Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SC21: Addressing Cybersecurity Standards / Policies in HPC Environments

Ian Lee
November 17, 2021
Technology
0
22

SC21: Addressing Cybersecurity Standards / Policies in HPC Environments

Applying security standards, configurations and policies originally designed for servers or workstations to something as functionally different as a supercomputing cluster can be a frustrating task. With rigorous interpretation, such efforts often present obstacles to approving a “functional” system, typically paint an inaccurate picture of the actual security posture of a given cluster, and always seem to involve large-scale exceptions to address misapplication. This meeting will consist of short presentations from three Department of Energy HPC centers; each one representing a unique perspective on methods used to meet a set of cybersecurity requirements in order to deliver mission critical systems.

Ian Lee

November 17, 2021
Tweet

More Decks by Ian Lee

See All by Ian Lee
Keeping It All Safe: LLNL HPC Security Architecture
ianlee1521
0
11
Development of the TOSS 4 STIG
ianlee1521
0
12
You Must Unlearn What You Have Learned
ianlee1521
0
0
Intro to Git for Security Professionals - WWHF WW 2021
ianlee1521
0
84
Releasing Your First (Python) Open Source Project to the Masses!
ianlee1521
0
190
Intro to Git for Security Professionals
ianlee1521
0
340
2020 LLNL Computing Virtual Expo
ianlee1521
0
160
Computing 101 - Software Engineering
ianlee1521
0
170
LLNL Open Source
ianlee1521
0
180

Other Decks in Technology

See All in Technology
Zennを支える Google Cloud の技術
wadayusuke
0
100
売上と開発環境を同時に改善するためにPerl Webアプリケーションをどのようにリプレイスするか
masashi_sutou
0
270
AWS CDKで作るCloudWatch Dashboard
harukasakihara
3
570
TryToUseCloudFlareTunnel_20230317.pdf
kenichirokimura
0
170
マネジメント3.0モデル入門(120分版)
takufujii
11
2.7k
自分のデータは自分で守る - あなたのCI/CDパイプラインをセキュアにする処方箋
jacopen
4
460
“品質”をみんなのものにするために行なっている入社者オンボーディング/Onboarding new members to think about "quality" together
mii3king
0
240
また(CDK界隈の)世界を縮めてしまった
bun913
0
500
AWS Lambda PHPのProduction利用を続ける僕がAWS App Runnerの可能性を探る
seike460
PRO
3
410
関数型で表現するイベントソーシングの実装とその教育
tomohisa
0
180
Autonomous Database Cloud 技術詳細 / adb-s_technical_detail_jp
oracle4engineer
PRO
10
24k
スタートアップだからこそ考えるフロントエンドのテスト戦略
yoshinagaiwnl
4
560

Featured

See All Featured
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
270
12k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
500
130k
A Philosophy of Restraint
colly
193
15k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
349
27k
GraphQLの誤解/rethinking-graphql
sonatard
39
8k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
182
15k
Writing Fast Ruby
sferik
613
58k
The Invisible Side of Design
smashingmag
292
49k
Rails Girls Zürich Keynote
gr2m
87
12k
Streamline your AJAX requests with AmplifyJS and jQuery
dougneiner
128
8.8k
Scaling GitHub
holman
453
140k
For a Future-Friendly Web
brad_frost
166
7.9k

Transcript

  1. LLNL-PRES-829250
    This work was performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory under contract DE-
    AC52-07NA27344. Lawrence Livermore National Security, LLC
    Addressing Cybersecurity Standards / Policies
    in HPC Environments
    SC21: Birds of a Feather
    Ian Lee
    2021-11-17

    View Slide

  2. 2
    LLNL-PRES-829250
    § A common operating system and computing environment for HPC clusters
    — Based on RHEL operating system
    — Modified RHEL Kernel
    § Methodology for building, quality assurance, integration,
    and configuration management
    § Add in customization for HPC specific needs
    — Consistent source and software across architectures: Intel, PowerPC, and ARM
    — High speed interconnect
    — Very large filesystems
    Tri-Lab Operating System Stack (TOSS)

    View Slide

  3. 3
    LLNL-PRES-829250
    § Security requirements often quite prescriptive
    — STIG > CIS Benchmark > Vendor Guideline > generic NIST 800-53 controls
    § Developing a STIG for the TOSS operation system with DISA (Work in Progress!)
    — Largely based on the RHEL 8 STIG, which TOSS 4 is derived from
    — Small tweaks: adjust some DoD specific language to make compatible for other Gov agencies
    — Larger requests: no explicit allow-listing of software on TOSS, being a software development OS
    — HPC specific: RHEL STIG says 10 concurrent sessions for DOS reasons, TOSS STIG proposed 256
    Security Baseline

    View Slide

  4. 4
    LLNL-PRES-829250
    Security Dashboards – Operational and Compliance

    View Slide

  5. Disclaimer
    This document was prepared as an account of work sponsored by an agency of the United States government. Neither the United
    States government nor Lawrence Livermore National Security, LLC, nor any of their employees makes any warranty, expressed or
    implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus,
    product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific
    commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or
    imply its endorsement, recommendation, or favoring by the United States government or Lawrence Livermore National Security, LLC.
    The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States government or
    Lawrence Livermore National Security, LLC, and shall not be used for advertising or product endorsement purposes.
    Thank you!
    Looking forward to the discussion coming up.
    See you at: [email protected]

    View Slide