Breaking the barriers: high performance security for high performance computing

This paper attempts to reconcile the high performance community's requirement of high performance with the need for security, and reconcile some accepted security approaches with the performance constraints of high-performance networks. We propose a new paradigm and challenge existing practice. The new paradigm is that not all domains need longterm forward data confidentiality. In particular, we take a fresh look at security for the high-performance domain, focusing particularly on component-based applications. We discuss the security and performance requirements of this domain in order to elucidate both the constraints and opportunities. We challenge the existing practice of high-performance networks sending communication in plaintext. We propose a security mechanism and provide metrics for analyzing both the security and performance costs.

[1]  Brian N. Bershad,et al.  Lightweight remote procedure call , 1989, TOCS.

[2]  C. R. Rao Generation of random permutations of given number of elements using random sampling numbers , 1961 .

[3]  Andrew S. Grimshaw,et al.  A Flexible Security System for Metacomputing Environments , 1999, HPCN Europe.

[4]  Donald E. Knuth The Art of Computer Programming 2 / Seminumerical Algorithms , 1971 .

[5]  Martin Sandelius,et al.  A Simple Randomization Procedure , 1962 .

[6]  Joseph Pasquale,et al.  Measurement, Analysis, and Improvement of UDP/IP Throughput for the DECstation 5000 , 1993, USENIX Winter.

[7]  Jason Maassen,et al.  An efficient implementation of Java's remote method invocation , 1999, PPoPP '99.

[8]  Steven Tuecke,et al.  Grid Service Specification , 2002 .

[9]  H. Bal,et al.  Efficient Remote Method Invocation , 1998 .

[10]  Donald E. Knuth,et al.  The art of computer programming. Vol.2: Seminumerical algorithms , 1981 .

[11]  Donald Ervin Knuth,et al.  The Art of Computer Programming , 1968 .

[12]  David D. Clark,et al.  An analysis of TCP processing overhead , 1988, IEEE Communications Magazine.

[13]  Terry Ritter,et al.  Substitution Cipher with Pseudo-Random Shuffling: the Dynamic Substitution Combiner , 1990, Cryptologia.

[14]  Ian T. Foster,et al.  Secure, Efficient Data Transport and Replica Management for High-Performance Data-Intensive Computing , 2001, 2001 Eighteenth IEEE Symposium on Mass Storage Systems and Technologies.

[15]  David Clark,et al.  An analysis of TCP processing overhead , 1989 .

[16]  N. J. A. Sloane,et al.  Encrypting by Random Rotations , 1982, EUROCRYPT.

[17]  Brenda Timmerman,et al.  A security model for dynamic adaptive traffic masking , 1998, NSPW '97.

[18]  Steven Tuecke,et al.  Managing security in high‐performance distributed computations , 1998, Cluster Computing.