Award Abstract # 2232911
CICI: UCSS: ScienceAccess: Enabling Zero-Trust Resource Access Management for Scientific Collaborations

NSF Org: OAC
Office of Advanced Cyberinfrastructure (OAC)
Recipient: ARIZONA STATE UNIVERSITY
Initial Amendment Date: August 29, 2022
Latest Amendment Date: August 29, 2022
Award Number: 2232911
Award Instrument: Standard Grant
Program Manager: Daniel F. Massey
dmassey@nsf.gov  (703)292-5147
OAC  Office of Advanced Cyberinfrastructure (OAC)
CSE  Directorate for Computer and Information Science and Engineering
Start Date: October 1, 2022
End Date: September 30, 2026 (Estimated)
Total Intended Award Amount: $591,664.00
Total Awarded Amount to Date: $591,664.00
Funds Obligated to Date: FY 2022 = $591,664.00
History of Investigator:
  • Gail-Joon Ahn (Principal Investigator)
     gahn@asu.edu
  • Carlos Rubio-Medrano (Co-Principal Investigator)
  • Jaejong Baek (Co-Principal Investigator)
Recipient Sponsored Research Office: Arizona State University
 660 S MILL AVENUE STE 204
 TEMPE
 AZ  US  85281-3670
(480)965-5479
Sponsor Congressional District: 04
Primary Place of Performance: Arizona State University
 660 S MILL AVE STE 312
 TEMPE
 AZ  US  85281-3670
Primary Place of Performance
Congressional District:		 04
Unique Entity Identifier (UEI): NTLHJXM55KZ6
Parent UEI:
NSF Program(s): Cybersecurity Innovation
Primary Program Source: 01002223DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s): 7203, 7569, 7928, 8027, 9102
Program Element Code(s): 802700
Award Agency Code: 4900
Fund Agency Code: 4900
Assistance Listing Number(s): 47.070

ABSTRACT

Scientific collaborations tremendously contribute to advancing science by allowing to share diverse resources including real data, high-performance computing, network channel, and so on. Since multiple stakeholders are involved in accessing those resources, it is critical to regulate resource sharing activities based on a series of access mediation security policies (AM-Policies) that fulfill requirements and constraints from various institutions, collaborative teams, and researchers. Such policy-driven approach would help achieve important challenges in scientific collaborations: fairness in resource sharing and risk management in dealing with digital assets. However, such AM-Policies have been specified, evaluated and enforced in an ad-hoc, semi-formal, and incomplete way: (i) scientists still need to write their own AM-Policies without having expressiveness power in policy specification, making it difficult for them to correctly articulate their specific needs. (ii) the evaluation and enforcement of AM-Policies across multiple local institutions and administrators are limited. (iii) there is also limited support for systematically collecting security-relevant data that needs to evaluate policies at run-time.

To address these challenges, this project develops ScienceAccess, a federated framework supporting the storage, retrieval, evaluation, and enforcement of AM-Policies that allows for scientists and administrators to manage their resource sharing needs with a high degree of autonomy. Ultimately, ScienceAccess attempts to produce the following outcomes: (i) new insights to articulate AM-Policies for effectively sharing resources and real-world experiments with existing cyberinfrastructures including the Arizona Federated Open Research Computing Enclave (AFORCE) and Science DMZ; (ii) new innovative techniques to efficiently specify, evaluate, and manage AM-Policies with the notion of a Zero-Trust security, including the automated collection and distribution of security-relevant information in the form of attributes between independently-run scientific institutions; and (iii) assessments, guidelines, and best practices for future deployments of ScienceAccess framework.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Note:  When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

Baek, Jaejong and Soundrapandian, Pradeep Kumar and Kyung, Sukwha and Wang, Ruoyu and Shoshitaishvili, Yan and Doupé, Adam and Ahn, Gail-Joon "Targeted Privacy Attacks by Fingerprinting Mobile Apps in LTE Radio Layer" 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) , 2023 https://doi.org/10.1109/DSN58367.2023.00035 Citation Details
Claramunt, Luis and Rubio-Medrano, Carlos and Baek, Jaejong and Ahn, Gail-Joon "SpaceMediator: Leveraging Authorization Policies to Prevent Spatial and Privacy Attacks in Mobile Augmented Reality" SACMAT '23: Proceedings of the 28th ACM Symposium on Access Control Models and Technologies , 2023 https://doi.org/10.1145/3589608.3593839 Citation Details
Hopkins, Jacob and Rubio-Medrano, Carlos "SecureCheck: User-Centric and Geolocation-Aware Access Mediation Contracts for Sharing Private Data" , 2024 https://doi.org/10.1145/3649158.3657050 Citation Details
Mondragon, Jennifer and Cruz, Gael and Shastri, Dvijesh and Rubio-Medrano, Carlos E "Circles of Trust: A Voice-Based Authorization Scheme for Securing IoT Smart Homes" , 2024 https://doi.org/10.1145/3649158.3657044 Citation Details

Please report errors in award information by writing to: awardsearch@nsf.gov.

Print this page

Back to Top of page

Top