Version 34 (modified by bbaker, 11 years ago) (diff)




LSST has two apparently conflicting goals:

  • Openness - generous access to data by scientists and the public
  • Security - reliable infrastructure and long-term data integrity

As a large and publicly exciting project, LSST can expect to attract many kinds of interest, ranging from scientific curiosity to active attacks. We must ensure that we:

  • Encourage engagement by providing access to data
  • Prepare for both attacks and disasters
  • Ensure the functioning of our essential data-collection pipeline
  • Protect the long-term integrity of our data

Important Dates

  • May 15 - Annotated Outline
  • August 2008 - Release Candidate for inclusion in NSF PDR
  • October 2008 - NSF PDR due

Types of Security

  1. Physical Security -- buildings, networks, cables, electric power, physical machines
  2. System-level Security -- operating systems, processes, file systems, local user accounts & root access
  3. Applications -- services, registries, trust networks, bandwidth management
  4. User Access -- personal workspaces, job management, user interfaces


See also a table of LSST security realms.

  • Mountaintop
    • Network access strictly through base facility
    • Important roles: Buffering, Network transfer to Base Facility
  • Base facility (at La Serena)
    • [Who can access?]
    • No public access (all through collocated Data Access Center)
    • Nightly processing (real-time)
    • Data transferred to Archive Center
  • Archive Center (at NCSA)
    • [Who can access?]
    • Data Archive
    • Primary data processing
  • Data access Centers
    • Operated by LSST
      1. Collocated with the Archive Center (NCSA)
      2. Collocated with Base Facility (La Serena)
      3. San Diego
      4. Education and Public Outreach (EPO)
    • Possibly others, independently funded

Shared Facilities

Where LSST shares a site, we can expect to collaborate with other organizations on security, especially physical security.

  • NCSA
    • The LSST Archive Center will be housed in NCSA's Petascale Computing Facility, which will also house the NSF supercomputing cluster Blue Waters, expected to come online in 2011. NCSA's security policy document is linked below.

[Needed: list of other organizations whose facilities we will share]


How does security policy relate to:

  • Disaster preparedness?
  • Application performance? In particular, denial-of-service that exploits expensive computations?
  • Measuring and ensuring data integrity?
  • Data provenance (especially the relationship between authentication and data provenance)?

Related Documents

NCSA Security Policies

NOAO Security Policies


Document Template Collections