wiki:Security

Version 35 (modified by bbaker, 11 years ago) (diff)

--

Security

Overview

LSST has two apparently conflicting goals:

  • Openness - generous access to data by scientists and the public
  • Security - reliable infrastructure and long-term data integrity

As a large and publicly exciting project, LSST can expect to attract many kinds of interest, ranging from scientific curiosity to active attacks. We must ensure that we:

  • Encourage engagement by providing access to data
  • Prepare for both attacks and disasters
  • Ensure the functioning of our essential data-collection pipeline
  • Protect the long-term integrity of our data

Important Dates

  • May 15 - Annotated Outline
  • August 2008 - Release Candidate for inclusion in NSF PDR
  • October 2008 - NSF PDR due

Types of Security

  1. Physical Security -- buildings, networks, cables, electric power, physical machines
  2. System-level Security -- operating systems, processes, file systems, local user accounts & root access
  3. Applications -- services, registries, trust networks, bandwidth management
  4. User Access -- personal workspaces, job management, user interfaces

Sites

See also a table of LSST security realms.

  • Mountaintop
    • Network access strictly through base facility
    • Important roles: Buffering, Network transfer to Base Facility
  • Base facility (at La Serena)
    • [Who can access?]
    • No public access (all through collocated Data Access Center)
    • Nightly processing (real-time)
    • Data transferred to Archive Center
  • Archive Center (at NCSA)
    • [Who can access?]
    • Data Archive
    • Primary data processing
  • Data access Centers
    • Operated by LSST
      1. Collocated with the Archive Center (NCSA)
      2. Collocated with Base Facility (La Serena)
      3. San Diego
      4. Education and Public Outreach (EPO)
    • Possibly others, independently funded

Shared Facilities

Where LSST shares a site, we can expect to collaborate with other organizations on security, especially physical security.

  • NCSA
    • The LSST Archive Center will be housed in NCSA's Petascale Computing Facility, which will also house the NSF supercomputing cluster Blue Waters, expected to come online in 2011.
    • NCSA's security policy document is linked below.

[Needed: list of other organizations whose facilities we will share]

Questions

How does security policy relate to:

  • Disaster preparedness?
  • Application performance? In particular, denial-of-service that exploits expensive computations?
  • Measuring and ensuring data integrity?
  • Data provenance (especially the relationship between authentication and data provenance)?

Related Documents

NCSA Security Policies

NOAO Security Policies

Guides

Document Template Collections

Attachments