Security Lessons from the EGSO Project An Experience Report Clare Gryce University College London.

Slides:



Advertisements
Similar presentations
ENTITIES FOR A UN SYSTEM EVALUATION FRAMEWORK 17th MEETING OF SENIOR FELLOWSHIP OFFICERS OF THE UNITED NATIONS SYSTEM AND HOST COUNTRY AGENCIES BY DAVIDE.
Advertisements

LIVING WITH RISK : AN INTEGRATED APPROACH TO REDUCING SOCIETAL VULNERABILITY TO DROUGHT ISDR AD HOC DISCUSSION GROUP ON DROUGHT ISDR TF April 2003.
WCDR Thematic Panel Governance: Institutional and Policy Frameworks for Risk Reduction Annotated Outline UNDP – UNV – ProVention Consortium – UN-Habitat.
Theory-Based Evaluation:
EuropeAid PARTICIPATORY SESSION 2: Managing contract/Managing project… Question 1 : What do you think are the expectations and concerns of the EC task.
VO Support and directions in OMII-UK Steven Newhouse, Director.
A centre of expertise in data curation and preservation DCC Workshop: Curating sApril 24 – 25, 2006 Funded by: This work is licensed under the Creative.
Key Messages National Riparian Lands Research & Development Program Assessing Community Capacity for Riparian Restoration.
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
Applying the Human Views for MODAF to the conception of energy-saving work solutions Dr Anne Bruseberg Systems Engineering & Assessment Ltd, UK on behalf.
User Driven Modelling and Systematic Interaction for End-User Programming Modelling for Engineering Processes Peter Hale UWE.
Good Evaluation Planning – and why this matters Presentation by Elliot Stern to Evaluation Network Meeting January 16 th 2015.
1 Graduates’ Attributes : EMF, EUR-ACE and Federal Educational Standards Alexander I. Chuchalin, Chair of the RAEE Accreditation Board Graduates’ Attributes.
Regulatory Frameworks in OECD countries and their Relevance for India Nick Malyshev Senior Counsellor Public Governance and Territorial Development OECD.
EInfrastructures (Internet and Grids) US Resource Centers Perspective: implementation and execution challenges Alan Blatecky Executive Director SDSC.
May 14, May 14, 2015May 14, 2015May 14, 2015 Azusa, CA Sheldon X. Liang Ph. D. Software Engineering in CS at APU Azusa Pacific University, Azusa,
Implementing Values through Community Action Research Dr Josephine Bleach
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
Thee-Framework for Education & Research The e-Framework for Education & Research an Overview TEN Competence, Jan 2007 Bill Olivier,
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 1 Slide 1 An Introduction to Software Engineering.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 1 Slide 1 An Introduction to Software Engineering.
Requirement Engineering – A Roadmap
CS351 - Software Engineering (AY2005)1 What is software engineering? Software engineering is an engineering discipline which is concerned with all aspects.
Overview of the Multos construction process Chad R. Meiners.
SCHOOL OF INFORMATION UNIVERSITY OF MICHIGAN Success Factors for Collaboratories Gary M. Olson Collaboratory for Research on Electronic Work School of.
SE 112 Slide 1 SE 112 l
Romaric GUILLERM Hamid DEMMOU LAAS-CNRS Nabil SADOU SUPELEC/IETR ESM'2009, October 26-28, 2009, Holiday Inn Leicester, Leicester, United Kingdom.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 1 Slide 1 System and Software Engineering.
WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.
{ Senate Hearing Project Kathryn Gustafson Farmington High School.
Critical Role of ICT in Parliament Fulfill legislative, oversight, and representative responsibilities Achieve the goals of transparency, openness, accessibility,
EFFECTING CULTURAL CHANGE IN RESEARCH ETHICS AND INTEGRITY Encouraging a culture of research integrity Andrew C. Rawnsley.
CDU – School of Information Technology HIT241 Professional Practice… - Slide 1 IT Project Management ACS - Core Body of Knowledge In Australia in November.
Margaret J. Cox King’s College London
Section 02Systems Documentation1 02 Systems Documentation And Franchise Colleges By MANSHA NAWAZ.
Transboundary Conservation Governance: Key Principles & Concepts Governance of Transboundary Conservation Areas WPC, Sydney, 17 November 2014 Matthew McKinney.
Software Engineering ‘The establishment and use of sound engineering principles (methods) in order to obtain economically software that is reliable and.
1 An Introduction to Software Engineering. 2 Objectives l To introduce software engineering and to explain its importance l To set out the answers to.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 1 Slide 1 Software Engineering The first lecture.
Software engineering. What is software engineering? Software engineering is an engineering discipline which is concerned with all aspects of software.
ESPON Seminar 15 November 2006 in Espoo, Finland Review of the ESPON 2006 and lessons learned for the ESPON 2013 Programme Thiemo W. Eser, ESPON Managing.
European Broadband Portal Phase II Application of the Blueprint for “bottom-up” broadband initiatives.
Chapter 1: Introduction Omar Meqdadi SE 2730 Lecture 1 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.
The Brain Project – Building Research Background Part of JISC Virtual Research Environments (Phase 3) Programme Based at Coventry University with Leeds.
The roots of innovation Future and Emerging Technologies (FET) Future and Emerging Technologies (FET) The roots of innovation Proactive initiative on:
© 2012 xtUML.org Bill Chown – Mentor Graphics Model Driven Engineering.
JOINING UP GOVERNMENTS EUROPEAN COMMISSION Establishing a European Union Location Framework.
1 4/23/2007 Introduction to Grid computing Sunil Avutu Graduate Student Dept.of Computer Science.
E-Science Projects and Security M. Angela Sasse & Mike Surridge.
An Introduction to Software Engineering. Communication Systems.
What IS a Journeyman Programmer? Why this program?
Combining Theory and Systems Building Experiences and Challenges Sotirios Terzis University of Strathclyde.
Software Engineering Prof. Ing. Ivo Vondrak, CSc. Dept. of Computer Science Technical University of Ostrava
Overview of Issues and Interests in Standards and Interoperability Mary Saunders Chief, Standards Services Division NIST.
School Improvement Partnership Programme: Summary of interim findings March 2014.
Marv Adams Chief Information Officer November 29, 2001.
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
Supporting policy development in the field of ICH in Africa CONCLUSIONS Constantine — ALGERIA 28 September to 2 October 2015.
Why to care about research?
Requirements Analysis
EUNetPaS is a project supported by a grant from the EAHC. The sole responsibility for the content of this presentation lies with the author(s). The EAHC.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 1 Slide 1 An Introduction to Software Engineering.
Responsive Innovation for Disaster Mitigation Gordon A. Gow University of Alberta.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
 The processes used for RE vary widely depending on the application domain, the people involved and the organisation developing the requirements.  However,
Educational contributions to cohesion and well-being in European social and institutional life.
Stages of Research and Development
An Introduction to Software Engineering
Quality and Qualifications Ireland and its Functions
CS385T Software Engineering Dr.Doaa Sami
Presentation transcript:

Security Lessons from the EGSO Project An Experience Report Clare Gryce University College London

Overview EGSO – Some background Characteristics of EGSO project environment EGSO and security EGSO as typical e-Science project Why is security such a problem anyway? Indications for future work Some Lessons learned

EGSO – Some Background European Grid of Solar Observations EC 5 th Framework programme –IST –2002 – 2005 –5 European countries (12 institutions) –Collaborations in USA Data Grid application –Access to, and management of distributed data

EGSO – The Application Virtual Solar Observatory Solar Scientists –Solar Physicists –Space Weather Community –Astrophysicists Distributed, heterogeneous data archives

EGSO Project Environment 12 institutions in 5 countries (+ USA) Diversity of expertise and backgrounds Stakeholders playing multiple roles Staggered starts Biases and ideas about technology choices lack of rigorous process ad-hoc sequence of activities

EGSO Security : Specification [1] User and Science Requirements Document –High-level requirements –Authorisation and Authentication –Requirements partially specified by mechanisms SE03MThe system shall allow consumers to gain access to resources through user authorization

EGSO Security : Specification [2] Focussing on hows rather than whys: I need the car to drive to the shops I need to get to the supermarket Reasoning about requirements not clear Solution Space constrained or…

Asking Questions… I need the car to drive to the shops why? Drive to the shops in the car Order a take-away Check the freezer Invite yourself round to the neighbours BBQ Im hungry! I need to get to the supermarket why? I need to get some food for dinner why?

EGSO Security : Technology Hoping for a magic bullet –Assume a technology solution exists… –How to recognise it? CA

EGSO Security : Priorities Focus on Functional Requirements Non-functional requirements low priority –Performance –Usability –Security get the system working first! –Early demonstrations needed

AEGIS (Flechais et al 2002) Appropriate and Effective Guidance for Information Security Identify system assets in operational context –People –Hardware –Data Assign values to asset properties –Confidentiality –Integrity –Availability

AEGIS : Benefits of Approach [1] Facilitated analysis of security concerns Identify areas of uncertainty/open issues …there are known knowns, there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns - the ones we don't know we don't know…

AEGIS : Benefits of Approach [2] Systematic, reflective analysis of security issues Have to think about the whys –Why do we think we need authorisation? –What are we actually trying to achieve? –Independent of hows (mechanisms) Semi-formal graphic representation –Intuitive subset of UML –Understood by all participants

AEGIS : Outcomes Improved understanding of problem space Commitment to shared conceptual model Indications of open issues/problem areas –E.g. Availability - need to consider how back-ups are locally managed Some good news! –Authorisation not so critical (80/20 rule)

EGSO – A Typical e-Science Project? Creation of a Virtual Organisation (VO) (EGSO - a virtual Solar Observatory) Distributed development (EGSO - 12 institutions in 5 countries) Expertise from diverse domains (EGSO - solar scientists, computer scientists, engineers) Blurred stakeholder boundaries (EGSO - scientists are Users and Developers) Abundance of tools, emerging technologies

Security for e-Science - Why so Hard? Technical complexity –Heterogeneity –Distribution Also social complexity –Heterogeneity –Distribution Security depends on social infrastructure! Need well defined processes (communication, conflict resolution) Need human-factors expertise!

Functional and Non-Functional Requirements Non-functional requirements often neglected Functional requirements –Primary purpose(s) of system –Specify in concrete terms Non-functional requirements –Constraints on fulfilment –Harder to specify –Lack of metrics

Specifying Requirements A functional requirement The system should enable Users to upload their code to the system holding the data A non-functional requirement The system should ensure that only Users who are known and trusted by the system holding the data can upload their code to it ? ?

Knowing the un-Knowable? The infrastructure designed for e-Science will revolutionise the way in which scientists communicate both physically and virtually… …revolutionise the working habits of research scientists… …revolutionise scientific practise… How far can we nail down security requirements?

EGSO Security : Next Steps… Core functionality still top priority But awareness of security increased! AEGIS –Asset model will inform security design –Technology choices Other Requirements and Constraints –Users –Administrators –Budget? Usability? Network policies?

The (Even) Bigger Picture … Not just users and administrators Other stakeholders? –Other e-science projects, other grids? –Regulatory bodies –Standards bodies –Public interest Changing security requirements –User expectations likely to evolve –How can we accommodate them?

Research Indications Stakeholder modelling –Model system stakeholders and their rships: With each other With the system –Capture further contextual information (application independent) Roles, responsibilities, regulators? Other tacit information? Application of Systems Science principles –Systems operate within suprasystems –Grids as open systems

Conclusions - Lessons Learned [1] Need for process –Methods from SE and design theory? –Not just sequential activities! Solutions appropriate to project environment –Lightweight methods –AEGIS Expand domain of enquiry –Social infrastructure and context –Suprasystem

Conclusions - Lessons Learned [2] Clarify partner roles for improved communication and conflict resolution –Who owns the problem? –Need security advocate –Viewpoints? Focus on non-functional requirements –Unambiguous, amenable to validation –Keep asking (probing) questions! –Goal Decomposition Techniques?

References and Acknowledgements EGSO AEGIS (I Flechais, A Sasse) Flechais et al in Proc. NSPW 2003 Goal Decomposition Techniques/Viewpoints Any other questions…

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.