DocumentCode :
1814163
Title :
PIGA-cluster: A distributed architecture integrating a shared and resilient reference monitor to enforce mandatory access control in the HPC environment
Author :
Gros, D. ; Blanc, M. ; Briffaut, Jeremy ; Toinard, Christian
Author_Institution :
DAM, CEA, Arpajon, France
fYear :
2013
fDate :
1-5 July 2013
Firstpage :
273
Lastpage :
280
Abstract :
Modern operating systems continue to be the victims of attacks and information leaks. Emerging architectures such as cloud computing or HPC are complex to set up and face many kinds of security threats. However, they still rely on traditional access control mechanisms to protect the system and users´ data, whereas these mechanisms can be misconfigured and easily defeated. In this article, we present a full architecture to enhance the protection of HPC clusters. It provides three levels of access control in order to allow the users control over their files while enforcing advanced security properties. More specifically, the integration of mandatory access control enables to control direct information flows, and a new and specific reference monitor deals with indirect information flows. In order to keep a low impact on operating system performances, we propose to centralize this second reference monitor on a dedicated node, controlling the flows on all other nodes through the low latency network. We present the whole architecture and the results of several benchmarks that indicate a low impact on performances. Then we expose how we make this architecture fault-tolerant. This study takes advantage of previous works dealing with access control on workstations or virtualisation technologies, and extends the concepts to the HPC environment.
Keywords :
authorisation; fault tolerance; operating systems (computers); parallel processing; virtualisation; workstation clusters; HPC cluster protection; HPC environment; PIGA-cluster; attack victim; direct information flow control; distributed architecture; fault-tolerant architecture; indirect information flow; information leaks; low latency network; mandatory access control; operating systems; resilient reference monitor; security threats; shared reference monitor; virtualisation technologies; workstation; Access control; Computer architecture; Context; Kernel; Monitoring; High Performance Computing Security; Mandatory Access Control; Resilience;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
High Performance Computing and Simulation (HPCS), 2013 International Conference on
Conference_Location :
Helsinki
Print_ISBN :
978-1-4799-0836-3
Type :
conf
DOI :
10.1109/HPCSim.2013.6641426
Filename :
6641426
Link To Document :
بازگشت