PIGA-Cluster: a distributed architecture integrating a shared and resilient reference monitor to enforce mandatory access control in the HPC environment - Archive ouverte HAL Access content directly
Conference Papers Year : 2013

PIGA-Cluster: a distributed architecture integrating a shared and resilient reference monitor to enforce mandatory access control in the HPC environment

(1) , (1, 2) , (3) , (3)
1
2
3
Mathieu Blanc
  • Function : Author
  • PersonId : 935806
Jérémy Briffaut
Christian Toinard
  • Function : Author
  • PersonId : 867013

Abstract

Modern operating systems continue to be the victims of attacks and information leaks. Emerging architectures such as cloud computing or HPC are complex to set up and face many kinds of security threats. However, they still rely on traditional access control mechanisms to protect the system and users' data, whereas these mechanisms can be misconfigured and easily defeated. In this article, we present a full architecture to enhance the protection of H P C clusters. It provides three levels of access control in order to allow the users control over their files while enforcing advanced security properties. More specifically, the integration of mandatory access control enables to control direct information flows, and a new and specific reference monitor deals with indirect information flows. In order to keep a low impact on operating system performances, we propose to centralize this second reference monitor on a dedicated node, controlling the flows on all other nodes through the low latency network. We present the whole architecture and the results of several benchmarks that indicate a low impact on performances. Then we expose how we make this architecture fault-tolerant. This study takes advantage of previous works dealing with access control on workstations or virtualisation technologies, and extends the concepts to the HPC environment.
Not file

Dates and versions

hal-00840736 , version 1 (02-07-2013)

Identifiers

  • HAL Id : hal-00840736 , version 1

Cite

Mathieu Blanc, Damien Gros, Jérémy Briffaut, Christian Toinard. PIGA-Cluster: a distributed architecture integrating a shared and resilient reference monitor to enforce mandatory access control in the HPC environment. SHPCS - 8th International Workshop on Security and High Performance Computing Systems - 2013, Jul 2013, Helsinki, Finland. ⟨hal-00840736⟩
127 View
0 Download

Share

Gmail Facebook Twitter LinkedIn More