This wiki service has now been shut down and archived
See here for topics introduced by participants. Participants: please upload slides and link them to that page.
Workshop introduction slides are File:Theme-8-w-1-First-talk.pdf.
Ad hoc questions and discussion reports can be linked to Theme8 First Workshop Discussion.
Unedited notes from medical/social discussion.
Unedited notes from non-medical discussion.
First workshop: The Application-Led Security Agenda for eScience
5th – 6th March 2008
A new Theme at the eScience Institute is exploring how improved technologies for trust and security can be enablers for better, richer, more powerful eScience applications. Many of the theme's activities will have a technical security focus, but the intention of the first workshop is to solicit genuine security experiences and aspirations from application scientists.
Recent high-profile news stories have driven data holders to reconsider their storage and handling of personal data. Other projects' security needs are motivated by ethical constraints which come from their application domain. In others, data, or models, or search parameters may be very valuable pieces of intellectual property, or give unwanted clues to an outsider about the direction of a potentially valuable piece of research. For others, the principal security concerns are more subtle issues of longterm data and metadata integrity, confidentiality of software, prevention of unwanted edits or data contamination, restricting pre-publication access to results, and achieving suitable patterns of shared access by authorized individuals. Good practice in security can also be a part of being responsible members of the community: avoiding being a vector for problems to hit others.
However, concerns of security can often be seen as – and become – unwanted inhibitors to innovative research, and in the worst cases can interfere with many users' every day work to the extent that corners must be cut if useful progress is to be made. A contributing factor to such problems can be an unrealistic assessment of risks: those imposing the security controls over-estimating the scale of the potential problems; the every-day users under-estimating them. Conversely, in some contexts, very real security concerns with existing eScience technologies have been a substantial roadblock to the up-take of high throughput or grid styles of working, data sharing, and cross-domain collaboration.
However, a good treatment of security can also be an enabler of hitherto un-considered patterns of interaction: improved software controls, audit capabilities, and guarantees of trustworthiness can allow services and data to be exported to remote contexts without exposing the project to unacceptable risks. Emerging technologies for trust and virtualization allow the establishment of highly regulated, well-isolated compartments on remote systems.
The objective of this workshop is to focus the research activity of this theme upon the real security concerns of active application projects. We hope that those attending will be practitioners (or would-be practitioners) in an application domain of eScience. The output of the workshop will be a technical report (with all of its contributors named as authors), used to inform subsequent workshops at which trust and security experts will be invited to develop possible solutions to the problems raised.
The ideal delegate, then, sits at the interface of the application domain and the technology which supports it: but if there is to be a bias, we would prefer to talk to the application specialist rather than the technologist. Our aim is to avoid arguments of the “you ought to be doing this” kind, and to favour the “how can we start to do this” sentiment, instead Participants are encouraged to bring short presentations, describing their domain of interest, and in particular, to present three slides which answer the following questions:
1. What is your current approach to security? Are you satisfied with it? Why?
2. What is the worst security problem you have encountered? What is the worst that you can imagine happening?
3. What kind of changes would you like to make to your approach (scientifically, in the use of resources, and so on), but do not dare, for reasons of security?
We hope that the majority of participants will make such short presentations. Please contact Andrew Martin to arrange this. There may be issues which you would like to discuss, but which you would not be happy to see in a circulated report: this is quite acceptable. If possible, we will include suitably anonymized accounts of such topics, with your consent. Wherever appropriate, we will attempt to join up those participating later in the theme – contributing solutions to the issues raised – with the projects which introduced the issues. We hope that workshop participants will find it an opportunity to share with each other short-term solutions to their immediate security concerns, and also to engage the research community in solving more profound problems.
The Theme has its own space on the eSI Wiki wiki.esi.ac.uk, Workshop participants and would-be participants are invited to contribute comments there. It will be used a 'live' data capture location during the workshop, and the first draft of the post-workshop report will be onstructed from the wiki contents. That site also hosts a discussion paper, which helps to describe the content and scope of the theme.
27th February 2008: Deadline for registration of presentations
27th February 2008: Deadline for registering to attend
5th – 6th March 2008: Workshop at eSI, South College Street, Edinburgh.
10am Arrival, Registration, and Coffee
11am Workshop Introduction and Scene Setting (Andrew Martin)
Participants' Presentations, with lunch interposed
Thematic discussion groups (determined by participants' presentations and interests)
9am Thematic discussion groups
Reporting and Plenary Discussions
Prioritization of Topics to inform later workshops