Trusted CI podcast

Hosted by Trusted CI

Technology

Website RSS feed

Episodes

Latest episode

Aug 2025

Language

About the show

Trusted CI is the NSF Cybersecurity Center of Excellence. The mission of Trusted CI is to lead in the development of an NSF Cybersecurity Ecosystem with the workforce, knowledge, processes, and cyberinfrastructure that enables trustworthy science and NSF’s vision of a nation that is a global leader in research and innovation. More information can be found at trustedci.org.

Listen to episodes

60 recent

August 25, 2025Episode 743 min

August 2025: Securing Medical Imaging AI Models Against Adversarial Attacks

While AI is increasingly present in clinical practice especially for medical imaging, it is imminent to ensure cybersecurity of imaging diagnostic AI models. Newly advanced adversarial attacks pose a threat to the safety of medical AI models, but little is known about the characteristics of this threat. Medical adversarial attacks may lead to serious consequences including patient harm, liability of healthcare providers, and other ethical issues or crimes. It is imperative to study this cybersecurity issue to mitigate potential negative consequences and to ensure safety of health care. In this talk, the speaker will discuss cyber vulnerabilities of deep learning-based medical imaging diagnosis models under adversarial attacks, show real-world experiments on how adversarial attacks can fool AI models to decrease diagnosis performance and to confuse experienced radiologists, and present several methods of defending adversarial attacks to secure AI models in medical imaging applications. Speaker Bio: Shandong Wu, PhD, is a Professor in Radiology, Biomedical Informatics, Bioengineering, and Intelligent Systems at the University of Pittsburgh. Dr. Wu leads the Intelligent Computing for Clinical Imaging (ICCI) lab, and he is the founding director of the Pittsburgh Center for AI Innovation in Medical Imaging. Dr. Wu’s work focuses on developing trustworthy medical imaging AI for clinical/translational applications. Dr. Wu's lab received multiple research awards such as the RSNA Trainee Research Award twice in 2017 and 2019, the 2021 AANS Natus Resident/Fellow Award for Traumatic Brain Injury, the 2025 SPIE Imaging Informatics Best Paper Award, etc. Dr. Wu’s research is supported by NIH, NSF, multiple research foundations, Amazon AWS, Nvidia, and many institutional funding sources. Dr. Wu has published > 190 journal papers and conference papers/abstracts in both the computing and clinical fields. His research has been featured in hundreds of scientific news reports and media outlets in the world.

July 28, 2025Episode 650 min

July 2025: TIPPSS to improve Trust, Identity, Privacy, Protection, Safety and Security for Cyberphysical Systems

The challenge of providing end to end trust and security for operational technology systems has been a growing challenge and increasingly imperative. An IEEE effort was begun in 2016 to tackle that challenge, resulting in the publication of the first IEEE/UL TIPPSS standard (IEEE/UL 2933-2024) and the awarding of the 2024 IEEE Standards Association Emerging Technology Award to the TIPPSS standard working group. The goal of the TIPPSS standard, which is envisioned to be a family of standards, is to improve Trust, Identity, Privacy, Protection, Safety and Security (TIPPSS) for cyber-physical systems, beginning with Clinical Internet of Things and expanding to research infrastructure, the energy grid, distributed energy resources, and more. In this webinar we will discuss the initial IEEE/UL TIPPSS standard for clinical IoT data and device interoperability, the details of the technical and process elements of the standard, and the opportunity to apply it to all operational technology. Future TIPPSS presentations planned include "TIPPSS for navigating a changing cybersecurity landscape at the Electron-Ion Collider and other scientific research facilities" in collaboration with Brookhaven National Laboratory at the ICALEPS 2025 conference (The 20th International Conference on Accelerator and Large Experimental Physics Control Systems) September 20-26, 2025 in Chicago, bringing the TIPPSS discussion to research infrastructure and the IT systems that support it. Trusted CI's initiatives in Secure by Design and the Trusted CI Operational Technology Procurement Vendor Matrix are very complementary to the TIPPSS initiative, and there is more we can do as a community in this effort together. Join us to discuss the imperatives and possibilities. Speaker Bio: Florence Hudson is Executive Director of the Northeast Big Data Innovation Hub at Columbia University, leading over $10M in projects funded by the National Science Foundation, National Institutes of Health, and Department of Transportation. She is also Founder & CEO of FDHint, LLC, a global advanced technology consulting firm. A former IBM Vice President and Chief Technology Officer, Internet2 Senior Vice President & Chief Innovation Officer, Special Advisor for the NSF Cybersecurity Center of Excellence, and aerospace engineer at the NASA Jet Propulsion Lab and Grumman Aerospace Corporation, she is an Editor in Chief and Author for Springer, Elsevier, Wiley, IEEE, and other publications. She leads the development of global IEEE/UL standards to increase Trust, Identity, Privacy, Protection, Safety and Security (TIPPSS) for connected healthcare data and devices and cyberphysical systems, and is Vice Chair of the IEEE Engineering Medicine & Biology Society Standards Committee. She earned her Mechanical and Aerospace Engineering degree from Princeton University, and executive education certificates from Harvard Business School and Columbia University.

June 23, 2025Episode 51 hr 0 min

June 2025: Towards Practical Confidential High-Performance Computing

The democratization of high-performance computing (HPC)—driven by a paradigm shift toward cloud-based solutions—has unlocked unprecedented scalability in data sharing, interdisciplinary collaboration, and large-scale analytics. Yet, despite these advancements, the lack of strong privacy protection mechanisms, particularly for sensitive or regulated data, remains a significant barrier preventing critical domains from fully leveraging cloud HPC. In this webinar, I will present our group’s research toward enabling a practical confidential HPC paradigm—one that empowers HPC providers to securely process sensitive workloads with provable security and privacy guarantees. My talk will be structured around three key pillars that underpin our approach: practical data-in-use security, data governance and compliance, and usability. First, I will introduce our vision for a next-generation trusted execution environment (TEE) architecture tailored for HPC—designed to deliver HPC-grade efficiency for large-scale, parallel workloads, while upholding strict data-in-use security guarantees. Second, I will discuss how we leverage formal methods to validate compliance with complex governance and data-sharing policies—ensuring that even dynamic, multi-party workloads can remain policy-aligned. Finally, I will share our ongoing work in developing new usability frameworks and programming abstractions designed to make confidential computing accessible to domain scientists—lowering the barrier for adoption without requiring expertise in cryptography or secure systems. Speaker Bio: Chenghong Wang is an Assistant Professor in the Luddy School of Informatics, Computing, and Engineering at Indiana University Bloomington. He is a core faculty member of the Security and Privacy in Informatics, Computing, and Engineering (SPICE) group and affiliated with the NSF Center for Distributed Confidential Computing (CDCC). His research focuses on building full-stack solutions for privacy-preserving data sharing and analytics (PPDSA), bridging theory, systems, and architectural design. His work spans trusted execution environments, differential privacy, applied cryptography, and secure data systems. Dr. Wang's research has been published in premier venues across systems, security, and AI, including SIGMOD, VLDB, USENIX Security, MICRO, NeurIPS, IJCAI, ICCV, and EMNLP. Beyond his core focus, he actively collaborates across disciplines, contributing to projects in AI, machine learning, hardware systems, healthcare, and biomedicine. He received his Ph.D. in Computer Science from Duke University, where he was advised by Prof. Ashwin Machanavajjhala and Prof. Kartik Nayak.

May 19, 2025Episode 41 hr 1 min

May 2025: Conducting Responsible Human-Centered AI Research

With the recent rise of LLMs, it becomes increasingly possible (and necessary) to conduct human-subjects studies with AI tools. However, integrating AI in human-subjects research raises concerns about participant privacy, safety, and the confidentiality of research data. These concerns are exacerbated by the fact that many AI researchers have limited experience with human-subjects research, and most ethics review boards (e.g. IRBs) have little knowledge about AI. In this talk, I present findings from a series of investigations into human-centered AI research studies: our team systematically reviewed AI-related studies published at the ACM SigCHI conference, we interviewed researchers who conducted human-subjects studies with LLMs, and we conducted a scenario-based study to unpack study participants' opinions about AI-based research. We find that (1) many papers lack important details about basic study parameters, (2) researchers often fail to disclose the use of LLMs to research participants, and (3) participants are sensitive to study parameters like anonymization, data retention and consent, but are unaware of the threats of third-party data sharing and of data leakage through model training. I will discuss these findings, and more, during the talk. Speaker Bio: Dr. Bart Knijnenburg is an Associate Professor in Human-Centered Computing at Clemson University where he co-directs the Humans And Technology Lab (HATLab). His research explores the societal, social, and psychological aspects of human interaction with intelligent systems. His research has been funded by the NSF (including a CAREER award), the Department of Defense, the Department of Education, the Department of Justice, and corporate gifts.

March 31, 2025Episode 342 min

March 2025: The Operational Technology Procurement Vendor Matrix

Operational Technology (OT), when installed on an organization's network, becomes part of the overall cyber attack surface for an organization. When procuring this OT, it is important for the purchasing organization to understand how it will integrate with the existing network and security controls as well as understand what new risks it might introduce. The Trusted CI Operational Technology Procurement Vendor Matrix (the Matrix) provides a prioritized list of questions for organizations to send to manufacturers and suppliers to try to get as much of this information as possible. In this webinar, we will walk through what security issues impact OT, the role of procurement in mitigating security risks, our reasoning and process for developing the Matrix, and a walk through on how to use the Matrix at your organization. Questions and shared experiences with OT are encouraged. TARGET AUDIENCE: Organizational leadership, procurement department, IT, cybersecurity The Matrix can be found at https://trustedci.org/ot-matrix Speaker Bio: Chief Security Analyst Mark Krenz is focused on cybersecurity operations, research, and education. He has more than two decades of experience in system, network administration, programming, and system security and has spent the last decade focused on cybersecurity. He also serves as the CISO of Trusted CI.

January 27, 2025Episode 138 min

January 2025: A Unified Monitoring Approach to Enhancing the Security and Resiliency of Hazard Workflows

In this talk, we will first discuss techniques to improve the resiliency of hazard monitoring systems. This includes optimizing machine learning training pipelines for wildfire detection to achieve faster, more accurate results while adapting to real-world constraints such as data variability and network latencies. We will also explore enabling multi-tenancy to maximize resource efficiency by allowing multiple hazard detection workflows to share infrastructure without compromising performance. Furthermore, we will present an in-depth analysis of power and energy consumption for edge devices deployed in remote and resource-constrained environments, emphasizing sustainable and scalable design choices that support long-term operation. Next, we will describe ongoing efforts to enhance the security of critical cyberinfrastructures. This includes developing techniques to prevent denial-of-service attacks that could disrupt hazard monitoring workflows and implementing secure data transmission mechanisms to safeguard information across distributed CI layers. Speaker Bios: Sudarsun Kannan is an Assistant Professor in the Computer Science Department at Rutgers University. His research focuses on operating system design and its intersection with computer architecture, distributed systems, and high-performance computing (HPC) systems. His work has been published in top venues such as ASPLOS, OSDI, and FAST, and he has received best paper awards at SOSP and ASPLOS, along with the Google Research Scholar award. He co-chaired the HotStorage'22 workshop and serves as an Associate Editor for ACM Transactions on Storage. Before joining Rutgers, he was a postdoctoral research associate at Wisconsin-Madison and graduated with an M.S. and Ph.D. from Georgia Tech. Ramakrishnan (Ram) Durairajan is an Associate Professor in the School of Computer and Data Sciences, and co-directs the Oregon Networking Research Group (ONRG) at the University of Oregon. Ram earned his Ph.D. and M.S. degrees in Computer Sciences from the University of Wisconsin - Madison and his B.Tech. in Information Technology from the College of Engineering, Guindy (CEG), Anna University. He has published over 50 peer-reviewed papers in various conferences, journals, and workshops. His research has been recognized with several awards including the NSF CAREER award, NSF CRII award, Ripple faculty fellowship, UO faculty research award, best paper awards from ACM CoNEXT and ACM SIGCOMM GAIA, and has been covered in several fora (NYTimes, MIT Technology Review, Popular Science, Boston Globe, Gizmodo, Mashable, among others). Recently, his research on Internet topology has been named as "One of the 100 Greatest Innovations," has been cited in FCC's Spectrum Frontiers 2d Report and Order, and has won a number of awards including the "Best of What's New" (in security category) by the Popular Science Magazine.

November 18, 2024Episode 735 min

November 2024: Privacy Preserving Aggregate Range Queries on Encrypted Multi-dimensional Databases

Data-driven collaborations often involve sharing large-scale datasets in cloud environments, where adversaries may exploit server vulnerabilities to access sensitive information. Traditional approaches, such as Trusted Execution Environments, lack the scalability for parallel processing, while techniques like homomorphic encryption incur prohibitive computational overheads. ARMOR addresses these limitations by developing encrypted querying techniques that support a variety of scientific data types and queries, balancing efficiency with privacy. The project’s interdisciplinary team focuses on advancing encryption methods, improving query performance for multidimensional data, and rigorously evaluating security risks and overheads under real-world scenarios. A recent research under ARMOR is the development of Secure Standard Aggregate Queries (SSAQ), a novel approach for secure aggregation on multidimensional sparse datasets stored on untrusted servers. Aggregation functions like SUM, AVG, COUNT, MIN, MAX, and STD are essential for scientific data analysis but pose privacy risks when performed on encrypted data. Existing methods using searchable encryption suffer from access pattern and volume leakage and are often limited to one-dimensional settings. SSAQ overcomes these challenges by employing d-dimensional segment trees to precompute responses for all possible query ranges, thus improving the efficiency of secure range queries. To further reduce leakage, SSAQ integrates Oblivious RAM (ORAM) to conceal data access patterns during query execution. This combination ensures a higher level of security, making SSAQ suitable for complex scientific data scenarios where sensitive information needs to be safeguarded. The approach significantly extends the applicability of searchable encryption techniques, offering a scalable and efficient solution for secure data analytics in cloud environments while minimizing privacy risks. Speaker Bio: Dr. Hoda Maleki is an Assistant Professor in the School of Computer and Cyber Sciences at Augusta University, specializing in system security, applied cryptography, and blockchain technology. She earned her Ph.D. in Computer Science and Engineering from the University of Connecticut. Dr. Maleki's research addresses critical security challenges, including IoT security, secure data retrieval in encrypted databases, and privacy-preserving data access in cloud environments. Her work leverages the Universally Composable (UC) security framework to analyze complex systems and employs multi-dimensional searchable encryption to protect massive scientific datasets. With over $1 million in NSF funding, her research advances scalable, efficient cryptographic solutions that meet the security needs of modern data-driven applications.

August 26, 2024Episode 646 min

August 2024: JSON Web Tokens for Science: Hands on Jupyter Notebook Tutorial

NSF cyberinfrastructure is undergoing a security transformation: a migration from X.509 user certificates to IETF-standard JSON Web Tokens (JWTs). This migration has facilitated a re-thinking of authentication and authorization among cyberinfrastructure providers: enabling federated authentication as a core capability, improving support for attribute, role, and capability-based authorization, and reducing reliance on prior identity-based authorization methods that created security and usability problems. In this webinar, members of the SciAuth project (https://sciauth.org/ - NSF award #2114989) will provide a short, hands-on tutorial for cyberinfrastructure professionals to learn about JWTs, including SciTokens (https://scitokens.org/ - NSF award #1738962). Participants will use Jupyter Notebooks to validate the security of JWTs and experiment with JWT-based authentication and authorization. Participants will gain an understanding of JWT basics suitable for understanding their security and troubleshooting any problems with their use. Speaker Bios: Dr. Jim Basney is a principal research scientist in the cybersecurity group at the National Center for Supercomputing Applications at the University of Illinois at Urbana-Champaign. He is the Director and PI of Trusted CI. Jim received his PhD in computer sciences from the University of Wisconsin-Madison. Dr. Derek Weitzel is a research assistant professor in the School of Computing at the University of Nebraska - Lincoln. He has been providing distributed computing solutions to the national cyberinfrastructures since 2009. He is a member of the OSG’s production operations team and leads the operations of the National Research Platform. His current areas of research involve distributed data management for shared and opportunistic storage, secure credential management, and network monitoring and analytics.

July 22, 2024Episode 526 min

July 2024: Automated Building and Deploy Testing — Using Zeek as an example

At ESnet, we pride ourselves on being cutting-edge, even if it causes a few scratches. Every new branch of Zeek is automatically built and tested in Gitlab CI. Then, every night, the latest successful 'master' build is deployed, along with all of our packages and scripts, to a test system via Ansible. As time permits, we roll out the latest build, in production, to over 40 servers. Through this process we've both been able to provide early feedback to the Zeek project about potential bugs and give ourselves an early warning system when changes impact our production plugins and scripts. Zeek is an open source network security monitoring tool. This does not focus on the use of Zeek itself, but rather the care and feeding of our installation footprint. Speaker Bio: Michael “Dop” Dopheide has spent the majority of his career working in the R&E community specializing in systems engineering, security research, incident response, and network intrusion detection. He especially enjoys helping coworkers debug problems at the packet and protocol levels. In addition to his operational security role, Dop helps support the open source Zeek community and volunteers every year to beta test the SANS Holiday Hack challenge.

June 21, 2024Episode 454 min

June 2024: The Transformative Twelve: Taking a Practical, Evidence-Based Approach to Cybersecurity Controls

Controls aren’t everything, but they are an important rubber-meets-the-road component of your cybersecurity strategy and program. This webinar will help you will understand the role controls play in a competent cybersecurity program through the lens of the Trusted CI Framework. And, with help cutting through the noise of the many, many controls and control sets in the wild, it will introduce you to the Transformative Twelve, a small, highly prioritized, evidence-based set of cybersecurity controls. Speaker Bio: Craig Jackson is Deputy Director at the Indiana University Center for Applied Cybersecurity Research, where his R&D interests include evidence-based approaches to security, cybersecurity fundamentals, and cybersecurity program development and governance. He leads collaborative work with critical infrastructure partners. His work includes the Trusted CI Framework, the Information Security Practice Principles, and the Cybertrack and USN’s PACT assessment methodologies. Craig’s education background is in law, education, psychology, and philosophy.