Mandatory access control with a multi-level reference monitor: PIGA-cluster

Abstract : The protection of High Performance Computing architectures is still an open research problem. Generally, current solutions only feature confinement using sandboxing but none address the problematic of information flow control. This is why a better integration of mandatory access control mechanisms is needed in the HPC environment. In this paper, we propose a global architecture to protect a whole cluster. This architecture uses the specific cluster technologies in order not to reduce the operating system performances. The protection of the cluster relies on three levels of protection and the use of two kinds of reference monitors. SELinux is installed on the computing nodes and deals with direct information flows. PIGA, only installed on a specific node, performs advanced flow control and detects advanced threats. We present the various components of our architecture called PIGA-Cluster, then the results of several benchmarks on a computing node that show a low impact on the operating system performances. We also apply various security properties in order to protect the computing nodes against simple and advanced attacks. This paper takes advantage of previous works dealing with workstations or virtualisation technologies and extends the concepts for the HPC environment.
Document type :
Conference papers
Complete list of metadatas

https://hal.inria.fr/hal-00840735
Contributor : Jérémy Briffaut <>
Submitted on : Tuesday, July 2, 2013 - 11:42:02 PM
Last modification on : Thursday, October 24, 2019 - 1:45:01 AM

Identifiers

Citation

Mathieu Blanc, Damien Gros, Jérémy Briffaut, Christian Toinard. Mandatory access control with a multi-level reference monitor: PIGA-cluster. ACM CLHS '13 Proceedings of the first workshop on Changing landscapes in HPC security, Jun 2013, New-York, United States. pp.1-8, ⟨10.1145/2465808.2465809⟩. ⟨hal-00840735⟩

Share

Metrics

Record views

146