Mandatory access control with a multi-level reference monitor: PIGA-cluster

Abstract : The protection of High Performance Computing architectures is still an open research problem. Generally, current solutions only feature confinement using sandboxing but none address the problematic of information flow control. This is why a better integration of mandatory access control mechanisms is needed in the HPC environment. In this paper, we propose a global architecture to protect a whole cluster. This architecture uses the specific cluster technologies in order not to reduce the operating system performances. The protection of the cluster relies on three levels of protection and the use of two kinds of reference monitors. SELinux is installed on the computing nodes and deals with direct information flows. PIGA, only installed on a specific node, performs advanced flow control and detects advanced threats. We present the various components of our architecture called PIGA-Cluster, then the results of several benchmarks on a computing node that show a low impact on the operating system performances. We also apply various security properties in order to protect the computing nodes against simple and advanced attacks. This paper takes advantage of previous works dealing with workstations or virtualisation technologies and extends the concepts for the HPC environment.
Type de document :
Communication dans un congrès
ACM CLHS '13 Proceedings of the first workshop on Changing landscapes in HPC security, Jun 2013, New-York, United States. ACM, pp.1-8, 2013, 〈10.1145/2465808.2465809〉
Liste complète des métadonnées

https://hal.inria.fr/hal-00840735
Contributeur : Jérémy Briffaut <>
Soumis le : mardi 2 juillet 2013 - 23:42:02
Dernière modification le : lundi 15 octobre 2018 - 15:54:02

Identifiants

Collections

Citation

Mathieu Blanc, Damien Gros, Jérémy Briffaut, Christian Toinard. Mandatory access control with a multi-level reference monitor: PIGA-cluster. ACM CLHS '13 Proceedings of the first workshop on Changing landscapes in HPC security, Jun 2013, New-York, United States. ACM, pp.1-8, 2013, 〈10.1145/2465808.2465809〉. 〈hal-00840735〉

Partager

Métriques

Consultations de la notice

121