{"title":"在高性能结构上隔离作业以提高安全性","authors":"Matthieu Perotin, Tom Cornebize","doi":"10.1109/HiPINEB.2017.13","DOIUrl":null,"url":null,"abstract":"The various pieces of equipment in super-computers are shared between jobs, that belong to different users. This situation raises security concerns. Jobs must not be able to conduct denial of service attacks targeting other jobs (voluntarily or accidentally). Moreover, job isolation must be guaranteed: unauthorized communication between two different jobs should not be allowed. However, high-performance interconnects are designed with performance as their main objective, and bypass the OS and its security models. In this paper, we show that by acting at the routing table level, it is possible to enforce job isolation without impacting job performance. Moreover, the isolation process can be dynamic, quick to set-up, with algorithms that are both independent from the routing algorithms and the interconnect topology.","PeriodicalId":426494,"journal":{"name":"2017 IEEE 3rd International Workshop on High-Performance Interconnection Networks in the Exascale and Big-Data Era (HiPINEB)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Isolating Jobs for Security on High-Performance Fabrics\",\"authors\":\"Matthieu Perotin, Tom Cornebize\",\"doi\":\"10.1109/HiPINEB.2017.13\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The various pieces of equipment in super-computers are shared between jobs, that belong to different users. This situation raises security concerns. Jobs must not be able to conduct denial of service attacks targeting other jobs (voluntarily or accidentally). Moreover, job isolation must be guaranteed: unauthorized communication between two different jobs should not be allowed. However, high-performance interconnects are designed with performance as their main objective, and bypass the OS and its security models. In this paper, we show that by acting at the routing table level, it is possible to enforce job isolation without impacting job performance. Moreover, the isolation process can be dynamic, quick to set-up, with algorithms that are both independent from the routing algorithms and the interconnect topology.\",\"PeriodicalId\":426494,\"journal\":{\"name\":\"2017 IEEE 3rd International Workshop on High-Performance Interconnection Networks in the Exascale and Big-Data Era (HiPINEB)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-02-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE 3rd International Workshop on High-Performance Interconnection Networks in the Exascale and Big-Data Era (HiPINEB)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/HiPINEB.2017.13\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE 3rd International Workshop on High-Performance Interconnection Networks in the Exascale and Big-Data Era (HiPINEB)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HiPINEB.2017.13","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Isolating Jobs for Security on High-Performance Fabrics
The various pieces of equipment in super-computers are shared between jobs, that belong to different users. This situation raises security concerns. Jobs must not be able to conduct denial of service attacks targeting other jobs (voluntarily or accidentally). Moreover, job isolation must be guaranteed: unauthorized communication between two different jobs should not be allowed. However, high-performance interconnects are designed with performance as their main objective, and bypass the OS and its security models. In this paper, we show that by acting at the routing table level, it is possible to enforce job isolation without impacting job performance. Moreover, the isolation process can be dynamic, quick to set-up, with algorithms that are both independent from the routing algorithms and the interconnect topology.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
