PIGA-Cluster: a distributed architecture integrating a shared and resilient reference monitor to enforce mandatory access control in the HPC environment

Abstract : Modern operating systems continue to be the victims of attacks and information leaks. Emerging architectures such as cloud computing or HPC are complex to set up and face many kinds of security threats. However, they still rely on traditional access control mechanisms to protect the system and users' data, whereas these mechanisms can be misconfigured and easily defeated. In this article, we present a full architecture to enhance the protection of H P C clusters. It provides three levels of access control in order to allow the users control over their files while enforcing advanced security properties. More specifically, the integration of mandatory access control enables to control direct information flows, and a new and specific reference monitor deals with indirect information flows. In order to keep a low impact on operating system performances, we propose to centralize this second reference monitor on a dedicated node, controlling the flows on all other nodes through the low latency network. We present the whole architecture and the results of several benchmarks that indicate a low impact on performances. Then we expose how we make this architecture fault-tolerant. This study takes advantage of previous works dealing with access control on workstations or virtualisation technologies, and extends the concepts to the HPC environment.
Document type :
Conference papers
SHPCS - 8th International Workshop on Security and High Performance Computing Systems - 2013, Jul 2013, Helsinki, Finland. 2013


https://hal.inria.fr/hal-00840736
Contributor : Jérémy Briffaut <>
Submitted on : Tuesday, July 2, 2013 - 11:47:16 PM
Last modification on : Thursday, April 23, 2015 - 2:18:01 PM

Identifiers

  • HAL Id : hal-00840736, version 1

Collections

Citation

Mathieu Blanc, Damien Gros, Jérémy Briffaut, Christian Toinard. PIGA-Cluster: a distributed architecture integrating a shared and resilient reference monitor to enforce mandatory access control in the HPC environment. SHPCS - 8th International Workshop on Security and High Performance Computing Systems - 2013, Jul 2013, Helsinki, Finland. 2013. <hal-00840736>

Export

Share

Metrics

Consultation de la notice

105