NSF Binghamton

Scientific Workflow Security

The scientific workflow is an important paradigm for automating and accelerating data processing and sharing in the scientific community. The correctness of scientific discoveries relies on the trustworthiness and reliability of the data processed by scientific workflows and the underlying cyberinfrastructure. Unfortunately, modern scientific workflow systems lack robust infrastructure support for trustworthy execution of scientific workflows and for protecting the data processed by scientific workflows. A scientist or student may forge or alter datasets or computation simply to get papers accepted for publication. A malicious user may also publish forged workflow data on websites, misleading other scientists into investigating and publishing invalid results.

This project aims to support a community of engineers and scientists to collaboratively and securely collect, analyze, and share data using scientific workflows. In particular, this project will: (1) develop a trusted execution environment for scientific workflows leveraging the Intel Software Guard Extension (SGX) to protect the execution of scientific workflows as well as the data processed by scientific workflows; (2) produce encrypted, tamper-proof, and non-repudiable block-graphs that enable scientists to verify the origin of scientific data and examine how a piece of data was modified and distributed; and (3) develop a machine-learning based anomaly detection technique to detect anomalous execution flows based on logs collected by the underlying cyberinfrastructure.


Recent Publications

SDN-based Order-aware Live Migration of Virtual Machines, by Dinuni Fernando, Ping Yang, Hui Lu, Accepted, IEEE Infocom, 2020. (Acceptance rate: 19.8%) [pdf]

SciBlock: A Blockchain-Based Tamper-Proof Non-Repudiable Storage for Scientific Workflow Provenance, by Dinuni Fernando, Siddharth Kulshrestha, J. Dinal Herath, Nitin Mahadik, Yanzhe Ma, Changxin Bai, Ping Yang, Guanhua Yan, and Shiyong Lu, Accepted, IEEE International Conference on Collaboration and Internet, 2019.

RAMP: Real-Time Anomaly Detection in Scientific Workflows, by J. Dinal Herath, Changxin Bai, Guanhua Yan, Ping Yang, and Shiyong Lu, Accepted, IEEE International Conference on Big Data, 2019. [pdf] [extended version]

SecDATAVIEW: A Secure Big Data Workflow Management System for Heterogeneous Computing Environments, by Saeid Mofrad, lshtiaq Ahmed, Shiyong Lu, Ping Yang, Heming Cui, Fengwei Zhang, Accepted, 2019 Annual Computer Security Applications Conference (ACSAC), 2019 (Acceptance rate: 22.6%).

A Security Framework for Scientific Workflow Provenance Access Control Policies , Fahima Bhuyan, Shiyong Lu, Robert Reynolds, Jia Zhang and Ishtiaq Ahmed, IEEE Transactions on Services Computing. Accepted. 2019.

Understanding the Security of ARM Debugging Features, Zhenyu Ning and Fengwei Zhang, Proceedings of The 40th IEEE Symposium on Security & Privacy (S&P'19), San Francisco, California, May, 2019.

Hardware-assisted Transparent Tracing and Debugging on ARM , Zhenyu Ning and Fengwei Zhang, IEEE Transactions on Information Forensics & Security (TIFS'19), Vol.14, No.6, pp.1595-1609, 2019.

Preliminary Study of Trusted Execution Environments on Heterogeneous Edge Platforms, Zhenyu Ning, Jinghui Liao, Fengwei Zhang, and Weisong Shi In Proceedings of The 1st ACM/IEEE Workshop on Security and Privacy in Edge Computing (EdgeSP'18), in conjunction with The 3rd ACM/IEEE Symposium on Edge Computing (SEC'18), Bellevue, Washington, October, 2018.

A Comparison Study of Intel SGX and AMD Memory Encryption Technology Saeid Mofrad, Fengwei Zhang, Shiyong Lu, and Weidong Shi, The Hardware and Architectural Support for Security and Privacy(HASP'18), in conjunction with The 45th International Symposium on Computer Architecture (ISCA'18), Los Angeles, California, June, 2018. [pdf]

DexLego: Reassembleable Bytecode Extraction for Aiding Static Analysis, Zhenyu Ning and Fengwei Zhang, The 48th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'18), Luxembourg, June, 2018. [pdf]

Previous Publications

Satisfiability Analysis of Workflows with Control-Flow Patterns and Authorization Constraints, by Ping Yang, Xing Xie, Indrakshi Ray, and Shiyong Lu, IEEE Transactions on Services Computing, 7(2), pages 237-251, April-June 2014. [pdf]

Trustworthy and Dynamic Mobile Task Scheduling in Data-Intensive Scientific Workflow Environments, by Zijiang Yang, Shiyong Lu, Ping Yang, and Andrey Kashlev, International Journal of Computers and Their Applications, 20(2), pages 1-- 13, June 2013.

Analysis of Scientific Workflow Provenance Access Control Policies, Ruiqi Luo, Ping Yang, Shiyong Lu, and Mikhail I. Gofman, The 9th IEEE International Conference on Services Computing (SCC), application and experience track, pages 266--273, © IEEE Press, 2012. [pdf]

Model Checking Approach to Secure Host Access Enforcement of Mobile Tasks in Scientific Workflows, by Zijiang Yang, Shiyong Lu, Ping Yang and Fahima Bhuyan, Special Issue on Scientific Workflows, Provenance and Their Applications of International Journal of Computers and Their Applications, 18(3), 148--159, 2011.

Secure Scientific Workflow Provenance Querying with Security Views, by Artem Chebotko, Shiyong Lu, Seunghan Chang, Farshad Fotouhi and Ping Yang, IEEE Transactions on Services Computing , 3(4), pages 322--337, 2010. [pdf]

Information Flow Analysis of Scientific Workflows, by Ping Yang, Shiyong Lu, Mikhail Gofman, and Zijiang Yang, Special issue on scientific workflows, Journal of Computer and System Sciences (JCSS) , volume 76(6), pages 390-402, © Elsevier, 2010.

Secure Scientific Workflow Provenance Querying with Security Views, by Artem Chebotko, Seunghan Chang, Shiyong Lu, Farshad Fotouhi and Ping Yang, 9th International Conference on Web-Age Information Management (WAIM), pages 349-356, © IEEE press, 2008. [pdf] (Acceptance rate: 25%)

Formal Modelling and Analysis of Scientific Workflows Using Hierarchical State Machines, by P. Yang, Z. Yang and S. Lu, to appear, 2nd International Workshop on Scientific Workflows and Business Workflow Standards in e-Science, held in conjuction with IEEE international conference on e-science and grid computing, © IEEE press, 2007. [abstract| bibtex| pdf]