PIGA-HIPS: Protection of a shared HPC cluster

Abstract : Protecting a shared High Performance Computing cluster is still an open research problem. Existing solutions deal with sand-boxing and Discretionary Access Control for controlling remote connections. Guaranteeing security properties for a shared cluster is complex since users demand an environment at the same time efficient and preventing confidentiality and integrity violations. This paper proposes two different approaches for protecting remote interactive accesses against malicious operations. Those two approaches leverage the SELinux protection. They have been successfully implemented using standard MAC from SELinux, and guarantee supplementary security properties thanks to our PIGA HIPS. The paper compares those two different approaches. It presents a real use case for the security of a shared cluster that allows interactive connections for users while preventing confidentiality and integrity violations. That paper takes advantage of previous works and goes one step further for protecting shared clusters against malicious activities. It proposes a new framework to share a cluster among partners while guaranteeing advanced security properties. This solution aims to prevent complex or indirect malicious activities that use combinations of processes and covert channels in their attempt to bypass the required properties.
Type de document :
Article dans une revue
International Journal On Advances in Security, IARIA, 2011, 4 (1), pp.44-53
Liste complète des métadonnées

https://hal.inria.fr/hal-00671586
Contributeur : Jérémy Briffaut <>
Soumis le : vendredi 17 février 2012 - 18:02:39
Dernière modification le : jeudi 29 mars 2018 - 09:04:04

Identifiants

  • HAL Id : hal-00671586, version 1

Collections

Citation

Mathieu Blanc, Jérémy Briffaut, Christian Toinard, Damien Gros. PIGA-HIPS: Protection of a shared HPC cluster. International Journal On Advances in Security, IARIA, 2011, 4 (1), pp.44-53. 〈hal-00671586〉

Partager

Métriques

Consultations de la notice

122