Enhancing HPC security with a user-based firewall

Andrew Prout, William Arcand, David Bestor, Bill Bergeron, Chansup Byun, Vijay Gadepally, Matthew Hubbell, Michael Houle, Michael Jones, Peter Michaleas, Lauren Milechin, Julie Mullen, Antonio Rosa, Siddharth Samsi, Albert Reuther, Jeremy Kepner

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

7 Scopus citations

Abstract

High Performance Computing (HPC) systems traditionally allow their users unrestricted use of their internal network. While this network is normally controlled enough to guarantee privacy without the need for encryption, it does not provide a method to authenticate peer connections. Protocols built upon this internal network, such as those used in MPI, Lustre, Hadoop, or Accumulo, must provide their own authentication at the application layer. Many methods have been employed to perform this authentication, such as operating system privileged ports, Kerberos, munge, TLS, and PKI certificates. However, support for all of these methods requires the HPC application developer to include support and the user to configure and enable these services. The user-based firewall capability we have prototyped enables a set of rules governing connections across the HPC internal network to be put into place using Linux netfilter. By using an operating system-level capability, the system is not reliant on any developer or user actions to enable security. The rules we have chosen and implemented are crafted to not impact the vast majority of users and be completely invisible to them. Additionally, we have measured the performance impact of this system under various workloads.

Original languageEnglish
Title of host publication2016 IEEE High Performance Extreme Computing Conference, HPEC 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781509035250
DOIs
StatePublished - Nov 28 2016
Externally publishedYes
Event2016 IEEE High Performance Extreme Computing Conference, HPEC 2016 - Waltham, United States
Duration: Sep 13 2016Sep 15 2016

Publication series

Name2016 IEEE High Performance Extreme Computing Conference, HPEC 2016

Conference

Conference2016 IEEE High Performance Extreme Computing Conference, HPEC 2016
Country/TerritoryUnited States
CityWaltham
Period09/13/1609/15/16

Keywords

  • Firewall
  • HPC
  • MIT SuperCloud
  • Security
  • netfilter

Fingerprint

Dive into the research topics of 'Enhancing HPC security with a user-based firewall'. Together they form a unique fingerprint.

Cite this