Berkeley Lab Computing Sciences Research is an active participant in a number of projects in the arena of security for scientific, high-performance computing systems and high-bandwidth research and education networks. Research sponsors have typically included DOE’s ASCR program, and the National Science Foundation (NSF) SaTC program and OAC office, among others.
Berkeley Lab’s cybersecurity goals are to research, develop, evaluate, adapt, and integrate advanced security and privacy solutions that enable or improve scientific workflows that may otherwise not be possible due to real or perceived security restrictions that, using today’s solution, impose onerous usability and/or performance constraints, thereby hindering scientific progress.
Berkeley Lab has had a leadership role in security in scientific computing environments for many years, including the development of the Zeek (Bro) Network Security Monitor, the 100G performance enhancements of Zeek (Bro), and Zeek (Bro)’s commercial spin-off, Corelight, Inc., as well as leading several DOE-sponsored activities related to defining a cybersecurity research program within the DOE Office of Science. Berkeley Lab is a co-lead of Trusted CI, the NSF Cybersecurity Center of Excellence.
Recent highlights of Berkeley Lab Computing Sciences’ cybersecurity R&D activities include:
Developing findings reports and solutions guides for scientific data integrity, scientific data confidentiality, software assurance in science, the security of operational technology in science, and building security into maritime and polar NSF Major Facilities by design.
Development of secure computation architectures optimized for scientific computing to ensure trustworthiness of scientific data from the edge to the HPC center.
Co-leading the development of the Open Science Cyber Risk Profile (OSCRP) — a document designed to help researchers understand the cyber risks to their work.
Development of the Medical Science DMZ design pattern as a method that allows data flows at scale while simultaneously addressing the HIPAA Security Rule and related regulations governing biomedical data and appropriately managing risk.
ASCR Cybersecurity for Scientific Computing Workshop, June 2–3, 2015 [report]
DOE Cybersecurity R&D Challenges for Open Science: Developing a Roadmap and Vision, January 24–26, 2007 [news, report]
Sean Peisert, Publication of the Trusted CI Roadmap for Securing Operational Technology in NSF Scientific Research — Nov. 16, 2022.
Ammar Haydari, Chen-Nee Chuah, Michael Zhang, Jane Macfarlane, and Sean Peisert, “Differentially Private Map Matching for Mobility Trajectories,” Proceedings of the 2022 Annual Computer Security Applications Conference (ACSAC), Austin, TX, December 5-9, 2022.
Andrew Adams, Emily K. Adams, Dan Gunter, Ryan Kiser, Mark Krenz, Sean Peisert, and John Zage. “Roadmap for Securing Operational Technology in NSF Scientific Research,” Trusted CI Report, November 16 2022.
Ayaz Akram, Venkatesh Akella, Sean Peisert, and Jason Lowe-Power, “SoK: Limitations of Confidential Computing via TEEs for High-Performance Compute Systems,” Proceedings of the 2022 IEEE International Symposium on Secure and Private Execution Environment Design (SEED), Sept. 26–27, 2022.
Ayaz Akram, Anna Giannakou, Venkatesh Akella, Jason Lowe-Power, and Sean Peisert, “Performance Analysis of Scientific Computing Workloads on General Purpose TEEs,” Proceedings of the 35th IEEE International Parallel & Distributed Processing Sysmposium (IPDPS), May 17–21, 2021.
Sean Peisert, Eli Dart, William K. Barnett, James Cuff, Robert L. Grossman, Edward Balas, Ari Berman, Anurag Shankar, and Brian Tierney, “The Medical Science DMZ: An Network Design Pattern for Data-Intensive Medical Science”, Journal of the American Medical Informatics Association (JAMIA), 25,(3):267–274, March 2018.
Sean Peisert, “Security in High-Performance Computing Environments”, Communications of the ACM (CACM), 60(9):72-80, September 2017.
Sean Peisert, Von Welch, Andrew Adams, Michael Dopheide, Susan Sons, RuthAnne Bevier, Rich LeDuc, Pascal Meunier, Stephen Schwab, and Karen Stocks, Ilkay Altintas, James Cuff, Reagan Moore, and Warren Raquel, “Open Science Cyber Risk Profile,” February 2017.
Sean Whalen, Sean Peisert, Matt Bishop, “Multiclass Classification of Distributed Memory Parallel Computations,” Pattern Recognition Letters (PRL), 34(3):322-329, February 2013.
Trusted CI new co-PIs: Peisert and Shute — Aug. 3, 2021
Summer Students Tackle COVID-19 — Oct. 21, 2020
Fantastic Bits and Why They Flip — Jun. 23, 2020
Into the Medical Science DMZ (Science Node) — March 23, 2018
Berkeley Lab Researchers Contribute to Making Blockchains Even More Robust — January 30, 2018
Mind the gap: Speaking like a cybersecurity pro — Feb. 10, 2017
Building a CENIC Security Strategy — Jan. 11, 2017