Abstract
hpc clusters are costly resources, hence nowadays these structures tend to be co-financed by several partners. A cluster administrator has to be designated, whose duties include, amongst others, the prevention of accidental data leakage or theft. Linux has been chosen as an operating system for the CEA’s computing platforms. However, strong system security solutions such as SELinux are usually difficult to set up in large environments.This article presents how we have adapted a mac mechanism in order to enforce confidentiality and integrity between a large number of users. First we define our security objectives, and show how they direct our technical choices. Then we present how confinement was achieved using the SELinux security mechanism, and how various attack scenarios were addressed. We then focus on the use of Mandatory Categories, access control on high bandwidth network filesystems and the integration of new users and applications. We discuss some residual technical challenges. Finally, we present benchmark results and validate the acceptable performance impact of our deployment on a modern cluster.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
