hpc-ch forum on HPC Security

Thursday 4 May 2023, 09:30 → 17:15 Europe/Zurich

Seminarraum U1.191 (Biozentrum, University of Basel)

Jani Heikkinen (University of Basel), Martin Jacquot (University of Basel), Michele De Lorenzi (CSCS)

Description 
Traditionally, HPC has focused on providing scientists easy access to computing and storage capacity to perform their research. Therefore, HPC systems were accessible from anywhere, including the Internet. In contrast, the recent trend of hackers targeting educational institutions has made securing HPC infrastructures increasingly critical. As a real-life example, we highlight the incident in which several super-computing institutions across Europe were hacked, including the University of Basel, leading to a temporary discontinuity of services. Securing HPC has proven difficult to achieve, given the infrastructure heterogeneity. Processing sensitive data and the increasing amount of data add another layer of requirements to security. 

In this forum, we want to explore specific security challenges for the HPC community and potential solutions.

Key Questions

• What are specific challenges for securing HPC environments? 
• What is the scope of HPC security?
• How to design secure architecture for HPC systems?
• Which security standards to choose?
• How to deal with sensitive data in HPC?
• How to manage security vulnerabilities, security alerts, monitoring and logging?
• How to respond and recover from security intrusions?
• What lessons can be learned after an incident?
• How to increase security awareness for users and the administrators?

Format

The room capacity is limited therefore we invite you to register at your earliest convenience. Online participation is also possible. Information on how to follow the livestreaming event will be provided to registered attendees.

 

09:30 Welcome Coffee & Registration

1 Welcome and Introduction

Speakers: Jani Heikkinen (University of Basel), Martin Jacquot (University of Basel), Michele De Lorenzi (CSCS)

Biozentrum_1.jpg

Biozentrum_2.jpg

Welcome_1.jpg

Welcome_2.jpg

Welcome_3.jpg

2 Security in sciCORE

How security, including incident handling, user awareness training, operating systems security and disaster recovery planning, is managed at sciCORE. Historical view of the evolution of security at sciCORE and limitations of HPC environment for security measures.

Speaker: Jani Heikkinen (University of Basel)

Jani Heikkinen_Presentation.pdf

Picture.jpg

3 Security in sciCOREmed

sciCOREmed is a secure research platform offering a powerful computing environment in which users can transfer, store, manage, and analyze sensitive data. It is also one of the three BioMedIT nodes which form a shared security zone for Swiss researchers to safely access sensitive research data from hospitals and other research organizations. Since security is a core element of the sciCOREmed platform, we take the security-by-design approach.

In this talk, Sudershan will introduce the security architecture of sciCOREmed and present how the critical security controls are implemented to ensure the security of the sensitive data entrusted to sciCOREmed.

Speaker: Sudershan Lakshmanan (University of Basel)

hpc-ch-sciCOREmed-Security.pdf

Picture_.jpg

4 HPC without the Internet - an Air Gapped Environment for Sensitive Data

The University of Lausanne has significant research interests involving biomedical and other types of sensitive data which need to be adequately protected. We describe the new university cluster for treating such data and explain how we try to make it as usable as possible for researchers and administrators.

Speaker: Ewan Roche (University of Lausanne)

Ewan Roche_hpcch_unil.pdf

Picture.jpg

5 Security and Infrastructure in the LUCID Project: A National Registry of Quality of Care in Swiss University Hospitals

The Centre Hospitalier Universitaire Vaudois (CHUV) and the Swiss Data Science Center (SDSC) have joined forces to implement the LUCID national data stream on the quality of care in Swiss university hospitals. LUCID aims to provide a secure national patient data registry designed to monitor and improve the quality of care. We will present the security and infrastructure considerations underpinning LUCID’s design, including containerized software to orchestrate tasks in an isolated environment. Our system relies on the BioMedIT platform to ensure maximal privacy and security and the SPHN framework to deliver FAIR data for operational and research purposes. In addition, we are currently working on enhancing the LUCID system with traceability and resource access governance by implementing the Swiss Data Custodian. By sharing our experience with building and deploying LUCID, we hope to inspire others to develop and adopt similarly secure and efficient solutions.

Speakers: Cyril Matthey-Doret (SDSC), Martin Fontanet (SDSC)

Picture_SDSC.jpg

SDSC_Presentation.pdf

12:15 Lunch and Networking

6 Guided Tour - Alex Schier Lab

IMPORTANT INFORMATION:

The visit to Alex Schier's lab will take us through the fish laboratory, where there are over 15'000 fish.

For the well-being of the fish, we have to respect the following rules:
- Visitors must not have visited other animal rooms on the same day.
- It is not allowed to touch any material or equipment.
- Visitors must step on a disinfectant shoe mat when accessing the facility.
- Wearing a mask may be required (we will provide a mask for each participant).

---

The research focuses on two areas: Vertebrate Development and Behavior.

The lab uses zebrafish as a model system because genetic, genomic and imaging approaches can be combined to study complex behaviours and developmental processes in a vertebrate.

The lab is also committed to training the next generation of leaders in biomedical research. More details can be found on this page: https://schierlab.biozentrum.unibas.ch/

Lab_Alex Schier.jpg

7 Guided Tour - Nano Imaging Lab

The Nano Imaging Lab (NI Lab) has various scanning electron microscopes (SEM), transmission electron microscopes (TEM), and atomic force microscopes (AFM). It is also equipped with focused ion beam technology and confocal microscopes and can perform various spectroscopic analyses. More details can be found on this page: https://nanoscience.unibas.ch/en/services/nano-imaging-lab/

Lab_1.jpg

Lab_2.jpg

Lab_3.jpg

8 Leverage Apache Pulsar to process Security Relevant Data at Scale

How we use the features of the Apache Pulsar platform at SWITCH to stream and process data at scale. A quick peek at our security use-cases for data streaming and processing to enable alerting and sharing of security relevant information.

Speaker: Benjamin Pereto (SWITCH)

9 Experiments with eBPF for Security

In this presentation, we will discuss our experiments using eBPF to mimic some of the SELinux features and introduce additional observability to our systems.

Speaker: Victor Holanda (CSCS)

Experiments_with_eBPF_for_Security_to_raluca.pdf

Picture_Victor Holanda Rusu.jpg

10 Community Development

The session will be dedicated to the selection of topics of interest, themes and locations for future forums.

Community Development.jpg

11 Farewell and End of the Meeting

Coffee Break_1.jpg

Coffee Break_2.jpg