NCSA leading project to improve security for science gateways

A three-year project to improve security for science gateways used by researchers across the country gets under way today, led by the National Center for Supercomputing Applications (NCSA) in collaboration with Indiana University, the Texas Advanced Computing Center (TACC), and the University of Wisconsin-Madison. The “Distributed Web Security for Science Gateways” project, which is supported by a $948,821 grant from the National Science Foundation’s Software Development for Cyberinfrastructure program, will enhance cyberinfrastructure for research and education by providing common software building blocks for science gateway security. These building blocks will facilitate secure connections between science gateways and other cyberinfrastructure, increasing the trust in science gateways by scientists and resource providers.

Science gateways broaden and simplify access to cyberinfrastructure by providing web-based interfaces to collaboration, analysis, data management, and other tools for students and researchers. The new project will provide authorization and delegation software for science gateways that complies with the standard OAuth protocol, which has been widely adopted in the Web 2.0, cloud, and social networking worlds.

“We have used the OAuth protocol successfully with science gateways in the TeraGrid and CILogon projects,” said Jim Basney, the project’s principal investigator and an NCSA senior research scientist. “This project enables us to provide more general-purpose science gateway security capabilities, building on the specialized solutions we have developed in the past.”

In 2010, over 9.4 million TeraGrid computing hours were consumed by science gateways serving a wide range of disciplines. In the final quarter of 2010, 42 percent of all users who charged hours to TeraGrid allocations did so through gateway accounts, an all-time high.

“Gateways are an integral part of production cyberinfrastructure, and their security must be assured,” said Suresh Marru, a senior member of the new project at Indiana University and lead of the science gateways program for the XSEDE (Extreme Science and Engineering Discovery Environment) project that is the successor to TeraGrid. “Our overriding project goal is to support scientific research by simplifying secure access to cyberinfrastructure, improving the quality of infrastructure services and software available to gateway developers, and increasing trust of gateways by both users and resource providers.”

The project will build on and integrate with the Open Gateway Computing Environments (OGCE) platform. “The OGCE project provides software to build or enhance science gateways, including a gadget container, a service for wrapping command-line operations as secure network services, and a set of tools for composing, executing, and monitoring scientific workflows,” said Marlon Pierce, a project co-PI at Indiana University and OGCE project lead. “The software we develop in this new project will be included in future OGCE releases.”

The project is partnering with three scientific research projects: UltraScan, iPlant, and GridChem. “In iPlant we have developed custom security solutions that support a diverse set of hardware and services. We plan to update this in the near term to use the OAuth standard mechanisms developed by this project,” said Rion Dooley, a project co-PI at TACC and lead designer of the Foundation API for the iPlant cyberinfrastructure.

The project is also partnering with the Middleware Security and Testing (MIST) team for independent security evaluation of the software to be developed. “We will follow our First Principles Vulnerability Assessment methodology to identify security issues as the project software is developed and ensure they are effectively remedied,” said Barton Miller, professor of computer sciences at the University of Wisconsin-Madison and lead of the MIST project.

For more information about the project, please visit www.sciencegatewaysecurity.org.

Disclaimer: Due to changes in website systems, we've adjusted archived content to fit the present-day site and the articles will not appear in their original published format. Formatting, header information, photographs and other illustrations are not available in archived articles.