hpc-ch forum on HPC Security

Europe/Zurich
Seminarraum U1.191 (Biozentrum, University of Basel)

Seminarraum U1.191

Biozentrum, University of Basel

Spitalstrasse 41 CH - 4056 Basel https://www.biozentrum.unibas.ch/directions
Jani Heikkinen (University of Basel), Martin Jacquot (University of Basel), Michele De Lorenzi (CSCS)
Description

Description 
Traditionally, HPC has focused on providing scientists easy access to computing and storage capacity to perform their research. Therefore, HPC systems were accessible from anywhere, including the Internet. In contrast, the recent trend of hackers targeting educational institutions has made securing HPC infrastructures increasingly critical. As a real-life example, we highlight the incident in which several super-computing institutions across Europe were hacked, including the University of Basel, leading to a temporary discontinuity of services. Securing HPC has proven difficult to achieve, given the infrastructure heterogeneity. Processing sensitive data and the increasing amount of data add another layer of requirements to security. 

In this forum, we want to explore specific security challenges for the HPC community and potential solutions.

Key Questions

  • What are specific challenges for securing HPC environments? 
  • What is the scope of HPC security?
  • How to design secure architecture for HPC systems?
  • Which security standards to choose?
  • How to deal with sensitive data in HPC?
  • How to manage security vulnerabilities, security alerts, monitoring and logging?
  • How to respond and recover from security intrusions?
  • What lessons can be learned after an incident?
  • How to increase security awareness for users and the administrators?

Format

The room capacity is limited therefore we invite you to register at your earliest convenience. Online participation is also possible. Information on how to follow the livestreaming event will be provided to registered attendees.

 

    • 09:30 10:00
      Welcome Coffee & Registration 30m
    • 10:00 10:15
      Welcome and Introduction 15m
      Speakers: Jani Heikkinen (University of Basel), Martin Jacquot (University of Basel), Michele De Lorenzi (CSCS)
    • 10:15 10:45
      Security in sciCORE 30m

      How security, including incident handling, user awareness training, operating systems security and disaster recovery planning, is managed at sciCORE. Historical view of the evolution of security at sciCORE and limitations of HPC environment for security measures.

      Speaker: Jani Heikkinen (University of Basel)
    • 10:45 11:15
      Security in sciCOREmed 30m

      sciCOREmed is a secure research platform offering a powerful computing environment in which users can transfer, store, manage, and analyze sensitive data. It is also one of the three BioMedIT nodes which form a shared security zone for Swiss researchers to safely access sensitive research data from hospitals and other research organizations. Since security is a core element of the sciCOREmed platform, we take the security-by-design approach.

      In this talk, Sudershan will introduce the security architecture of sciCOREmed and present how the critical security controls are implemented to ensure the security of the sensitive data entrusted to sciCOREmed.

      Speaker: Sudershan Lakshmanan (University of Basel)
    • 11:15 11:45
      HPC without the Internet - an Air Gapped Environment for Sensitive Data 30m

      The University of Lausanne has significant research interests involving biomedical and other types of sensitive data which need to be adequately protected. We describe the new university cluster for treating such data and explain how we try to make it as usable as possible for researchers and administrators.

      Speaker: Ewan Roche (University of Lausanne)
    • 11:45 12:15
      Security and Infrastructure in the LUCID Project: A National Registry of Quality of Care in Swiss University Hospitals 30m

      The Centre Hospitalier Universitaire Vaudois (CHUV) and the Swiss Data Science Center (SDSC) have joined forces to implement the LUCID national data stream on the quality of care in Swiss university hospitals. LUCID aims to provide a secure national patient data registry designed to monitor and improve the quality of care. We will present the security and infrastructure considerations underpinning LUCID’s design, including containerized software to orchestrate tasks in an isolated environment. Our system relies on the BioMedIT platform to ensure maximal privacy and security and the SPHN framework to deliver FAIR data for operational and research purposes. In addition, we are currently working on enhancing the LUCID system with traceability and resource access governance by implementing the Swiss Data Custodian. By sharing our experience with building and deploying LUCID, we hope to inspire others to develop and adopt similarly secure and efficient solutions.

      Speakers: Cyril Matthey-Doret (SDSC), Martin Fontanet (SDSC)
    • 12:15 13:15
      Lunch and Networking 1h
    • 13:15 13:55
      Guided Tour - Alex Schier Lab 40m

      IMPORTANT INFORMATION:

      The visit to Alex Schier's lab will take us through the fish laboratory, where there are over 15'000 fish.

      For the well-being of the fish, we have to respect the following rules:
      - Visitors must not have visited other animal rooms on the same day.
      - It is not allowed to touch any material or equipment.
      - Visitors must step on a disinfectant shoe mat when accessing the facility.
      - Wearing a mask may be required (we will provide a mask for each participant).


      The research focuses on two areas: Vertebrate Development and Behavior.

      The lab uses zebrafish as a model system because genetic, genomic and imaging approaches can be combined to study complex behaviours and developmental processes in a vertebrate.

      The lab is also committed to training the next generation of leaders in biomedical research. More details can be found on this page: https://schierlab.biozentrum.unibas.ch/

    • 13:55 14:35
      Guided Tour - Nano Imaging Lab 40m

      The Nano Imaging Lab (NI Lab) has various scanning electron microscopes (SEM), transmission electron microscopes (TEM), and atomic force microscopes (AFM). It is also equipped with focused ion beam technology and confocal microscopes and can perform various spectroscopic analyses. More details can be found on this page: https://nanoscience.unibas.ch/en/services/nano-imaging-lab/

    • 14:35 15:05
      Leverage Apache Pulsar to process Security Relevant Data at Scale 30m

      How we use the features of the Apache Pulsar platform at SWITCH to stream and process data at scale. A quick peek at our security use-cases for data streaming and processing to enable alerting and sharing of security relevant information.

      Speaker: Benjamin Pereto (SWITCH)
    • 15:05 15:35
      Experiments with eBPF for Security 30m

      In this presentation, we will discuss our experiments using eBPF to mimic some of the SELinux features and introduce additional observability to our systems.

      Speaker: Victor Holanda (CSCS)
    • 15:35 16:05
      Community Development 30m

      The session will be dedicated to the selection of topics of interest, themes and locations for future forums.

    • 16:05 16:20
      Farewell and End of the Meeting 15m