CICI: UCSS: ScienceAccess: Enabling Zero-Trust Resource Access Management for Scientific Collaborations
Arizona State University, Scottsdale AZ
Investigators
Abstract
Scientific collaborations tremendously contribute to advancing science by allowing to share diverse resources including real data, high-performance computing, network channel, and so on. Since multiple stakeholders are involved in accessing those resources, it is critical to regulate resource sharing activities based on a series of access mediation security policies (AM-Policies) that fulfill requirements and constraints from various institutions, collaborative teams, and researchers. Such policy-driven approach would help achieve important challenges in scientific collaborations: fairness in resource sharing and risk management in dealing with digital assets. However, such AM-Policies have been specified, evaluated and enforced in an ad-hoc, semi-formal, and incomplete way: (i) scientists still need to write their own AM-Policies without having expressiveness power in policy specification, making it difficult for them to correctly articulate their specific needs. (ii) the evaluation and enforcement of AM-Policies across multiple local institutions and administrators are limited. (iii) there is also limited support for systematically collecting security-relevant data that needs to evaluate policies at run-time. To address these challenges, this project develops ScienceAccess, a federated framework supporting the storage, retrieval, evaluation, and enforcement of AM-Policies that allows for scientists and administrators to manage their resource sharing needs with a high degree of autonomy. Ultimately, ScienceAccess attempts to produce the following outcomes: (i) new insights to articulate AM-Policies for effectively sharing resources and real-world experiments with existing cyberinfrastructures including the Arizona Federated Open Research Computing Enclave (AFORCE) and Science DMZ; (ii) new innovative techniques to efficiently specify, evaluate, and manage AM-Policies with the notion of a Zero-Trust security, including the automated collection and distribution of security-relevant information in the form of attributes between independently-run scientific institutions; and (iii) assessments, guidelines, and best practices for future deployments of ScienceAccess framework. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →