Files in this item
application/pdf2019-06-17_GenA ... gagement_Report_IDEALS.pdf (27MB)
|Title:||TrustedCI: The NSF Cybersecurity Center of Excellence GenApp Engagement Report|
|Author(s):||Basney, Jim; Fleury, Terry; Zage, John|
|Abstract:||Scientific computing and computational analysis are becoming integral aspects of virtually any field of science. Efforts of many research laboratories to produce scientific code frequently becomes unsustainable after the lifetime of funding or staff rotations. The GenApp project hopes to reduce the costs of developing and maintaining scientific code by enabling the rapid dissemination of scientific applications to researchers with minimal software expertise. As GenApp's use becomes more widespread, the benefit to the community's scientific coding increases but so does the impact of any potential security flaw in the tool. The focus of this engagement was to perform a security review of the GenApp codebase and the various web apps generated by GenApp, as well as to evaluate the technologies and architectures utilized by the GenApp development framework. To do this, Trusted CI worked with the GenApp team to create architectural diagrams, ran automated tools to analyze GenApp systems, and manually inspected key components of source code for vulnerabilities. Findings include the need for more systematic sanitization of user input, keeping libraries up to date, and recommendations for secure settings of web services of GenApp-generated applications.|
|Genre:||Report (Grant or Annual)|
|Rights Information:||Copyright © 2019 The Trustees of Indiana University.
This work is licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported (CC BYNC 3.0) license.
|Date Available in IDEALS:||2019-06-17|