Conveners
Networking, Security, Infrastructure & Operations: I
- David Groep (Nikhef)
Networking, Security, Infrastructure & Operations: II
- David Kelsey (STFC-RAL)
Networking, Security, Infrastructure & Operations: III
- Volker GUELZOW (DESY)
Networking, Security, Infrastructure & Operations: IV
- David Groep (Nikhef)
Networking, Security, Infrastructure & Operations: V
- Gang Chen (Institute Of High Energy Physics)
Dr
Dieter Kranzlmuller
(LMU Munich)
02/04/2019, 14:00
Network, Security, Infrastructure & Operations
Oral Presentation
# Background:
The approach of infrastructure-as-code allows to
efficiently manage large infrastructures, for instance to support
FAIR data management. A canonical and machine-actionable
description of these infrastructures can itself be an item of
research and an essential component in handling reproducibility
challenges for the results achieved on the infrastructures. Such...
Mr
Yuki Matsui
(Osaka-University,japan)
02/04/2019, 14:30
Network, Security, Infrastructure & Operations
Oral Presentation
The concept of Information-as-a-Service (InfaaS) is a critical concept for disaster
management applications. In the disaster management, the flow of information and the
synchronization of data between different sites must be maintained to facilitate the
decision making process. Thus, in order for everyone involved to see the same
information at the same time, an application is needed to...
Dr
David Kelsey
(STFC-RAL)
02/04/2019, 15:00
Network, Security, Infrastructure & Operations
Oral Presentation
As most are fully aware, cybersecurity attacks are an ever-growing problem as larger parts of our lives take place on-line. Distributed digital infrastructures are no exception and action must be taken to both reduce the security risk and to handle security incidents when they inevitably happen. These activities are carried out by the various e-Infrastructures and it has become very clear in...
Dr
David Crooks
(UKRI STFC)
, Mr
Liviu Valsan
(CERN)
02/04/2019, 16:00
Network, Security, Infrastructure & Operations
Oral Presentation
The modern security landscape affecting grid and cloud sites is constantly evolving, with threats being seen from a range of avenues, including social engineering as well as more direct approaches. It is vital to build up operational security capabilities across the Worldwide LHC Computing Grid (WLCG) in order to improve the defense of the community as a whole. As reported at ISGC 2017 and...
Dr
Sven Gabriel
(Nikhef/EGI)
02/04/2019, 16:30
Network, Security, Infrastructure & Operations
Oral Presentation
EGI CSIRT provides operational security to distributed compute infrastructures coordinated by EGI. One of EGI CSIRTs activities is to assess the overall incident response capabilities, which is done through security exercises, so called Security Service Challenges (SSCs).
Operational security in an agile environment with different job management systems, logging information at different...
Jouke Roorda
(Nikhef)
02/04/2019, 17:00
Network, Security, Infrastructure & Operations
Oral Presentation
In Security Service Challenges the readiness of an infrastructure's incident response capability is assessed. Here we simulate a situation where a legitimate credential is used for activities violating various policies, requiring the involved security teams to take action in order to resolve the incident. An important part here is the containment of the malware, which would be easily doable if...
Mr
Tommaso Diotalevi
(INFN and University of Bologna)
03/04/2019, 14:00
Network, Security, Infrastructure & Operations
Oral Presentation
The distributed Grid infrastructure for High-Energy Physics experiments at the Large Hadron Collider (LHC) in Geneva comprises a set of computing centers, as part of the Worldwide LHC Computing Grid (WLCG). The Tier-1 level functionalities in Italy are served by the INFN-CNAF data centre, which actually serves also more than twenty non-LHC experiments. A key challenge is the modernisation of...
Dr
Yining Zhao
(Computer Network Information Center, Chinese Academy of Sciences)
03/04/2019, 14:20
Network, Security, Infrastructure & Operations
Oral Presentation
Distributed systems have grown larger and larger since this concept appears, and they soon evolve to environments that contain heterogeneous components playing different roles, e.g. data centers and computing units. From security point of view, it is a difficult task to get an idea of how such large environment works or if any undesired matters happened. Logs, produced by devices, sub-systems...
Mr
Catalin Condurache
(STFC Rutherford Appleton Laboratory)
03/04/2019, 14:40
Network, Security, Infrastructure & Operations
Oral Presentation
Firmly established as an extremely effective mechanism for providing scalable, POSIX like, access to experiment software and conditions data for the LHC experiments and many other research groups at Grid sites, the CernVm File System (CernVM-FS) continued to present increased interest to many other High Energy Physics (HEP) and non-HEP (i.e. Space, Natural and Life Sciences) communities...
Dr
Tian Yan
(IHEP)
03/04/2019, 15:00
Network, Security, Infrastructure & Operations
Oral Presentation
In recent years, along with the rapid development of large scientific facilities and e-science worldwide, various cyber security threats has becoming a noticeable challenge in many data centers for scientific research, such as DDoS attack, ransomware, crypto currency mining, data leak, etc.
Intrusion and abnormality detection by collecting and analyzing security data is an important...
Ms
Hao Hu
(Institute of High Energy Physics)
04/04/2019, 14:00
Network, Security, Infrastructure & Operations
Oral Presentation
There are always many vulnerabilities in the operation system, applications and network devices, and vulnerabilities are great threats for security. The vulnerability management and lifecycle tracking is very important and necessary for the security team.
The paper describes the design and development of the vulnerability management system. The functional modules of the system includes...
Dr
Tadashi Murakami
(High Energy Accelerator Research Organization (KEK))
04/04/2019, 14:30
Network, Security, Infrastructure & Operations
Oral Presentation
Vulnerability management is useful for maintaining security with keeping the flexibility of the network environment, especially for the DMZ network that allows connections from the Internet.
We have been operating a vulnerability management portal site named DMZ User's Portal for 13 years.
In KEK, all of the host administrators in DMZ network (DMZ admin) have their own accounts for the...
Dr
Eisaku Sakane
(National Institute of Informatics)
04/04/2019, 15:00
Network, Security, Infrastructure & Operations
Oral Presentation
Virtual machine can flexibly meet user's demands for computing resources and be freely created and deleted. The virtual machine validation and secure communication as network entity are required as well as a physical machine. This paper investigates an X.509 certificate issuing mechanism to virtual machine with arbitrary lifetime.
Let us consider a service that offers virtual machines as...
Jim Basney
(NCSA)
04/04/2019, 16:00
Network, Security, Infrastructure & Operations
Oral Presentation
CILogon provides a software platform that enables scientists to work together to meet their identity and access management (IAM) needs more effectively so they can allocate more time and effort to their core mission of scientific research. The platform builds on open source Shibboleth and COmanage software to provide an integrated IAM platform for science, federated worldwide via eduGAIN....
Mr
Zhihui Sun
(IHEP)
04/04/2019, 16:30
Network, Security, Infrastructure & Operations
Oral Presentation
Software Defined Network(SDN) is a flexible and programmable network architecture, the controller of SDN uses the south API(openflow or netconf) to deploy the network policies into the network devices, and also provides the north API for the use-defined applications. There are two scenarios in IHEP network environment using SDN technologies and architecture. For the new generation of IHEP...
Mr
Charles Pike
(University of Kentucky)
04/04/2019, 17:00
Network, Security, Infrastructure & Operations
Oral Presentation
Big data is now key to nearly all research disciplines. Even research areas historically unrepresented in high performance computing must now cope with vast data sets that need to be analyzed, processed, and transferred over the network. Network choke points can create significant delay during transmission of these large data sets to and from the cloud, where they often reside. Campus and...
