XSEDE is a federation of service providers and virtual organizations that have come together to bring high-performance computing to scientists at research institutions across the U.S. The mission of XSEDE is to enhance the productivity of scientists and engineers by providing them with new and innovative capabilities and thus facilitate scientific discovery while enabling transformational science/engineering and innovative educational programs. 

The XSEDE project is led out of NCSA, and the security operations team in particular is co-led by NCSA CyberSecurity director Adam Slagell and Jim Marsteller at PSC. Jim Basney of NCSA's CyberSecurity division is also the security lead for XSEDE's Software Development and Integration division, driving many of the IdM and security projects like the single-sign-on hub and Duo two-factor authentication integration.

AttackTagger

AttackTagger is a sophisticated log analysis tool designed to find potentially malicious activity, such as credential theft. AttackTagger will integrate with existing security software so as to be easily deployable within existing security ecosystems and consume a wide variety of system and network security logs. AttackTagger accomplishes advanced pattern matching by utilizing a Factor Graph model--capturing sequential relation among events and enables integration of the external knowledge, e.g., expert knowledge or a user profile.  The The cyber-infrastructure that supports science research faces the daunting challenge of defending against cyber attacks. Modest to medium research project teams have little cyber security expertise to defend against the increasingly diverse, advanced and constantly evolving attacks. Even larger facilities that have with security expertise are often overwhelmed with the amount of security log data they need to analyze in order to identify attackers and attacks, which is the first step to defending against them.   AttackTagger can scale to be able to address the dramatic increase in security log data, and detect emerging threat patterns in today's constantly evolving security landscape. AttackTagger is a sophisticated log analysis tool designed to find potentially malicious activity, such as credential theft. AttackTagger will integrate with existing security software so as to be easily deployable within existing security ecosystems and consume a wide variety of system and network security logs. AttackTagger accomplishes advanced pattern matching by utilizing a Factor Graph model--capturing sequential relation among events and enables integration of the external knowledge.

Science DMZ Actionable Intelligence Appliance (SDAIA)

SDAIA aims to secure cyber-infrastructure and provide the cybersecurity research community with a rich, real-world intelligence source upon which to test their theories, tools, and techniques. Our efforts are in response to recent NSF investment and efforts by ESnet that have spurred a rapid growth of open high performance networks or so-called Science DMZ deployments. Science DMZs support big data and access to high-performance computation through very high bandwidth networks in an open environment that presents new challenges to the traditional university security stance. SDAIA will provide a holistic approach that will address the special Science DMZ architecture through a new kind of virtual security appliance that will benefit from external, shared intelligence to protect the site, and further provide intelligence to the wider community of both DMZ operators and cybersecurity researchers. This appliance will leverage existing technologies; be easy to deploy, configure, and maintain; integrate with common Science DMZ services, and be built upon free and open source software for affordability and flexibility.