An overview of security issues in cluster interconnects

Widespread use of cluster systems in diverse set of applications has spurred significant interest in providing high performance cluster interconnects. A major inefficiency in utilizing such interconnects has been the send/receive communication overheads at the sender/receiver hosts. Various techniques such as user-level communication (ULC) have been proposed to mitigate this communication inefficiency. However, due to recent security breaches, focus on cluster communication security research has spurred. Such research is non-trivial due to the high-speed nature of the cluster interconnect. This paper surveys the four most popular cluster interconnects used in Top500 supercomputers and explores possible schemes to ensure secure cluster intra-communication encompassing the host processor, secure coprocessor and the network interface card (NIC) by illustrating its challenges in doing so. We then compare these schemes in terms of host processor offload, end-to-end latency, security transparency and cryptographic processing performance. Then we give an overview of security issues for those cluster interconnects designs

[1]  Dhabaleswar K. Panda,et al.  High performance user level sockets over Gigabit Ethernet , 2002, Proceedings. IEEE International Conference on Cluster Computing.

[2]  Dhabaleswar K. Panda,et al.  EMP: Zero-Copy OS-Bypass NIC-Driven Gigabit Ethernet Message Passing , 2001, ACM/IEEE SC 2001 Conference (SC'01).

[3]  Rossen Dimitrov,et al.  Challenges and New Technologies for Addressing Security in High Performance Distributed Environments , 1998 .

[4]  Mazin S. Yousif,et al.  Security enhancement in InfiniBand architecture , 2005, 19th IEEE International Parallel and Distributed Processing Symposium.

[5]  Scott Pakin,et al.  High Performance Messaging on Workstations: Illinois Fast Messages (FM) for Myrinet , 1995, Proceedings of the IEEE/ACM SC95 Conference.

[6]  Avishai Wool,et al.  A quantitative study of firewall configuration errors , 2004, Computer.

[7]  Brett M. Bode,et al.  Cluster interconnect overview , 2004 .

[8]  Erik Riedel,et al.  A Framework for Evaluating Storage System Security , 2002, FAST.

[9]  Thorsten von Eicken,et al.  ATM and fast Ethernet network interfaces for user-level communication , 1997, Proceedings Third International Symposium on High-Performance Computer Architecture.

[10]  Charles L. Seitz,et al.  Myrinet: A Gigabit-per-Second Local Area Network , 1995, IEEE Micro.

[11]  Kai Li,et al.  Design and implementation of virtual memory-mapped communication on Myrinet , 1997, Proceedings 11th International Parallel Processing Symposium.

[12]  Hiroshi Harada,et al.  High performance communication using a commodity network for cluster systems , 2000, Proceedings the Ninth International Symposium on High-Performance Distributed Computing.

[13]  Hiroshi Harada,et al.  The design and evaluation of high performance communication using a Gigabit Ethernet , 1999, ICS '99.

[14]  Thorsten von Eicken,et al.  U-Net: a user-level network interface for parallel and distributed computing , 1995, SOSP.

[15]  David Mazières Security and decentralized control of the SFS global file system , 1997 .

[16]  Dhabaleswar K. Panda,et al.  Performance characterization of a 10-Gigabit Ethernet TOE , 2005, 13th Symposium on High Performance Interconnects (HOTI'05).

[17]  David Geer Just How Secure Are Security Products? , 2004, Computer.

[18]  Matt Blaze,et al.  A cryptographic file system for UNIX , 1993, CCS '93.

[19]  Seth Copen Goldstein,et al.  Active Messages: A Mechanism for Integrated Communication and Computation , 1992, [1992] Proceedings the 19th Annual International Symposium on Computer Architecture.

[20]  Ricardo Bianchini,et al.  A Survey of Messaging Software Issues and Systems for Myrinet-Based , 1999, Scalable Comput. Pract. Exp..

[21]  Kevin Fu,et al.  Group Sharing and Random Access in Cryptographic Storage File Systems , 1999 .