SlideShare a Scribd company logo

Thoughts on Cybersecurity

Download as PPTX, PDF
F
Frank Wuerthwein

The document discusses the integration of cybersecurity within large-scale international scientific collaborations, emphasizing the use of cloud resources for research. It highlights the challenges of security in federated computing environments and the importance of a globally integrated cyberinfrastructure for scientific advancement. Ultimately, it argues that while cybersecurity is critical, the requirements for open academic research should adapt to the realities of contemporary cloud computing practices.

Science
Related topics:
Computer Security
1 of 25
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Thoughts on Cybersecurity informed by large international science & the Open Science Grid Frank Würthwein OSG Executive Director UCSD/SDSC
Let’s reset your perception first
Jensen Huang keynote @ SC19 3 The Largest Cloud Simulation in History 50k NVIDIA GPUs in the Cloud 350 Petaflops for 2 hours Distributed across US, Europe & Asia Saturday morning before SC19 we bought all GPU capacity that was for sale in Amazon Web Services, Microsoft Azure, and Google Cloud Platform worldwide
Science with 51,000 GPUs achieved as peak performance 4 Time in Minutes Each color is a different cloud region in US, EU, or Asia. Total of 28 Regions in use. Peaked at 51,500 GPUs ~380 Petaflops of fp32 I can purchase a 300PFLOP32 hour in the cloud for $15k today and nobody asks me any questions about cybersecurity. • Nothing about my nationality or visa or … • Nothing about two-factor authentication or my software • Everything is wide open on the internet
Should cybersecurity requirements imposed on open academic research executed at on- prem resources be adjusted to the realities of executing the same research on cloud resources ?
Science is an International Team Sport
Science is a Team Sport 7
The ATLAS Collaboration 8 ∼200 institutions across ∼40 countries
Cybersecurity enabling Science • Humanity has built extraordinary instruments by pooling human and financial resources globally. • To derive science from the data and simulations for those instruments requires globally integrated Cyberinfrastructure. • Cybersecurity is enabling this science.  Policy framework  Operational security  Infrastructure software 9 Disk space use per site by CMS
XENON Collaboration as a “Midscale” Instrument Example
XENON1T Storage & Processing Challenge • Experiment in Gran Sasso, Italy • Tape Archive in Sweden • Disk storage in 7 locations across Holland, Italy, Israel, France, USA  Petabyte of data divided into 20k datasets • Compute sites on EGI, OSG, and NSF HPC allocation 11 OSG took on the integration challenge via ”embedded” technical support.
XENON1T Globally Integrated Infrastructure 12 NIKHEF Amsterdam SURFSara Amsterdam Comet XD Allocation IN2P3 Lyon Weizman Tel Aviv OSG integrates HPC allocations, contributions from collaborators, and opportunistic capacity into a single platform to do science on.
Resource Federation
OSG Compute Federation 14 OSG federates ~200 clusters worldwide Owners determine policy of use. Many allow opportunistic use of spare capacity. > 2 Billion CPU core hours per year
Federation Principle • Any provider can bring their resources to the table. • Truth in advertising:  Resource providers accurately specify (some) details about the resource. • Any consumer can decide which of the available resources they are willing to use. 15 OSG matches consumers to providers globally following policies expressed locally.
“NETFLIX” for Open Science • NETFLIX operates a CDN, providing streaming access to searchable curated data from anywhere at anytime to any subscriber. • For open science, the CDN needs to (in addition) be federated.  Anybody can share their data from their locally owned data origin into the CDN.  Data Access is mediated via caches in the network and at endpoints to minimize requirements on origins to maximally stimulate sharing.  Performance of data access is determined by location and performance of the closest cache rather than the data’s origin.  Locally defined and managed groups of users share data securely with each other globally. Data access is global. 16 Locally defined policies are enforced globally by the CDN
The OSG Data Federation 17 Cur r ent st ashcache infr ast r uct ur e (US) GaTech We operate a production “prototype” of such a CDN
Two Challenges to think about
Authz: Person vs Capability • Operations teams are a mix of ”permanent” staff and transients.  E.g. CERN pays for ”Operators” funded via ”authorship fees”. • Delegating a person’s identity to a computing activity in order to authenticate the activity at a remote server makes little sense. • Delegating a capability to a computing activity in order to authenticate it at a remote server makes a lot of sense. 19
Division of Responsibility • To maximize the capacity provided we need to minimize the effort required to provide it. • The services required for the CDN and/or compute federations are specialized and non-trivial.  Large learning curve to achieve low cost operations. 20 Service Operations is most (cost) effective when separated from hardware operations
Network Cache Ops Model • OSG supports the researchers using the Data Federation • OSG deploys & operates the caching middleware. • PRP, TNRP, I2, Regionals, … responsible for network performance. • Hardware owners operate hardware, OS install, and join K8S for container orchestration. 21 Science Applications Data Federation Services Network Performance Hardware & OS A layered approach to distributed DevOps Responsibility
Cybersecurity Issues (I) • Hardware owners only provide hardware  Deploy OS and Kubernetes. • Service Operators (I)  A team that operates the K8S cluster. • Service Operators (II)  A team that deploys and operates the CDN service as containers inside (and across generally multiple) K8S clusters. • Software Operations  A team that provides the container images 22 How do you design a security model that supports this structure?
Cybersecurity Issues (II) • Container Security Model • Security Model that allows hardware owners to give service responsibility to service operators.  Diverse requirements  Some institutions will want to operate their own K8S simply because of the level of control that implies.  Others won’t because of the level of effort it requires.  How do DOE and other National Labs fit into this?  How can a service provider in the US operate a service on hardware in EU and Asia? Or vice versa.  What about India, Pakistan, China, Iran, … pick your favorite country ….  How to deal with institutions that require US Citizenship even for SUDO access? 23 The set of issues and diversity of constraints seems endless And now think back to the beginning: All of this is trivial in the cloud!!!
Summary & Conclusions 24 • Humanity has built extraordinary instruments by pooling human and financial resources globally. • To derive science from the data and simulations for those instruments requires globally integrated Cyberinfrastructure. • Cybersecurity is enabling this science.  Policy framework  Operational security  Infrastructure software Contact us at: help@opensciencegrid.org Or me personally at: fkw@ucsd.edu
Acknowledgements • This work was partially supported by the NSF grants OAC-1941481, MPS-1148698, OAC-1841530, OAC-1904444, and OAC- 1826967 25

More Related Content

PDF
Bergman Enabling Computation for neuro ML external
azlefty
 
PDF
LambdaFabric for Machine Learning Acceleration
KnuEdge
 
PPTX
The Pacific Research Platform Two Years In
Larry Smarr
 
DOCX
Grid computing assiment
Huma Tariq
 
PDF
WekaIO: Making Machine Learning Compute Bound Again
inside-BigData.com
 
PPTX
Webinar: Three Reasons Why NAS is No Good for AI and Machine Learning
Storage Switzerland
 
PDF
Long Live Posix - HPC Storage and the HPC Datacenter
inside-BigData.com
 
PPTX
Welcome to the 2018 Stanford HPC Conference
inside-BigData.com
 
Bergman Enabling Computation for neuro ML external
azlefty
 
LambdaFabric for Machine Learning Acceleration
KnuEdge
 
The Pacific Research Platform Two Years In
Larry Smarr
 
Grid computing assiment
Huma Tariq
 
WekaIO: Making Machine Learning Compute Bound Again
inside-BigData.com
 
Webinar: Three Reasons Why NAS is No Good for AI and Machine Learning
Storage Switzerland
 
Long Live Posix - HPC Storage and the HPC Datacenter
inside-BigData.com
 
Welcome to the 2018 Stanford HPC Conference
inside-BigData.com
 

What's hot (20)

PPT
Grid
FajarZain
 
PDF
At the Crossroads of HPC and Cloud Computing with Openstack
Ryan Aydelott
 
PPTX
Grid computing
punjab engineering college, chandigarh
 
PPT
High Performance Cyberinfrastructure Enabling Data-Driven Science in the Biom...
Larry Smarr
 
PPTX
HPC Top 5 Stories: January 12, 2018
NVIDIA
 
PDF
Cloud Computing in D-Grid
Stefan Freitag
 
PDF
CloudLab Overview
Ed Dodds
 
PDF
Cloud Standards in the Real World: Cloud Standards Testing for Developers
Alan Sill
 
PPT
Grid Presentation
Marielisa Peralta
 
PPTX
Open Science Data Cloud (IEEE Cloud 2011)
Robert Grossman
 
PPTX
Bionimbus - Northwestern CGI Workshop 4-21-2011
Robert Grossman
 
PDF
OGF Standards Overview - ITU-T JCA Cloud
Alan Sill
 
PPTX
Open Science Data Cloud - CCA 11
Robert Grossman
 
PDF
OGF Introductory Overview - FAS* 2014
Alan Sill
 
PPTX
Cloud vs grid
Omid Sohrabi
 
PPT
Globus toolkit in grid
Deevena Dayaal
 
PPT
Grid computing ppt 2003(done)
TASNEEM88
 
PDF
"Implementing the TensorFlow Deep Learning Framework on Qualcomm’s Low-power ...
Edge AI and Vision Alliance
 
PDF
OCCI - The Open Cloud Computing Interface – flexible, portable, interoperable...
Alan Sill
 
PDF
Deep Learning Use Cases using OpenPOWER systems
Ganesan Narayanasamy
 
Grid
FajarZain
 
At the Crossroads of HPC and Cloud Computing with Openstack
Ryan Aydelott
 
Grid computing
punjab engineering college, chandigarh
 
High Performance Cyberinfrastructure Enabling Data-Driven Science in the Biom...
Larry Smarr
 
HPC Top 5 Stories: January 12, 2018
NVIDIA
 
Cloud Computing in D-Grid
Stefan Freitag
 
CloudLab Overview
Ed Dodds
 
Cloud Standards in the Real World: Cloud Standards Testing for Developers
Alan Sill
 
Grid Presentation
Marielisa Peralta
 
Open Science Data Cloud (IEEE Cloud 2011)
Robert Grossman
 
Bionimbus - Northwestern CGI Workshop 4-21-2011
Robert Grossman
 
OGF Standards Overview - ITU-T JCA Cloud
Alan Sill
 
Open Science Data Cloud - CCA 11
Robert Grossman
 
OGF Introductory Overview - FAS* 2014
Alan Sill
 
Cloud vs grid
Omid Sohrabi
 
Globus toolkit in grid
Deevena Dayaal
 
Grid computing ppt 2003(done)
TASNEEM88
 
"Implementing the TensorFlow Deep Learning Framework on Qualcomm’s Low-power ...
Edge AI and Vision Alliance
 
OCCI - The Open Cloud Computing Interface – flexible, portable, interoperable...
Alan Sill
 
Deep Learning Use Cases using OpenPOWER systems
Ganesan Narayanasamy
 
Ad

Similar to Thoughts on Cybersecurity (20)

PDF
The Open Science Grid and how it relates to PRAGMA
Igor Sfiligoi
 
PDF
MPLS/SDN 2013 Intercloud Standardization and Testbeds - Sill
Alan Sill
 
PDF
Amy Walton - NSF’s Computational Ecosystem for 21st Century Science & Enginee...
Larry Smarr
 
PDF
What Are Science Clouds?
Robert Grossman
 
PPT
Grid optical network service architecture for data intensive applications
Tal Lavian Ph.D.
 
PDF
Using the Open Science Data Cloud for Data Science Research
Robert Grossman
 
PPT
Cyberinfrastructure and Applications Overview: Howard University June22
marpierc
 
PDF
Future Science on Future OpenStack
Belmiro Moreira
 
PPTX
Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...
Ian Foster
 
PPTX
Past, present and future of advanced computing for data-driven science
EGI Federation
 
PDF
Response to Commerce Dept's IoT RFC
Bob Marcus
 
PDF
Panel: Open Infrastructure for an Open Society: OSG, Commercial Clouds, and B...
Larry Smarr
 
PDF
Panel: Open Infrastructure for an Open Society: OSG, Commercial Clouds, and B...
Larry Smarr
 
PDF
Panel: Open Infrastructure for an Open Society: OSG, Commercial Clouds, and B...
Larry Smarr
 
PPTX
OpenStack Paris 2014 - Federation, are we there yet ?
Tim Bell
 
PDF
Hpc, grid and cloud computing - the past, present, and future challenge
Jason Shih
 
PDF
DDDP 2019 - Brown to Green
John Archer
 
PPTX
20130529 openstack cee_day_v6
Tim Bell
 
PDF
ISC Cloud13 Sill - Crossing organizational boundaries in cloud computing
Alan Sill
 
PDF
Enabling Insight to Support World-Class Supercomputing (Stefan Ceballos, Oak ...
confluent
 
The Open Science Grid and how it relates to PRAGMA
Igor Sfiligoi
 
MPLS/SDN 2013 Intercloud Standardization and Testbeds - Sill
Alan Sill
 
Amy Walton - NSF’s Computational Ecosystem for 21st Century Science & Enginee...
Larry Smarr
 
What Are Science Clouds?
Robert Grossman
 
Grid optical network service architecture for data intensive applications
Tal Lavian Ph.D.
 
Using the Open Science Data Cloud for Data Science Research
Robert Grossman
 
Cyberinfrastructure and Applications Overview: Howard University June22
marpierc
 
Future Science on Future OpenStack
Belmiro Moreira
 
Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...
Ian Foster
 
Past, present and future of advanced computing for data-driven science
EGI Federation
 
Response to Commerce Dept's IoT RFC
Bob Marcus
 
Panel: Open Infrastructure for an Open Society: OSG, Commercial Clouds, and B...
Larry Smarr
 
Panel: Open Infrastructure for an Open Society: OSG, Commercial Clouds, and B...
Larry Smarr
 
Panel: Open Infrastructure for an Open Society: OSG, Commercial Clouds, and B...
Larry Smarr
 
OpenStack Paris 2014 - Federation, are we there yet ?
Tim Bell
 
Hpc, grid and cloud computing - the past, present, and future challenge
Jason Shih
 
DDDP 2019 - Brown to Green
John Archer
 
20130529 openstack cee_day_v6
Tim Bell
 
ISC Cloud13 Sill - Crossing organizational boundaries in cloud computing
Alan Sill
 
Enabling Insight to Support World-Class Supercomputing (Stefan Ceballos, Oak ...
confluent
 
Ad

Recently uploaded (20)

PPTX
Taita Taveta Laboratory Technician Workshop Presentation.pptx
CALVINCEOWINO
 
PDF
Biophysics 2.pdffffffffffffffffffffffffff
MiraMusleh
 
PPTX
Comparative Structure of Integument in Vertebrates.pptx
Dr Showkat Ahmad Wani
 
PPTX
BIOMOLECULES PPT........................
vachieagrawal1221
 
PPTX
Derivatives of integument scales, beaks, horns,.pptx
Dr Showkat Ahmad Wani
 
PPT
protein biochemistry.ppt for university classes
bayewodajo27
 
PPTX
ECG_Course_Presentation د.محمد صقران ppt
lelouchml1995
 
PDF
Phytochemical Investigation of Miliusa longipes.pdf
IrfanShahirSharafi
 
PDF
Unveiling a 36 billion solar mass black hole at the centre of the Cosmic Hors...
Sérgio Sacani
 
PDF
ELS_Q1_Module-11_Formation-of-Rock-Layers_v2.pdf
savannaesar07
 
PPTX
famous lake in india and its disturibution and importance
judesebina
 
PDF
bbec55_b34400a7914c42429908233dbd381773.pdf
agambirev
 
PPTX
2Systematics of Living Organisms t-.pptx
RachanaT6
 
PPT
The World of Physical Science, • Labs: Safety Simulation, Measurement Practice
joybejerano
 
PDF
Sciences of Europe No 170 (2025)
Sciences of Europe
 
PPTX
TOTAL hIP ARTHROPLASTY Presentation.pptx
hararghemssc
 
PDF
. Radiology Case Scenariosssssssssssssss
MiraMusleh
 
PDF
The scientific heritage No 166 (166) (2025)
The scientific heritage
 
PPTX
G5Q1W8 PPT SCIENCE.pptx 2025-2026 GRADE 5
Rodel Gordzkie
 
PPTX
DRUG THERAPY FOR SHOCK gjjjgfhhhhh.pptx.
vipvivek704
 
Taita Taveta Laboratory Technician Workshop Presentation.pptx
CALVINCEOWINO
 
Biophysics 2.pdffffffffffffffffffffffffff
MiraMusleh
 
Comparative Structure of Integument in Vertebrates.pptx
Dr Showkat Ahmad Wani
 
BIOMOLECULES PPT........................
vachieagrawal1221
 
Derivatives of integument scales, beaks, horns,.pptx
Dr Showkat Ahmad Wani
 
protein biochemistry.ppt for university classes
bayewodajo27
 
ECG_Course_Presentation د.محمد صقران ppt
lelouchml1995
 
Phytochemical Investigation of Miliusa longipes.pdf
IrfanShahirSharafi
 
Unveiling a 36 billion solar mass black hole at the centre of the Cosmic Hors...
Sérgio Sacani
 
ELS_Q1_Module-11_Formation-of-Rock-Layers_v2.pdf
savannaesar07
 
famous lake in india and its disturibution and importance
judesebina
 
bbec55_b34400a7914c42429908233dbd381773.pdf
agambirev
 
2Systematics of Living Organisms t-.pptx
RachanaT6
 
The World of Physical Science, • Labs: Safety Simulation, Measurement Practice
joybejerano
 
Sciences of Europe No 170 (2025)
Sciences of Europe
 
TOTAL hIP ARTHROPLASTY Presentation.pptx
hararghemssc
 
. Radiology Case Scenariosssssssssssssss
MiraMusleh
 
The scientific heritage No 166 (166) (2025)
The scientific heritage
 
G5Q1W8 PPT SCIENCE.pptx 2025-2026 GRADE 5
Rodel Gordzkie
 
DRUG THERAPY FOR SHOCK gjjjgfhhhhh.pptx.
vipvivek704
 

Thoughts on Cybersecurity

  • 1. Thoughts on Cybersecurity informed by large international science & the Open Science Grid Frank Würthwein OSG Executive Director UCSD/SDSC
  • 2. Let’s reset your perception first
  • 3. Jensen Huang keynote @ SC19 3 The Largest Cloud Simulation in History 50k NVIDIA GPUs in the Cloud 350 Petaflops for 2 hours Distributed across US, Europe & Asia Saturday morning before SC19 we bought all GPU capacity that was for sale in Amazon Web Services, Microsoft Azure, and Google Cloud Platform worldwide
  • 4. Science with 51,000 GPUs achieved as peak performance 4 Time in Minutes Each color is a different cloud region in US, EU, or Asia. Total of 28 Regions in use. Peaked at 51,500 GPUs ~380 Petaflops of fp32 I can purchase a 300PFLOP32 hour in the cloud for $15k today and nobody asks me any questions about cybersecurity. • Nothing about my nationality or visa or … • Nothing about two-factor authentication or my software • Everything is wide open on the internet
  • 5. Should cybersecurity requirements imposed on open academic research executed at on- prem resources be adjusted to the realities of executing the same research on cloud resources ?
  • 6. Science is an International Team Sport
  • 7. Science is a Team Sport 7
  • 8. The ATLAS Collaboration 8 ∼200 institutions across ∼40 countries
  • 9. Cybersecurity enabling Science • Humanity has built extraordinary instruments by pooling human and financial resources globally. • To derive science from the data and simulations for those instruments requires globally integrated Cyberinfrastructure. • Cybersecurity is enabling this science.  Policy framework  Operational security  Infrastructure software 9 Disk space use per site by CMS
  • 10. XENON Collaboration as a “Midscale” Instrument Example
  • 11. XENON1T Storage & Processing Challenge • Experiment in Gran Sasso, Italy • Tape Archive in Sweden • Disk storage in 7 locations across Holland, Italy, Israel, France, USA  Petabyte of data divided into 20k datasets • Compute sites on EGI, OSG, and NSF HPC allocation 11 OSG took on the integration challenge via ”embedded” technical support.
  • 12. XENON1T Globally Integrated Infrastructure 12 NIKHEF Amsterdam SURFSara Amsterdam Comet XD Allocation IN2P3 Lyon Weizman Tel Aviv OSG integrates HPC allocations, contributions from collaborators, and opportunistic capacity into a single platform to do science on.
  • 14. OSG Compute Federation 14 OSG federates ~200 clusters worldwide Owners determine policy of use. Many allow opportunistic use of spare capacity. > 2 Billion CPU core hours per year
  • 15. Federation Principle • Any provider can bring their resources to the table. • Truth in advertising:  Resource providers accurately specify (some) details about the resource. • Any consumer can decide which of the available resources they are willing to use. 15 OSG matches consumers to providers globally following policies expressed locally.
  • 16. “NETFLIX” for Open Science • NETFLIX operates a CDN, providing streaming access to searchable curated data from anywhere at anytime to any subscriber. • For open science, the CDN needs to (in addition) be federated.  Anybody can share their data from their locally owned data origin into the CDN.  Data Access is mediated via caches in the network and at endpoints to minimize requirements on origins to maximally stimulate sharing.  Performance of data access is determined by location and performance of the closest cache rather than the data’s origin.  Locally defined and managed groups of users share data securely with each other globally. Data access is global. 16 Locally defined policies are enforced globally by the CDN
  • 17. The OSG Data Federation 17 Cur r ent st ashcache infr ast r uct ur e (US) GaTech We operate a production “prototype” of such a CDN
  • 18. Two Challenges to think about
  • 19. Authz: Person vs Capability • Operations teams are a mix of ”permanent” staff and transients.  E.g. CERN pays for ”Operators” funded via ”authorship fees”. • Delegating a person’s identity to a computing activity in order to authenticate the activity at a remote server makes little sense. • Delegating a capability to a computing activity in order to authenticate it at a remote server makes a lot of sense. 19
  • 20. Division of Responsibility • To maximize the capacity provided we need to minimize the effort required to provide it. • The services required for the CDN and/or compute federations are specialized and non-trivial.  Large learning curve to achieve low cost operations. 20 Service Operations is most (cost) effective when separated from hardware operations
  • 21. Network Cache Ops Model • OSG supports the researchers using the Data Federation • OSG deploys & operates the caching middleware. • PRP, TNRP, I2, Regionals, … responsible for network performance. • Hardware owners operate hardware, OS install, and join K8S for container orchestration. 21 Science Applications Data Federation Services Network Performance Hardware & OS A layered approach to distributed DevOps Responsibility
  • 22. Cybersecurity Issues (I) • Hardware owners only provide hardware  Deploy OS and Kubernetes. • Service Operators (I)  A team that operates the K8S cluster. • Service Operators (II)  A team that deploys and operates the CDN service as containers inside (and across generally multiple) K8S clusters. • Software Operations  A team that provides the container images 22 How do you design a security model that supports this structure?
  • 23. Cybersecurity Issues (II) • Container Security Model • Security Model that allows hardware owners to give service responsibility to service operators.  Diverse requirements  Some institutions will want to operate their own K8S simply because of the level of control that implies.  Others won’t because of the level of effort it requires.  How do DOE and other National Labs fit into this?  How can a service provider in the US operate a service on hardware in EU and Asia? Or vice versa.  What about India, Pakistan, China, Iran, … pick your favorite country ….  How to deal with institutions that require US Citizenship even for SUDO access? 23 The set of issues and diversity of constraints seems endless And now think back to the beginning: All of this is trivial in the cloud!!!
  • 24. Summary & Conclusions 24 • Humanity has built extraordinary instruments by pooling human and financial resources globally. • To derive science from the data and simulations for those instruments requires globally integrated Cyberinfrastructure. • Cybersecurity is enabling this science.  Policy framework  Operational security  Infrastructure software Contact us at: help@opensciencegrid.org Or me personally at: fkw@ucsd.edu
  • 25. Acknowledgements • This work was partially supported by the NSF grants OAC-1941481, MPS-1148698, OAC-1841530, OAC-1904444, and OAC- 1826967 25