Towards a Framework for Security in eScience

This paper describes an approach to the formulation and classification of security requirements in eScience. It explains why it is untenable to suggest that `one size fits all´, and that what is an appropriate security solution in one context may not be at all appropriate in another. It proposes a framework for the description of eScience security in a number of different dimensions, in terms of measures taken and controls achieved. A distinctive feature of the framework is that these descriptions are organised into a set of discrete criteria, in most cases presented as levels of increasing assurance. The intended framework should serve as a basis for the systematic analysis of security solutions, facilitating the processes of design and approval, as well as for the identification of expectations and best practice in particular domains. The possible usage of the framework, and the value of the approach, is demonstrated in the paper through application to the design of a national data sharing service.