Top HPC Players: It’s Time to Get Serious About Security

By Agam Shah

March 9, 2023

Time’s up: nearly everyone agrees it’s about time to become serious about bringing security safeguards to high-performance computing systems, which has been largely ignored in the need for speed. A working group at the National Institute of Standards and Technology (NIST) last month published a high-performance computing security model that is a blueprint for operators to protect supercomputers from hacks and malicious actors.

Security has played second fiddle to horsepower in HPC systems as implementing security layers could slow down supercomputers. Operators typically want to squeeze the maximum performance out of systems. HPC users have also complained that system vendors do not prioritize security as system vendors are more interested in meeting performance benchmarks as stated in contracts.

The private and public sectors joined hands to create the HPC security blueprint, which covers hardware, software, storage and networking. “HPC is a large-scale, complex system with strict performance requirements. Security tools that are effective for individual devices may not work well in an HPC environment,” the document’s authors* stated.

The paper lays out a bare truth: performance is paramount in HPC, and operators will not adopt security measures if it impedes system performance.

HPC systems operate differently than conventional server installations. Installing a forensic tool to preserve a hard drive may make sense on a PC or server, but not on high-performance computers, the document states. Similarly, installing antivirus and scanning every incoming file may make sense on PCs, but not on high-performance computers.

The document defines the HPC computing model, and provides recommendations on how to secure systems. It also points to why HPC systems need security safeguards. Systems may be vulnerable as the unique hardware and software requirements for scientific experiments may not be well maintained compared to traditional computing environments.

“HPC can store large amounts of sensitive research data, personally identifiable information, and intellectual property that need to be safeguarded,” the document says.

The reference model has been adapted from security techniques used at MIT’s Lincoln Laboratory, which is a Department of Defense funded center. The model breaks HPC systems into four functional zones that can be secured separately. One zone is system access, the other covers CPUs and GPUs, the third covers storage, and the fourth covers software stack and system management tools.

Each of these zones have unique security requirements and need to be secured separately. While the zones aren’t isolated functionality, security calls are limited to the unique needs of each zone, and not across all nodes systemwide.

The “access zone” includes outside users logging into the system, authenticating users and authorizing their access to systems. Beyond sanitizing connections, the zone includes shell or web-based connections to access services and data transfers into the systems.

“The nodes and their software stacks in this zone are susceptible to external attacks, such as denial of service attacks, perimeter network scanning and sniffing, authentication attacks, user session hijacking, and machine-in-the-middle attacks,” the document states.

HPC operators, such as the University of Texas at Austin, use multifactor authentication to authorize users. Attendees at a security workshop at the SC22 trade show last year said that while two-factor authentication is a start, more can be done to protect the access zone.

The “management zone” includes the software side to get tasks done, including the provisioning, scheduling, virtualization, configuration and management of tasks.

“Only administrators with privileged access authorization are allowed to log into the management zone, where a privileged administrator logs into the access zone first and then logs into the management zone. A malicious user may attempt to log into the management zone,” the document said.

MIT has protected the management zone by getting rid of root access, which gave unfettered access to system resources to administrators. Instead, system administrators have root privileges through a shell command called “sudo,” that maintains an audit trail of activities by system administrators.

The access and management zones connect to the two hardware zones, where the computing is carried out.

The “high-performance computing zone” includes the compute nodes that run parallel computations, and the “data storage zone” includes the parallel file systems such as GPFS and Lustre-based PFS that store petabytes or exabytes of data, which are accessed regularly for computations.

“Protecting the confidentiality and integrity of user data is essential for the data storage zone. Data integrity can be compromised by malicious data deletion, corruption, pollution, or false data injection so gaining unauthorized privileged access is a major threat,” the document noted.

The high-performance computing zone could be vulnerable to side-channel attacks or firmware exploits, which have been affecting chips from Intel and AMD lately. Such attacks allow hackers to steal critical information and make changes in the boot layer that allows persistent access to supercomputers.

An annual security report published by Intel last month revealed that it had issued alerts for 30 BIOS and 21 CPU vulnerabilities. The exploits may also harm system performance, the NIST document stated.

The draft document is open for comments through April 7. It was published ahead of the 3rd High-Performance Computing Security Workshop in Rockville, Maryland, on March 15th and 16th, where further discussions on the topic will take place.

* Authors: Yang Guo (NIST), Ramaswamy Chandramouli (NIST), Lowell Wofford (Amazon.com), Rickey Gregg (HPCMP), Gary Key (HPCMP), Antwan Clark (Laboratory for Physical Sciences), Catherine Hinton (Los Alamos National Laboratory), Andrew Prout (MIT Lincoln Laboratory), Albert Reuther (MIT Lincoln Laboratory), Ryan Adamson (Oak Ridge National Laboratory), Aron Warren (Sandia National Laboratories), Purushotham Bangalore (University of Alabama), Erik Deumens (University of Florida), Csilla Farkas (University of South Carolina)

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

Pegasus ‘Big Memory’ Supercomputer Now Deployed at the University of Tsukuba

March 25, 2023

In the bevy of news from Nvidia's GPU Technology Conference this week, another new system has come to light: Pegasus, which entered operations at the University of Tsukuba’s Center for Computational Sciences in January Read more…

EuroHPC Summit: Tackling Exascale, Energy, Industry & Sovereignty

March 24, 2023

As the 2023 EuroHPC Summit opened in Gothenburg on Monday, Herbert Zeisel – chair of EuroHPC’s Governing Board – commented that the undertaking had “left its teenage years behind.” Indeed, a sense of general ma Read more…

Is Fortran the Best Programming Language? Asking ChatGPT

March 23, 2023

I recently wrote about my experience with interviewing ChatGPT here. As promised, in this follow-on and conclusion of my interview, I focus on Fortran and other languages. All in good fun. I hope you enjoy the conclusion of my interview. After my programming language questions, I conclude with a few notes... Read more…

Nvidia Doubling Down on China Market in the Face of Tightened US Export Controls

March 23, 2023

Chipmakers are tightlipped on China activities following a U.S. crackdown on hardware exports to the country. But Nvidia remains unfazed, and is doubling down on China being an important country for its computing hardwar Read more…

Intel’s Sapphire Rapids Comes to Australia’s Gadi Supercomputer

March 22, 2023

Until the launch of Pawsey’s Setonix system last year, NCI’s Gadi system – launched in 2020 – was Australia’s most powerful publicly ranked supercomputer. Now, the system has received a major boost powered by I Read more…

AWS Solution Channel

Shutterstock_2206622211

Install optimized software with Spack configs for AWS ParallelCluster

With AWS ParallelCluster, you can choose a computing architecture that best matches your HPC application. But, HPC applications are complex. That means they can be challenging to get working well. Read more…

 

Get the latest on AI innovation at NVIDIA GTC

Join Microsoft at NVIDIA GTC, a free online global technology conference, March 20 – 23 to learn how organizations of any size can power AI innovation with purpose-built cloud infrastructure from Microsoft. Read more…

Nvidia Announces BlueField-3 GA, Oracle Cloud Is Early User

March 21, 2023

Nvidia today announced general availability for its BlueField-3 data processing unit (DPU) along with impressive early deployments including Oracle Cloud Infrastructure. First described in 2021 and now being delivered, B Read more…

Pegasus ‘Big Memory’ Supercomputer Now Deployed at the University of Tsukuba

March 25, 2023

In the bevy of news from Nvidia's GPU Technology Conference this week, another new system has come to light: Pegasus, which entered operations at the University Read more…

EuroHPC Summit: Tackling Exascale, Energy, Industry & Sovereignty

March 24, 2023

As the 2023 EuroHPC Summit opened in Gothenburg on Monday, Herbert Zeisel – chair of EuroHPC’s Governing Board – commented that the undertaking had “lef Read more…

Nvidia Doubling Down on China Market in the Face of Tightened US Export Controls

March 23, 2023

Chipmakers are tightlipped on China activities following a U.S. crackdown on hardware exports to the country. But Nvidia remains unfazed, and is doubling down o Read more…

Nvidia Announces BlueField-3 GA, Oracle Cloud Is Early User

March 21, 2023

Nvidia today announced general availability for its BlueField-3 data processing unit (DPU) along with impressive early deployments including Oracle Cloud Infras Read more…

Nvidia Announces ‘Tokyo-1’ Generative AI Supercomputer Amid Gradual H100 Rollout

March 21, 2023

Nvidia’s Hopper-generation H100 GPU is continuing its slow march toward “current-generation.” After Nvidia announced that the H100 was in “full producti Read more…

DGX Cloud Is Here: Nvidia’s AI Factory Services Start at $37,000

March 21, 2023

If you are a die-hard Nvidia loyalist, be ready to pay a fortune to use its AI factories in the cloud. Renting the GPU company's DGX Cloud, which is an all-inclusive AI supercomputer in the cloud, starts at $36,999 per instance for a month. The rental includes access to a cloud computer with eight Nvidia H100 or A100 GPUs and 640GB... Read more…

Quantum Bits: IBM-Cleveland Clinic Launch; D-Wave Adds Solver; DOE/AWS Offer QICK

March 20, 2023

IBM today launched the first installation of an IBM Quantum System One at a collaborator site in the U.S. – this one is at the Cleveland Clinic where IBM’s Read more…

SCA23: Pawsey’s Mark Stickells on Sustainable Australian Supercomputing

March 17, 2023

“While the need for supercomputing is great, we have, in my view, reached a tipping point,” said Mark Stickells, executive director of Australia’s Pawsey Read more…

CORNELL I-WAY DEMONSTRATION PITS PARASITE AGAINST VICTIM

October 6, 1995

Ithaca, NY --Visitors to this year's Supercomputing '95 (SC'95) conference will witness a life-and-death struggle between parasite and victim, using virtual Read more…

SGI POWERS VIRTUAL OPERATING ROOM USED IN SURGEON TRAINING

October 6, 1995

Surgery simulations to date have largely been created through the development of dedicated applications requiring considerable programming and computer graphi Read more…

U.S. Will Relax Export Restrictions on Supercomputers

October 6, 1995

New York, NY -- U.S. President Bill Clinton has announced that he will definitely relax restrictions on exports of high-performance computers, giving a boost Read more…

Dutch HPC Center Will Have 20 GFlop, 76-Node SP2 Online by 1996

October 6, 1995

Amsterdam, the Netherlands -- SARA, (Stichting Academisch Rekencentrum Amsterdam), Academic Computing Services of Amsterdam recently announced that it has pur Read more…

Cray Delivers J916 Compact Supercomputer to Solvay Chemical

October 6, 1995

Eagan, Minn. -- Cray Research Inc. has delivered a Cray J916 low-cost compact supercomputer and Cray's UniChem client/server computational chemistry software Read more…

NEC Laboratory Reviews First Year of Cooperative Projects

October 6, 1995

Sankt Augustin, Germany -- NEC C&C (Computers and Communication) Research Laboratory at the GMD Technopark has wrapped up its first year of operation. Read more…

Sun and Sybase Say SQL Server 11 Benchmarks at 4544.60 tpmC

October 6, 1995

Mountain View, Calif. -- Sun Microsystems, Inc. and Sybase, Inc. recently announced the first benchmark results for SQL Server 11. The result represents a n Read more…

New Study Says Parallel Processing Market Will Reach $14B in 1999

October 6, 1995

Mountain View, Calif. -- A study by the Palo Alto Management Group (PAMG) indicates the market for parallel processing systems will increase at more than 4 Read more…

Leading Solution Providers

Contributors

CORNELL I-WAY DEMONSTRATION PITS PARASITE AGAINST VICTIM

October 6, 1995

Ithaca, NY --Visitors to this year's Supercomputing '95 (SC'95) conference will witness a life-and-death struggle between parasite and victim, using virtual Read more…

SGI POWERS VIRTUAL OPERATING ROOM USED IN SURGEON TRAINING

October 6, 1995

Surgery simulations to date have largely been created through the development of dedicated applications requiring considerable programming and computer graphi Read more…

U.S. Will Relax Export Restrictions on Supercomputers

October 6, 1995

New York, NY -- U.S. President Bill Clinton has announced that he will definitely relax restrictions on exports of high-performance computers, giving a boost Read more…

Dutch HPC Center Will Have 20 GFlop, 76-Node SP2 Online by 1996

October 6, 1995

Amsterdam, the Netherlands -- SARA, (Stichting Academisch Rekencentrum Amsterdam), Academic Computing Services of Amsterdam recently announced that it has pur Read more…

Cray Delivers J916 Compact Supercomputer to Solvay Chemical

October 6, 1995

Eagan, Minn. -- Cray Research Inc. has delivered a Cray J916 low-cost compact supercomputer and Cray's UniChem client/server computational chemistry software Read more…

NEC Laboratory Reviews First Year of Cooperative Projects

October 6, 1995

Sankt Augustin, Germany -- NEC C&C (Computers and Communication) Research Laboratory at the GMD Technopark has wrapped up its first year of operation. Read more…

Sun and Sybase Say SQL Server 11 Benchmarks at 4544.60 tpmC

October 6, 1995

Mountain View, Calif. -- Sun Microsystems, Inc. and Sybase, Inc. recently announced the first benchmark results for SQL Server 11. The result represents a n Read more…

New Study Says Parallel Processing Market Will Reach $14B in 1999

October 6, 1995

Mountain View, Calif. -- A study by the Palo Alto Management Group (PAMG) indicates the market for parallel processing systems will increase at more than 4 Read more…

SC22 Booth Videos

AMD @ SC22
Altair @ SC22
AWS @ SC22
Ayar Labs @ SC22
CoolIT @ SC22
Cornelis Networks @ SC22
DDN @ SC22
Dell Technologies @ SC22
HPE @ SC22
Intel @ SC22
Intelligent Light @ SC22
Lancium @ SC22
Lenovo @ SC22
Microsoft and NVIDIA @ SC22
One Stop Systems @ SC22
Penguin Solutions @ SC22
QCT @ SC22
Supermicro @ SC22
Tuxera @ SC22
Tyan Computer @ SC22
  • arrow
  • Click Here for More Headlines
  • arrow
HPCwire