Protection of a Shared HPC Cluster

Blanc, Mathieu; Briffaut, Jérémy; Coullet, Thibault; Fonda, Maxime; Toinard, Christian

doi:10.1109/securware.2010.51

Cited by 2 publications

(7 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We published separately results regarding the PIGA performance [4]. In particular, this article presented the results for an offline analysis of a SELinux policy with PIGA.…”

Section: A Resultsmentioning

confidence: 99%

“…As presented in PIGA-HIPS [4], we choose to use two separate reference monitors to enforce access control in our shared cluster environment. The first level is SELinux, it is essential because it can block direct information flows at a lower performance cost than the second level.…”

Section: Approaches and Methodology A Two Levels Of Access Controlmentioning

confidence: 99%

“…Another project called PIGA-HIPS [4] is based on three levels of access control. The first one is DAC, the second one is SELinux and its policy, and the last one is PIGA, which enforces an advanced security policy.…”

Section: B Control Of Advanced Information Flowsmentioning

confidence: 99%

“…As explained in [4], the analysis of the SELinux policy with PIGA can reveal optimization possibilities, for example it can point unused security contexts, or Access Vectors that can be denied directly with SELinux. It is also possible to use this analysis to refine the security properties enforced by PIGA, so that they represent a lower number of activities to monitor.…”

Section: B Proposed Approachesmentioning

confidence: 99%

“…However, none of the existing MAC mechanisms provides protection against advanced attacks [8]. The use of an external reference monitor such as PIGA-HIPS [4] is required to improve the protection. Such mechanisms exist but none of them deals with keeping a low impact on performance in HPC clusters.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Advanced MAC in HPC Systems: Performance Improvement

Gros

Blanc

Briffaut

et al. 2012

2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (Ccgrid 2012)

View full text Add to dashboard Cite

Assessing the impact of Mandatory Access Control (MAC) integration in the Linux kernel performance is still an open problem. Regarding the specific paradigm of MAC in High Performance Computing, there are actually few works. Yet, guaranteeing security properties on a shared cluster is both a necessity and a challenge. This is a necessity because it is mandatory to ensure the confidentiality and integrity of data computed by the users, and a challenge because a cluster is a costly resource built with performance in mind. This paper deals with the need to integrate MAC in Linux-based operating systems for HPC clusters in an efficient way.

show abstract

“…We published separately results regarding the PIGA performance [4]. In particular, this article presented the results for an offline analysis of a SELinux policy with PIGA.…”

Section: A Resultsmentioning

confidence: 99%

Section: Approaches and Methodology A Two Levels Of Access Controlmentioning

confidence: 99%

Section: B Control Of Advanced Information Flowsmentioning

confidence: 99%

Section: B Proposed Approachesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Advanced MAC in HPC Systems: Performance Improvement

Gros

Blanc

Briffaut

et al. 2012

2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (Ccgrid 2012)

View full text Add to dashboard Cite

show abstract

Security of HPC Systems: From a Log-analyzing Perspective

Luo¹,

Qu²,

Zeng³

et al. 2019

ICST Transactions on Security and Safety

View full text Add to dashboard Cite

High Performance Computing (HPC) systems mainly focused on how to improve performances of the computing. It has competitive processing capacity both in terms of calculation speed and available memory. HPC infrastructures are valuable computing resources that need to be carefully guarded and avoid being maliciously used. Thus, vulnerabilities are quintessential issues in HPC systems due to most of jobs and resources run or stored usually are sensitive and high-profit information. In this survey, we comprehensively review securities of HPC systems from a log-analyzing perspective, including well-known attacks and widely used defenses, especially intruder detection methods. We found that log files are used for the security purposes much less than what we expected. How to use all the available log files comprehensively and employ state-ofthe-art intrusion techniques to improve the robustness of HPC systems still lies for future research.

show abstract

Protection of a Shared HPC Cluster

Cited by 2 publications

References 10 publications

Advanced MAC in HPC Systems: Performance Improvement

Advanced MAC in HPC Systems: Performance Improvement

Security of HPC Systems: From a Log-analyzing Perspective

Contact Info

Product

Resources

About