A Secure Workflow for Shared HPC Systems

Driven by the progress of data and compute-intensive methods in various scientific domains, there is an increasing demand from researchers working with highly sensitive data to have access to the necessary computational resources to be able to adapt those methods in their respective fields. To satisfy the computing needs of those researchers in a cost-effective way, it is an open quest to integrate reliable security measures on existing High Performance Computing (HPC) clusters. The fundamental problem to securely work with sensitive data is, that HPC systems are shared systems that are typically trimmed for highest performance -- not for high security. For instance, there are commonly no additional virtualization techniques employed, thus, users typically have access to the host operating system. Since new vulnerabilities are being continuously discovered, solely relying on the traditional Unix permissions is not secure enough. In this paper, we discuss a generic and secure workflow that can be implemented on typical HPC systems allowing users to transfer, store and analyze sensitive data. In our experiments, we see an advantage in the asynchronous execution of IO requests, while reaching 80 % of the ideal performance.

---

Contributors:

• Hendrik Nolte (Gesellschaft für wissenschaftliche Datenverarbeitung mbH Göttingen)
• Tim Ehlers (Gesellschaft für wissenschaftliche Datenverarbeitung mbH Göttingen)
• Julian Kunkel (Gesellschaft für wissenschaftliche Datenverarbeitung mbH Göttingen)
• Simon Hernan Sarmiento Sabater (Gesellschaft für wissenschaftliche Datenverarbeitung mbH Göttingen)
• Philipp Wieder (Gesellschaft für wissenschaftliche Datenverarbeitung mbH Göttingen)
• Ramin Yahyapour (Gesellschaft für wissenschaftliche Datenverarbeitung mbH Göttingen)