Mandatory access control for shared HPC clusters: setup and performance evaluation

Abstract : Protecting a HPC cluster against real world cyber threats is a critical task, with the increasing trend to open and share computing resources. As partners can upload data that is confidential regarding other partners, a company managing a shared cluster has to enforce strong security measures. It has to prevent both accidental data leakage and voluntary data stealing. When using an operating system based on Linux, the offered protections are difficult to set up in large scale environments. This article presents how to use the Mandatory Access Control feature of SELinux in order to guarantee strong security properties for HPC clusters. The proposed solution is based on the use of the Multi-Category System, the confinement of user profiles and the use of a dual SSH server. The issues encountered during the implementation and the most difficult technical points are presented. Finally, this paper shows experimental results about the performance of our solution and the impact on a large scale cluster.
Document type :
Conference papers
Liste complète des métadonnées
Contributor : Jean-François Lalande <>
Submitted on : Friday, April 16, 2010 - 7:35:25 PM
Last modification on : Thursday, January 17, 2019 - 3:06:04 PM




Mathieu Blanc, Jean-François Lalande. Mandatory access control for shared HPC clusters: setup and performance evaluation. HPCS 2010, Jun 2010, Caen, France. IEEE Computer Society, pp.291-298, 2010, ISBN: 978-1-4244-6827-0. 〈10.1109/HPCS.2010.5547118〉. 〈hal-00473944〉



Record views