Development of a Secure and Privacy-Preserving Workflow Architecture for Dynamic Data Sharing in Scientific Infrastructures

Research Areas: Network Security

Principal Investigator: Xukai Zou

Scientific cyberinfrastructures embrace collaborative workflows where users can access and share heterogeneous data and computing resources to perform research and education tasks, which catalyze scientific discovery. One such cyberinfrastructure, JetStream, is the first production cloud funded by the NSF for general-purpose science and engineering research and education. Although Jetstream provides basic data storage security and web authentication, its security features do not satisfy the strict requirements involving sensitive data, such as healthcare data with protected health information (PHI). This project will build a secure, holistic and resilient cybersecurity architecture on JetStream so that collaborative research and education projects can share PHI securely between its users.

The secured infrastructure will provide comprehensive multi-level protection for the PHI and its workflows through user authentication, fine-tuned data access control, confidentiality, integrity, and traceability. The project will implement advanced security techniques, such as role-wise passwordless authentication and authorization, cryptography-based hierarchical access control, dual-level key management, and secure digital provenance or blockchain-based integrity protection. By employing these, JetStream VMs will be able to guarantee the security, privacy, and integrity of scientific workflows and associated data, thus protecting data and computing resources from internal and external attacks. When applied to healthcare and life-science cyberinfrastructures, it will enable sensitive health data to be shared securely, which is an essential requirement for accelerating life science research. The project will promote the use of real clinical data in training to produce enormous educational impacts. The developed secure architecture is generic and applicable to other data and resource sharing environments.


Other Faculty: Huanmei Wu and Saptarshi Purkayastha