Please visit Jefferson Lab Event Policies and Guidance before planning your next event: https://www.jlab.org/conference_planning.

May 8 – 12, 2023
Norfolk Waterside Marriott
US/Eastern timezone

Security Models for ALICE Online Web-Based Applications

May 9, 2023, 3:00 PM
15m
Chesapeake Meeting Room (Norfolk Waterside Marriott)

Chesapeake Meeting Room

Norfolk Waterside Marriott

235 East Main Street Norfolk, VA 23510
Oral Track 5 - Sustainable and Collaborative Software Engineering Track 5 - Sustainable and Collaborative Software Engineering

Speaker

Raduta, George (CERN)

Description

The recent major upgrade of the ALICE Experiment at CERN’s Large Hadron Collider has been coupled with the development of a new Online-Offline computing system capable of interacting with a sustained input throughput of 3.5TB/s. To facilitate the control of the experiment, new web applications have been developed and deployed to be used 24 hours a day, 365 days a year in the control room and remotely by the subsystem experts and on-call support staff.
Over the past years, an exponential increase in number of exploits on applications vulnerabilities has been observed. This includes but it is not limited to malicious user input, DDoS, SQL Injection and Cross-Site Scripting attacks. Thus, the ALICE interfaces are being built using modern web technologies and a common library developed in-house which provides the core functionalities and building blocks for preventing vulnerabilities. This approach ensures a consolidated and secure environment towards maintaining data integrity and a straightforward non-malicious control of the experiment. This work showcases the tools and practices applied to enhance the application-level security and privacy needed for the experiment to be controlled and observed remotely. A report is also presented of incidents encountered during the first year of ALICE Run 3 operation.

Consider for long presentation No

Primary author

Co-author

Presentation materials