Architecting, Implementing, and Supporting Multi-Level Security Eco-System in HPC, ISR, Big Data Analysis and Other Environments

A presentation at Supercomputing 2015 // SC15 in in Austin, TX, USA by Shawn Wells

Presenters: Joe Swartz, Joshua Koontz, Sarah Storms (Lockheed Martin Corporation); Nathan Rutman (Seagate Technology LLC), Shawn Wells (Red Hat, Inc.), Chuck White (Semper Fortis Solutions, LLC), Carl Smith (Altair Engineering, Inc.), Enoch Long (Splunk Inc.)

Historically cyber security in HPC has been limited to detecting intrusions rather than designing security from the beginning in a holistic, layered approach to protect the system. SELinux has provided the needed framework to address cyber security issues for a decade, but the lack of an HPC and data analysis eco-system based on SELinux and the perception that the resulting configuration is “hard” to use has prevented SELinux configurations from being widely accepted. This tutorial discusses the eco-system that has been developed and certified, debunk the “hard” perception, and illustrate approaches for both government and commercial applications.

The tutorial includes discussions on: • SELinux architecture and features • Scale-out Lustre Storage • Applications Performance on SELinux (Vectorization and Parallelization) • Big Data Analysis (Accumulo and Hadoop) • Relational Databases • Batch Queuing • Security Functions (Auditing and other Security Administration actions).

The tutorial is based on currently existing, certified and operational SELinux HPC eco-systems and the Department of Energy (DoE) Los Alamos National Labs (LANL) and DoD High Performance Computing Modernization Office (HPCMO) are working through evaluations with the intention of implementing in their systems.