HPC with Enhanced User Separation
Andrew Prout, Albert Reuther, Michael Houle, Michael Jones, Peter, Michaleas, LaToya Anderson, William Arcand, Bill Bergeron, David Bestor, Alex, Bonn, Daniel Burrill, Chansup Byun, Vijay Gadepally, Matthew Hubbell, Hayden, Jananthan, Piotr Luszczek, Lauren Milechin
TL;DR
This paper discusses security techniques implemented in HPC systems to enforce user separation across processes, filesystem, network, and accelerators, enhancing user privacy and security.
Contribution
It introduces specific security mechanisms deployed at MIT Lincoln Laboratory Supercomputing Center to improve user isolation in shared HPC environments.
Findings
Enhanced process separation reduces security risks.
Filesystem access controls prevent data leaks.
Network traffic isolation improves security.
Abstract
HPC systems used for research run a wide variety of software and workflows. This software is often written or modified by users to meet the needs of their research projects, and rarely is built with security in mind. In this paper we explore several of the key techniques that MIT Lincoln Laboratory Supercomputing Center has deployed on its systems to manage the security implications of these workflows by providing enforced separation for processes, filesystem access, network traffic, and accelerators to make every user feel like they are running on a personal HPC.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsDistributed and Parallel Computing Systems · Advanced Data Storage Technologies · Algorithms and Data Compression