Data-intensive science applications in research fields such as bioinformatics, chemistry, and material science are increasingly becoming multi-domain in nature. To augment local campus CyberInfrastructure (CI) resources, these applications rely on multi-institutional resources that are remotely accessible (e.g., scientific instruments, supercomputers, public clouds). Provisioning of such federated CI resources has been traditionally based on applications' performance and quality of service (QoS) requirements. This project aims to augment traditional resource provisioning schemes through novel schemes for formalizing end-to-end security requirements to align security posture across multi-domain resources with heterogeneous policies.
This project addresses the end-to-end multi-domain security design for scientific applications by defining and formalizing security specifications along an application's workflow lifecycle stages. The research work will advance the current knowledge for a CI engineer in the following areas: (i) how to intelligently perform resource allocations among private and public cloud locations; (ii) by streamlining end-to-end security posture across domains that are constructed via dynamic network services; and (iii) how to "bring your own compute" programs in large facilities to reduce turnaround times in a secured and policy-compliant manner. The resulting security formalization and alignment schemes will be implemented as a security middleware coupled within a unified resource broker framework that: (a) operationally integrates various software tools and systems such as perfSONAR, OpenStack, iRODS and Shibboleth; and (b) supports prototypes of web-portals and actual users (e.g., researchers and educators) within usability evaluation and validation experiments.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
