Role-Based Access Control Models
Computer
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
HA-OSCAR: the birth of highly available OSCAR
Linux Journal
Feasibility study and early experimental results towards cluster survivability
CCGRID '05 Proceedings of the Fifth IEEE International Symposium on Cluster Computing and the Grid - Volume 01
Clusters and security: distributed security for distributed systems
CCGRID '05 Proceedings of the Fifth IEEE International Symposium on Cluster Computing and the Grid - Volume 01
A new distributed security model for Linux Clusters
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Analyzing integrity protection in the SELinux example policy
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Providing policy control over object operations in a mach based system
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
Evaluating the Performance Impact of Xen on MPI and Process Execution For HPC Systems
VTDC '06 Proceedings of the 2nd International Workshop on Virtualization Technology in Distributed Computing
Dynamic security context management in Grid-based applications
Future Generation Computer Systems
Secure on-demand grid computing
Future Generation Computer Systems
Mandatory Access Control implantation against potential NFS vulnerabilities
CTS '09 Proceedings of the 2009 International Symposium on Collaborative Technologies and Systems
Hybrid Computing-Where HPC meets grid and Cloud Computing
Future Generation Computer Systems
Secure cooperative access control on grid
Future Generation Computer Systems
Editorial: Recent developments in high performance computing and security: An editorial
Future Generation Computer Systems
Mandatory access control with a multi-level reference monitor: PIGA-cluster
Proceedings of the first workshop on Changing landscapes in HPC security
| Hi-index | 0.00 |
hpc clusters are costly resources, hence nowadays these structures tend to be co-financed by several partners. A cluster administrator has to be designated, whose duties include, amongst others, the prevention of accidental data leakage or theft. Linux has been chosen as an operating system for the CEA's computing platforms. However, strong system security solutions such as SELinux are usually difficult to set up in large environments. This article presents how we have adapted a mac mechanism in order to enforce confidentiality and integrity between a large number of users. First we define our security objectives, and show how they direct our technical choices. Then we present how confinement was achieved using the SELinux security mechanism, and how various attack scenarios were addressed. We then focus on the use of Mandatory Categories, access control on high bandwidth network filesystems and the integration of new users and applications. We discuss some residual technical challenges. Finally, we present benchmark results and validate the acceptable performance impact of our deployment on a modern cluster.