CICI:UCSS:Securing an Open and Trustworthy Ecosystem for Research Infrastructure and Applications (SOTERIA)

CICI：UCSS：确保研究基础设施和应用的开放且值得信赖的生态系统（SOTERIA）

• 批准号: 2115148
• 负责人: Robert Gardner
• 金额: $ 50万
• 依托单位: University of Chicago
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-09-01 至 2024-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2115148&HistoricalAwards=false
• 关键词: CICI; UCSS; Securing; Open; Trustworthy

Managing a secure software environment is essential to a trustworthy cyberinfrastructure.Software supply chain attacks may be a top concern for IT departments, but they are also anaspect of scientific computing. The threat to scientific reputation caused by problematic softwarecan be just as dangerous as an environment contaminated with malware. The issue ofmanaging environments affects any individual researcher performing computational researchbut is more acute for multi-institution scientific collaborations as they often preside over complexsoftware stacks and must manage software environments across many distributed computingresources. Increasingly, these collaborations and individual investigators have turned to Linuxcontainer images (packing application software, operating system and other needed librariesinto one entity) for their platform portability and scientific reproducibility advantages. However, indoing so new software sources from both public and private repositories are introduced into thesupply chain, thus bringing new risks. The Securing an Open and Trustworthy Ecosystem forResearch Infrastructure and Applications (SOTERIA) project is an element within NSF's fabric ofcoordinated Cyberinfrastructure that helps collaborations avoid security pitfalls while reducingthe burden of scientific software management. SOTERIA aims to provide researchers withimproved discoverability, visibility, and traceability of their software environments.SOTERIA operates a container registry for open science. The registry has been customized tomeet the unique needs of the scientific environment, including associating the researcher’sidentity with container images, providing image security scanning and introspection (visibility),and integration with other digital object identification and archiving services. SOTERIA alsooperates a container distribution service with tools to trace image provenance through theecosystem. Finally, as the challenge of managing secure software environments goes farbeyond container security, SOTERIA provides training and education on best practices tailoredto researchers.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

管理一个安全的软件环境对于一个值得信赖的网络基础设施至关重要。软件供应链攻击可能是IT部门最关心的问题，但它们也是科学计算的一个方面。有问题的软件对科学声誉的威胁可能与被恶意软件污染的环境一样危险。管理环境的问题会影响到任何进行计算研究的研究人员，但对于多机构科学合作来说更为严重，因为他们经常主持复杂的软件栈，并且必须管理许多分布式计算资源的软件环境。越来越多的合作和个人研究者转向Linux容器映像（将应用软件、操作系统和其他所需的库打包到一个实体中），以获得平台可移植性和科学可重复性的优势。然而，在这样做的过程中，来自公共和私人存储库的新软件源被引入供应链，从而带来了新的风险。保护研究基础设施和应用程序的开放和值得信赖的生态系统（SOTERIA）项目是NSF协调网络基础设施结构中的一个元素，有助于协作避免安全隐患，同时减轻科学软件管理的负担。SOTERIA旨在为研究人员提供其软件环境的改进的可扩展性，可见性和可追溯性。SOTERIA为开放科学提供了一个容器注册表。该登记处经过定制，以满足科学环境的独特需求，包括将研究人员的身份与容器图像相关联，提供图像安全扫描和内省（可见性），以及与其他数字对象识别和存档服务的集成。SOTERIA还运营着一个容器分发服务，该服务提供了通过生态系统追踪图像来源的工具。最后，由于管理安全软件环境的挑战远远超出了容器安全，SOTERIA为研究人员提供了针对最佳实践的培训和教育。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。