SC17 Denver, CO

P59: Secure Enclaves: An Isolation-Centric Approach for Creating Secure High-Performance Computing Environments

Authors: Ferrol Aderholdt (Oak Ridge National Laboratory), Susan Hicks (Oak Ridge National Laboratory), Thomas Naughton (Oak Ridge National Laboratory), Lawrence Sorrillo (Oak Ridge National Laboratory), Blake Caldwell (University of Colorado, Boulder), James Pogge (Tennessee Technological University), Stephen L. Scott (Tennessee Technological University)

Abstract: High performance computing environments are used for a wide variety of workloads. These systems may process data at various security levels but in so doing are often enclaved at the highest security posture, which may limit usability or performance. The traditional approach used to provide isolation is effective at the creation of secure enclaves, but poses significant challenges with respect to the use of shared infrastructure in HPC environments. We evaluate the use of system-level (i.e., hypervisor-based) and operating system level (i.e., containers) virtualization as well as software defined networking (SDN) as possible mechanisms for secure, isolation-centric enclaves (secure enclaves). We describe our approach to secure HPC enclaves and provide benchmark results for three focus areas (compute, network and data storage) where isolation mechanisms are most significant.
Award: Best Poster Finalist (BP): no

Poster: pdf
Two-page extended abstract: pdf

Poster Index