Scientific cyberinfrastructures embrace collaborative workflows where users can access and share heterogeneous data and computing resources to perform research and education tasks, which catalyze scientific discovery. One such cyberinfrastructure, JetStream, is the first production cloud funded by the NSF for general-purpose science and engineering research and education. Although Jetstream provides basic data storage security and web authentication, its security features do not satisfy the strict requirements involving sensitive data, such as healthcare data with protected health information (PHI). This project builds a secure, holistic and resilient cybersecurity architecture on JetStream so that collaborative research and education projects can share PHI securely between its users.
The secured infrastructure provides comprehensive multi-level protection for the PHI and its workflows through user authentication, fine-tuned data access control, confidentiality, integrity, and traceability. The project implements role-wise passwordless authentication and authorization, cryptography-based hierarchical access control, dual-level key management, and secure digital provenance integrity protection. By employing these, JetStream VMs can guarantee the security, privacy, and integrity of scientific workflows and associated data, thus protecting data and computing resources from internal and external attacks. When applied to healthcare and life-science cyberinfrastructures, it enables sensitive health data to be shared securely, which is an essential requirement for accelerating life science research. The project promotes the use of real clinical data in training to produce enormous educational impacts. The developed secure architecture is generic and applicable to other data and resource sharing environments.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.