High-Performance Computing Security Workshop

Summary The goal of this session is to identify important HPC use cases and develop high level workflows. Workshop participants explore use cases that identify HPC user communities in diverse sectors including academic, commercial, public infrastructure, and national security. HPC includes all use cases requested by users who need more capacity, capability, availability, accessibility, and/or performance than they can get from their laptop or desktop/office devices. This includes storing, accessing, sharing data sets with collaborators and using them while “on the road”. It also includes processing and visualizing these data sets with high-performance graphics capabilities, GPU accelerated as needed, without the need to transfer large data sets to or have powerful graphics capabilities on the end stations.

Objectives Provide a list of single-sentence use cases that identify HPC workflows relevant to HPC users.

Breakout Session 2: HPC Architecture: Define HPC System, Identify Baselines(s)

Summary For the use cases and workflows identified in Session 1, the workshop participants will develop one or more notional HPC architecture that fits the use cases. Although we know that HPC architectures are horizontal: One powerful platform with advanced capability and performance to handle a wide variety of projects and activities, the workshop participants will identify all storage, network, and computational components and its inter-networking. Also, identify any security components used in the existing architectures or perhaps the workshop participants may recommend appropriate security components to be inserted in the architecture.

Objectives List architectural elements that are special to HPC and those that are shared with all computing infrastructure. Identify those elements that define a core HPC system as a baseline.

Breakout Session 3: Threats to HPC Systems

Summary Traditional threat detection and analysis methods, such as scanning files for malware, are ineffective within HPC infrastructures due to their complexity and variability across systems. Additionally, intentionally-based threats (e.g. social engineering) are particularly harmful because the overall goals of the user of interest also need to be considered. Given the scenario of use cases posed in the “HPC Use Cases / Workflows Session”, this session will aim to qualify the level of threat to each particular use case via answering the following three questions:

1.) “What threats should we try to manage?”,

2.) “How are they different from or similar to threats to general purpose workstations”,

3.) “What short and long terms impacts does this threat impose?”.

Objectives Provide a prioritized list of threats that we care about in HPC. The results of this session will help to provide a framework for properly itemizing threats and their associated impacts for various HPC applications within academia, industry, and government.

Breakout Session 4: HPC Security Implementations: Impediments and Solutions

Summary This session will explore the HPC security solutions that are relevant and have been implemented and security solutions that are desired and / or required but are not feasible to implement perhaps due to performance issues, may cost too much, or lack of availability of products that meet standards / requirements. The participants will be asked to share their domain expertise, come up with principal pragmatic security strategies that are invariant across scale and determine structure for further discussion and consensus building process.

Objectives Provide a list of criteria to judge solutions to meet certain security goals versus risk, performance, and usability.