General purpose large-scale High Performance Computing (HPC) clusters are finding wider adoption with increased demand for computing power among business, utility, financial, education, scientific, and critical national infrastructure systems. With more general usage, the need for increased availability has brought forth increased cyber security concerns—especially between concurrent users of the same HPC cluster who may not wish to share their data/algorithms, corporate secrets, or other sensitive information. General statement of how this problem or situation is being addressed: The problem will be addressed by developing a software system for obfuscating the operations of an HPC cluster, protecting data confidentiality and integrity. By obfuscating HPC codes, status information, user data, and network configuration, sensitive operations can be hidden from unprivileged users without imparting significant computational overhead. Statement of what will be done in Phase I: For phase I, we propose the development of HOST, a software service that combines with the plugin API of HPC management systems, such as SLURM, to provide code obfuscation, system level obfuscation, and improved monitoring for privileged users. HOST is an installable software product that provides a framework for obfuscation and a command line interface for user interaction. After completing the Phase I prototype, users will be capable of entering commands similar to those included in SLURM, but with added functionality for obfuscating the system’s behavior in response to those commands. Commercial applications or other
Benefits: In addition to providing improved software assurances, both in the form of data confidentiality and computational integrity, HOST will also promote better resource utilization. A major concern with shared HPC platforms is that data integrity can be breached by unrelated users. HOST will save time and money for users by preventing data breaches and ultimately improving computational integrity. At the same time, we anticipate that computational overhead will be greatly improved over traditional encryption techniques. By ensuring security for unrelated users, it becomes possible for system maintainers to increase availability and improve resource utilization.
