CICI: Secure Data Architecture: Ensuring Data Integrity at the Beginning of the Scientific Workflow; A Mini-ScienceDMZ for Instruments

CICI：安全数据架构：在科学工作流程开始时确保数据完整性；

• 批准号: 1547099
• 负责人: Steven Wallace
• 金额: $ 48.85万
• 依托单位: Indiana University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-01-01 至 2018-12-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1547099&HistoricalAwards=false
• 关键词: CICI; Secure; Data; Architecture; Ensuring

Modern scientific instruments such as telescopes, electron microscopes, and DNA sequencers, capture and process data using on-board computers. These on-board computers transform what the instrument "sees" into digital data. In the case of a telescope, the onboard computer converts the lens' focused image into a digital jpeg file. Like most computers, these instruments are vulnerable to network-based attacks, which risk compromising data and harming the instrument. When an instrument is compromised via a network attack, the science it supports grinds to a halt. To ensure that researchers can maintain the control and integrity of their instruments and data, this project develops a device that works with the instruments' on-board computers to prevent unauthorized access and manipulation of data. The device serves as both a firewall for the instrument and as a data transfer system that ensures data collected by instrument is not altered. Technology developed through this project will have broader applications like protecting medical devices, industrial machines, and aircraft.The project designs, develops, and tests the deployment of a small device that functions as a firewall, large file transfer facility, and network performance monitor. The device consists of a small, low-power box positioned between the instrument and the campus network. Firewall policies are configurable by the researcher (or their designate) via a cloud-based portal. The file transfer facility will transfer large data files over long distances, while maintaining reliable performance. This facility will also digitally sign files, so data integrity can be verified throughout the science workflow. In turn, the network performance monitor will interface with associated online systems, so performance bottlenecks can be easily identified. Ultimately, this architecture and implementation will ensure optimal data processing while safeguarding the integrity of the instrument and its data throughout the scientific workflow.

现代科学仪器，如望远镜、电子显微镜和DNA测序仪，使用机载计算机捕获和处理数据。这些车载计算机将仪器“看到”的东西转换成数字数据。在望远镜的情况下，机载计算机将镜头的聚焦图像转换为数字jpeg文件。像大多数计算机一样，这些仪器很容易受到基于网络的攻击，这些攻击有可能危及数据并损害仪器。当一台仪器因网络攻击而遭到破坏时，它所支持的科学就会陷入停顿。为了确保研究人员能够保持他们的仪器和数据的控制和完整性，该项目开发了一种设备，可以与仪器的机载计算机一起工作，以防止未经授权访问和操纵数据。该设备既是仪器的防火墙，也是确保仪器收集的数据不会被更改的数据传输系统。通过该项目开发的技术将有更广泛的应用，如保护医疗设备、工业机械和飞机。该项目设计、开发和测试一种具有防火墙、大型文件传输设施和网络性能监控器功能的小型设备的部署。该设备由一个位于仪器和校园网之间的小而低功率的盒子组成。研究人员(或其指定人员)可通过基于云的门户配置防火墙策略。文件传输设施将远距离传输大型数据文件，同时保持可靠的性能。该设施还将对文件进行数字签名，因此数据完整性可以在整个科学工作流程中得到验证。反过来，网络性能监控器将与相关的在线系统交互，因此可以很容易地识别性能瓶颈。最终，这种架构和实施将确保最佳的数据处理，同时在整个科学工作流程中保护仪器及其数据的完整性。