CICI:UCSS:Securing an Open and Trustworthy Ecosystem for Research Infrastructure and Applications (SOTERIA)

CICI：UCSS：确保研究基础设施和应用的开放且值得信赖的生态系统（SOTERIA）

• 批准号: 2115148
• 负责人: Robert Gardner
• 金额: $ 50万
• 依托单位: University of Chicago
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-09-01 至 2024-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2115148&HistoricalAwards=false
• 关键词: CICI; UCSS; Securing; Open; Trustworthy; CICI; UCSS; Securing; Open; Trustworthy

Managing a secure software environment is essential to a trustworthy cyberinfrastructure.Software supply chain attacks may be a top concern for IT departments, but they are also anaspect of scientific computing. The threat to scientific reputation caused by problematic softwarecan be just as dangerous as an environment contaminated with malware. The issue ofmanaging environments affects any individual researcher performing computational researchbut is more acute for multi-institution scientific collaborations as they often preside over complexsoftware stacks and must manage software environments across many distributed computingresources. Increasingly, these collaborations and individual investigators have turned to Linuxcontainer images (packing application software, operating system and other needed librariesinto one entity) for their platform portability and scientific reproducibility advantages. However, indoing so new software sources from both public and private repositories are introduced into thesupply chain, thus bringing new risks. The Securing an Open and Trustworthy Ecosystem forResearch Infrastructure and Applications (SOTERIA) project is an element within NSF's fabric ofcoordinated Cyberinfrastructure that helps collaborations avoid security pitfalls while reducingthe burden of scientific software management. SOTERIA aims to provide researchers withimproved discoverability, visibility, and traceability of their software environments.SOTERIA operates a container registry for open science. The registry has been customized tomeet the unique needs of the scientific environment, including associating the researcher’sidentity with container images, providing image security scanning and introspection (visibility),and integration with other digital object identification and archiving services. SOTERIA alsooperates a container distribution service with tools to trace image provenance through theecosystem. Finally, as the challenge of managing secure software environments goes farbeyond container security, SOTERIA provides training and education on best practices tailoredto researchers.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

管理安全的软件环境对于值得信赖的网络基础架构至关重要。软件供应链攻击可能是IT部门的主要问题，但他们也对科学计算进行了分析。有问题的软件引起的科学审查威胁与被恶意软件污染的环境一样危险。管理环境的问题会影响任何执行计算研究的个人研究人员，但对于多机构科学合作而言，他们经常主持复杂的软件堆栈，并且必须管理许多分布式计算资源的软件环境。这些合作和个人调查人员越来越多地转向LinuxContainer图像（包装应用程序软件，操作系统和其他所需的库为一个实体），以实现其平台可移植性和科学可重复性的优势。但是，将公共和私人存储库的新软件来源引入供应链中，从而带来了新的风险。确保开放且值得信赖的生态系统用于研究基础架构和应用程序（Soteria）项目是NSF协调的网络基础设施结构中的一个要素，可帮助协作避免安全陷阱，同时减少科学软件管理的燃烧。 Soteria的目的是为研究人员提供其软件环境的可发现性，可见性和可追溯性。Soteria为开放科学运行一个容器注册表。该注册表已被定制为Tomeet的科学环境的独特需求，包括将研究人员的身份与容器图像相关联，提供图像安全扫描和内省（可见性），以及与其他数字对象识别和归档服务的集成。 Soteria还使用具有工具来操纵容器分配服务，以通过Theecosystem跟踪图像出处。最后，随着管理安全软件环境的挑战是Farbeyond集装箱安全性的，Soteria提供了针对研究人员量身定制的最佳实践的培训和教育。该奖项反映了NSF的法定任务，并被认为是通过基金会的智力优点和更广泛影响的评估来评估的审查标准。