Protection in operating systems
Communications of the ACM
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Automated OSCAR Testing with Linux-VServers
HPCS '05 Proceedings of the 19th International Symposium on High Performance Computing Systems and Applications
Dynamic Role and Context-Based Access Control for Grid Applications
PDCAT '05 Proceedings of the Sixth International Conference on Parallel and Distributed Computing Applications and Technologies
Building highly available HPC clusters with HA-OSCAR
CLUSTER '04 Proceedings of the 2004 IEEE International Conference on Cluster Computing
Work in Progress: RASS Framework for a Cluster-Aware SELinux
CCGRID '06 Proceedings of the Sixth IEEE International Symposium on Cluster Computing and the Grid
Clusters and security: distributed security for distributed systems
CCGRID '05 Proceedings of the Fifth IEEE International Symposium on Cluster Computing and the Grid - Volume 01
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
A domain and type enforcement UNIX prototype
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
A Comprehensive Framework for Enhancing Security in InfiniBand Architecture
IEEE Transactions on Parallel and Distributed Systems
Labels and event processes in the Asbestos operating system
ACM Transactions on Computer Systems (TOCS)
A Trust Aware Grid Access Control Architecture Based on ABAC
NAS '10 Proceedings of the 2010 IEEE Fifth International Conference on Networking, Architecture, and Storage
PIGA-Virt: an advanced distributed MAC protection of virtual systems
Euro-Par'11 Proceedings of the 2011 international conference on Parallel Processing - Volume 2
Improving Mandatory Access Control for HPC clusters
Future Generation Computer Systems
| Hi-index | 0.00 |
The protection of High Performance Computing architectures is still an open research problem. Generally, current solutions only feature confinement using sandboxing but none address the problematic of information flow control. This is why a better integration of mandatory access control mechanisms is needed in the HPC environment. In this paper, we propose a global architecture to protect a whole cluster. This architecture uses the specific cluster technologies in order not to reduce the operating system performances. The protection of the cluster relies on three levels of protection and the use of two kinds of reference monitors. SELinux is installed on the computing nodes and deals with direct information flows. PIGA, only installed on a specific node, performs advanced flow control and detects advanced threats. We present the various components of our architecture called PIGA-Cluster, then the results of several benchmarks on a computing node that show a low impact on the operating system performances. We also apply various security properties in order to protect the computing nodes against simple and advanced attacks. This paper takes advantage of previous works dealing with workstations or virtualisation technologies and extends the concepts for the HPC environment.