Last modified 10 years ago Last modified on 08/18/2008 12:53:22 PM


Openness vs. Security

LSST has two apparently conflicting goals:

  • Openness - generous access to data by scientists and the public
  • Security - reliable infrastructure and long-term data integrity

Openness and Performance

Offering generous and universal access very quickly becomes a matter of responding fairly to requests.

  • Popularity can look like a Denial of Service attack.

Security is necessary in order to protect openness

  • Security and performance are tightly linked
    • Need to clearly identify each user
    • Assign performance priority based on user type
    • Access to tools determined by user type (and skill)
  • Need to ensure that all receive something
    • Define what is fair, and be able to deliver it
    • prevent DOS, both accidental and malicious
  • Recruit DAC partners to distribute load


LSST will invite attacks because it is an exciting and prominent project

  • Denial of service
    • Application-based -- for example, queries that are expensive to execute, or a large number of queries
    • Network-based -- generic network DOS attacks (SYN flood etc.)
  • Break-in attempts
    • Application-level
    • System-level (SSH login, local accounts)

Purpose of this document

This document is an outline, intended to form the basis for a security plan for LSST Data Management. It is to:

  • Provide guidance on security during LSST's software development phase
  • Communicate our security plan to partners and funding organizations
  • Guide infrastructure plans

We envision two levels of detail of LSST's security plan:

  1. Requirements and Policy, which are the focus of this document
  2. Architecture and Implementation, which are addressed at an abstract level in this document -- possibly including examples of workable solutions -- but which we expect to evolve significantly as technologies and equipment become available

Important Dates

  • July 31 2008 - Draft for inclusion in NSF PDR (Prelimary Design Review)
  • October 2008 - Goal for NSF PDR readiness

Partners and sponsoring institutions

LSST shares infrastructure and operations with many scientific and academic institutions, and is sponsored by a broad base of governmental and private supporters. Some partners and sponsors have their own security requirements and arrangements that affect LSST.

  • Sponsors and Funding Agencies
    1. NSF The National Science Foundation is still formulating its security requirements for projects that it funds. NSF has asked that LSST include a security plan in the upcoming Preliminary Design Review (PDR) in October 2008. LSST will be working with other NSF-funded institutions, such as NCSA (see below) that have their own security policies and practices, which both LSST and NSF can look to for examples.
    2. DOE The Department of Energy generally has extremely strict security requirements for its projects. Since it is only sponsoring development and not operation of LSST, we do not expect to be required to follow DOE's security standards during operation; we will focus, instead, on NSF's requirements and on our own inherent security priorities.
    3. Private sponsors We are not aware of separate security requirements from private sponsors.
  • Partners and participating institutions that are helping to develop security plan
    1. NCSA (National Center for Supercomputer Applications, Illinois)
      • Experience operating large open-access computational science facilities
      • Will operate the Archive Center and a North American Data Access Center
      • Contributing to LSST software development
    2. NOAO (National Optical Astronomy Observatory)
      • Will operate LSST's South American infrastructure -- telescope, base station, and Chilean Data Access Center
      • Experience with big-data open-access astronomy with Sloan Digital Sky Survey
    3. IPAC (Infrared Processing and Analysis Center, Caltech)
    4. Ephibian
      • Security and software consultants with experience especially in defense
    5. SLAC (Stanford Linear Accelerator Center)
      • Experience operating secure DOE and NSF funded science projects
      • Contributing to LSST software development

Scratch stuff


Offering generous and universal access very quickly becomes a matter of responding fairly to requests. Experience with other astronomy survey projects, such as the Sloan Digital Sky Survey (SDSS), indicates that LSST should expect from the start to have more requests than it can answer, and to prioritize robustly. Further discussion can be found in the LSST Fault Tolerance document.