, 2016

Jan. 21 — In a span of 24 hours, The CyberSecurity team at the NCSA received news on four grants—two for continuing work, and two for starting new projects.

At the beginning of September, Alex Withers, senior security engineer for the CyberSecurity team, was awarded a $499,136 grant from the National Science Foundation (NSF) to build a tool to detect malicious activity. Designed to fit inside an existing security environment, the tool consumes security logs and examines separate events that may have led up to malicious activity.

For example, if a desktop reaches out remotely to another computer, it might not be malicious activity. However, if someone received a suspicious email, downloaded a program from the email, and then experienced their desktop reaching out to another computer, it could be suspicious.

Withers acknowledges that it can be hard to link events that are seemingly unrelated, and more difficult to link them correctly without being influenced by confirmation bias. The tool, called “AttackTagger,” is meant to make it easier to link events without getting false results.

The tool stems from research by professor of electrical and computer engineering Ravi Iyer’s DEPEND group, providing a practical application for the data and research.

“It’s a great idea to transform research into a tool readily deployed,” Withers says.

The research was the result of a five-year span of data taken from the NCSA’s incident reports written by security analysts. In those, analysts went back after the fact, looked at the logs of events that occurred and determined what events happened in sequence. The DEPEND group used NCSA’s data in their research and development of the AttackTagger tool.

Eric Badger, a graduate student working with DEPEND, works on architecture for data flow, or a pipeline, to help confirm that AttackTagger works well. The attack detection happens in real time, as the events move from the host and network through the pipeline, where they end up in attack detection software. While the previous research dealt with an ideal set of events, Badger’s current research deals with practical, real-world events.

“We might not get exactly the same false-positive and true-positive levels that we had in our previous research,” Badger says. “But we’re hoping for at least something that is fairly manageable, and that we can improve on in a real world setting.”

One thing that Badger made sure of was that the source code for the pipeline architecture was open source, or available for anyone to look at or change.

“You can take this system and mold it to be your own easily, instead of taking this prepackaged, ‘take-it-or-leave-it’ kind of thing,” Badger says.

Withers, along with Integrated CyberInfrastructure director Randal Butler and CyberSecurity director Adam Slagell, received a $499,206 grant to create Science DMZ Actionable Intelligence Appliance (SDAIA), which enhances the security infrastructure of open science networks.

The Science DMZ model benefits universities in how it allows them to transfer large amounts of data without firewalls or other devices in the way.

SDAIA will help keep those open networks secure.

Since some universities may be able to share computing capabilities but have limited IT departments, so SDAIA keeps the front part of the network secure. One part is through a honeypot, a mechanism that lures attackers in and then uses the information gathered against them. The other part is how it benefits universities by sharing data about attacks, which can alert other sites of threats.

By sharing data, SDAIA allows researchers to possibly see patterns in the attacks. Through this, it provides the opportunity to strengthen the security of sites and lets researchers be able to focus on more important things.

“What Science DMZ protects are mainly networks to facilitate science. If they’re not secured, it ends up disrupting resources, spending more time preventing attacks, which prevents the science from flowing,” Withers says.

Slagell notes that the SDAIA and the Science DMZ are both small pieces of a bigger puzzle.

“The Science DMZ is helping to remove bottlenecks in science, and we’re helping to secure (the Science DMZ) so that those resources are available and people start making use of them and connecting these together,” Slagell said. “It’s part of a larger goal for NSF, building up this infrastructure and building out across the nation, investing in it. It’s part of a longer story.”

The other grants allowed senior research scientist Jim Basney to continue work on CILogon and the Center for Trustworthy Scientific Cyberinfrastructure (CTSC).

Awarded a $499,973 grant, CILogon 2.0 is a project that works to allow researchers to access online resources like supercomputers, wikis and data stores by using their campus credentials. It allows scientists to spend less time on setting up security and identity verification systems and more time on their scientific collaboration. The CILogon project began in September of 2009, and CILogon 2.0 is the “next generation of CILogon,” says Basney.

In addition to taking the project to an international level, Basney is also utilizing COManage to manage groups of researchers and let researchers “define the membership of their collaboration.” Basney is working with the COManage experts at Spherical Cow Group on this aspect of the project.

For example, if a researcher used CILogon, it can tell who the person is, but won’t know if they’re a member of a group, which is needed to allow data sharing with the other people in that group.

“Projects that are using the current CILogon are required to provide their own group management capability, but when we bring COManage into CILogon 2.0, then we give them a bundled solution so that they get the identity and group management together.”

The other project that Basney is part of—CTSC—was started in October of 2012. The NSF awarded the project a follow-on grant of $4,999,709 to continue for another three years. Of that total grant, $1,374,035 is budgeted for the NCSA.

The CTSC project, led by Indiana University in partnership with NCSA, Pittsburgh Supercomputing Center, and University of Wisconsin, aims to help other NSF projects improve their security.

The CTSC works with projects to develop security plans and solve technical security problems. CTSC staff work with people on the project they’re assisting to produce a report, technical results or a security program plan the project can implement.

In addition to working with projects individually, the CSTC also holds a cybersecurity summit each August where representatives of the NSF facilities discuss their security challenges and host presentations.

Source: Susan Szuch, NCSA

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

InfiniBand Still Tops in Supercomputing

July 19, 2018

In the competitive global HPC landscape, system and processor vendors, nations and end user sites certainly get a lot of attention--deservedly so--but more than ever, the network plays a crucial role. While fast, perform Read more…

By Tiffany Trader

HPC for Life: Genomics, Brain Research, and Beyond

July 19, 2018

During the past few decades, the life sciences have witnessed one landmark discovery after another with the aid of HPC, paving the way toward a new era of personalized treatments based on an individual’s genetic makeup Read more…

By Warren Froelich

WCRP’s New Strategic Plan for Climate Research Highlights the Importance of HPC

July 19, 2018

As climate modeling increasingly leverages exascale computing and researchers warn of an impending computing gap in climate research, the World Climate Research Programme (WCRP) is developing its new Strategic Plan – and high-performance computing is slated to play a critical role. Read more…

By Oliver Peckham

HPE Extreme Performance Solutions

Introducing the First Integrated System Management Software for HPC Clusters from HPE

How do you manage your complex, growing cluster environments? Answer that big challenge with the new HPC cluster management solution: HPE Performance Cluster Manager. Read more…

IBM Accelerated Insights

Are Your Software Licenses Impeding Your Productivity?

In my previous article, Improving chip yield rates with cognitive manufacturing, I highlighted the costs associated with semiconductor manufacturing, and how cognitive methods can yield benefits in both design and manufacture.  Read more…

U.S. Exascale Computing Project Releases Software Technology Progress Report

July 19, 2018

As is often noted the race to exascale computing isn’t just about hardware. This week the U.S. Exascale Computing Project (ECP) released its latest Software Technology (ST) Capability Assessment Report detailing progress so far. Read more…

By John Russell

InfiniBand Still Tops in Supercomputing

July 19, 2018

In the competitive global HPC landscape, system and processor vendors, nations and end user sites certainly get a lot of attention--deservedly so--but more than Read more…

By Tiffany Trader

HPC for Life: Genomics, Brain Research, and Beyond

July 19, 2018

During the past few decades, the life sciences have witnessed one landmark discovery after another with the aid of HPC, paving the way toward a new era of perso Read more…

By Warren Froelich

D-Wave Breaks New Ground in Quantum Simulation

July 16, 2018

Last Friday D-Wave scientists and colleagues published work in Science which they say represents the first fulfillment of Richard Feynman’s 1982 notion that Read more…

By John Russell

AI Thought Leaders on Capitol Hill

July 14, 2018

On Thursday, July 12, the House Committee on Science, Space, and Technology heard from four academic and industry leaders – representatives from Berkeley Lab, Argonne Lab, GE Global Research and Carnegie Mellon University – on the opportunities springing from the intersection of machine learning and advanced-scale computing. Read more…

By Tiffany Trader

HPC Serves as a ‘Rosetta Stone’ for the Information Age

July 12, 2018

In an age defined and transformed by its data, several large-scale scientific instruments around the globe might be viewed as a ‘mother lode’ of precious data. With names seemingly created for a ‘techno-speak’ glossary, these interferometers, cyclotrons, sequencers, solenoids, satellite altimeters, and cryo-electron microscopes are churning out data in previously unthinkable and seemingly incomprehensible quantities -- billions, trillions and quadrillions of bits and bytes of electro-magnetic code. Read more…

By Warren Froelich

Tsinghua Powers Through ISC18 Field

July 10, 2018

Tsinghua University topped all other competitors at the ISC18 Student Cluster Competition with an overall score of 88.43 out of 100. This gives Tsinghua their s Read more…

By Dan Olds

HPE, EPFL Launch Blue Brain 5 Supercomputer

July 10, 2018

HPE and the Ecole Polytechnique Federale de Lausannne (EPFL) Blue Brain Project yesterday introduced Blue Brain 5, a new supercomputer built by HPE, which displ Read more…

By John Russell

Pumping New Life into HPC Clusters, the Case for Liquid Cooling

July 10, 2018

High Performance Computing (HPC) faces some daunting challenges in the coming years as traditional, industry-standard systems push the boundaries of data center Read more…

By Scott Tease

Leading Solution Providers

SC17 Booth Video Tours Playlist

Altair @ SC17


AMD @ SC17


ASRock Rack @ SC17

ASRock Rack



DDN Storage @ SC17

DDN Storage

Huawei @ SC17


IBM @ SC17


IBM Power Systems @ SC17

IBM Power Systems

Intel @ SC17


Lenovo @ SC17


Mellanox Technologies @ SC17

Mellanox Technologies

Microsoft @ SC17


Penguin Computing @ SC17

Penguin Computing

Pure Storage @ SC17

Pure Storage

Supericro @ SC17


Tyan @ SC17


Univa @ SC17


  • arrow
  • Click Here for More Headlines
  • arrow
Do NOT follow this link or you will be banned from the site!
Share This