RENCI teams with Duke on networking research to make science more productive

NSF grant will address security issues of Network Infrastructure as a Service (NIaaS)

NetworkSecurity_large

CHAPEL HILL, NC – RENCI will lead a $1 million research project to securely automate and monitor the creation of virtual “superfacilities” that link scientists to multiple resources to increase their productivity.

The award from the National Science Foundation’s Cybersecurity Innovation for Cyberinfrastructure (CICI) program will provide three years of funding to RENCI’s Network Research and Infrastructure group and to partners in the Duke University computer science department and Duke’s Office of Information Technology.

As science becomes increasingly collaborative, scientists use more facilities that they access over networks, including scientific instruments, computing resources, and data repositories—so much so that some researchers have coined the term superfacilities to describe the integration of two or more facilities using high performance networks and data management. Today’s superfacilities are manually built for specific applications or communities, a fact that has limited their use to larger, long-lived projects.

The funding for the project called Secure and Resilient Architecture: Creating Dynamic Superfacilities the SAFE Way (SAFE superfacilities for short), will address one of the key challenges involved in automating the creation of scientific superfacilities: network security.

“We now have the basic building blocks to construct dynamic superfacilities on demand, which reduces cost and promises to make science more productive, but also introduces new security challenges,” said Paul Ruth, a senior distributed systems researcher at RENCI and a principal investigator on the project. “By design, dynamic network links that are used to set up superfacilities bypass campus security and security is typically deployed manually. If we can automate the authorization and security monitoring needed to keep these very fast and dynamic network links safe, we can make superfacilities feasible for a much wider range of scientists.”

The SAFE Superfacilities project brings together researchers and IT support organizations from RENCI, Duke, and the Department of Energy’s Energy Sciences network (ESnet) to create a general framework for automatically stitching together the dynamic network circuits needed to create virtual superfacilities for science, Science DMZs (campus networks optimized for scientific applications) and Software Defined Exchanges (SDX, software defined networking at Internet exchange points).

The researchers plan to use the SAFE logical trust system to authorize on-demand stitching of network links in two systems developed, deployed, and operated by RENCI, Duke, and their collaborators. One is the ExoGENI test bed, a widely distributed networked infrastructure-as-a-service (NIaaS) platform for experimentation and computational tasks; the other is Duke’s Software-Defined Science Network (SDSN) campus network exchange. The research team also will deploy security for monitoring traffic on dedicated channels used to manage network devices, commonly known as out-of-band management.

“We want this work to serve as a model for enhancing the security and flexibility of science networking while maintaining high performance, friction-free network paths between campus scientists and remote facilities,” said Jeff Chase, professor of computer science at Duke University and Duke’s PI on the project. “The bottom line is to enable the creation of secure networks on-the-fly that serve the needs of scientists. That kind of network infrastructure will make science more productive and less costly.”