does data security rule out high performance
play

Does data security rule out high performance? Adam Huffman - PowerPoint PPT Presentation

Mar 07, 2024 •16 likes •376 views

Does data security rule out high performance? Adam Huffman 2018-02-04 FOSDEM HPC & Big Data Dev Room Adam Huffman 04/02/2018 Agenda The background brains of HPC More ambitious science HPC meets the Real World Data security dj

  1. Does data security rule out high performance? Adam Huffman 2018-02-04 FOSDEM HPC & Big Data Dev Room Adam Huffman 04/02/2018

  2. Agenda The background brains of HPC More ambitious science HPC meets the “Real World” Data security déjà vu Modest Hopes Adam Huffman 04/02/2018

  3. Context New job, hence new Questions …Answers may take longer Some sites have always faced these problems Biomedical focus, specifically in England Adam Huffman 04/02/2018

  4. Context Adam Huffman 04/02/2018

  5. The Big Data Institute (BDI) is a new, interdisciplinary research centre that will focus on the analysis of large, complex, heterogeneous data sets for research into the causes and consequences, prevention and treatment of disease. Research will be conducted in 4 general themes: genomics, population health, infectious disease surveillance, and methodology (including informatics, statistics, and engineering). Big Data methods could transform the scale (breadth, depth and duration) and efficiency (data accumulation, storage, processing and dissemination) of large-scale clinical research. The work of the BDI requires people and projects that span traditional departmental boundaries and scientific disciplines, supported by technical resources to handle the vast quantities of data they generate. Adam Huffman 04/02/2018

  6. Adam Huffman 04/02/2018

  7. The Background Brains of HPC • “Security is for someone else” • “{Molecules,particles} don’t have rights” • “Get out of my way” • “Who’s going to check anyway?” • (there are exceptions…) Adam Huffman 04/02/2018

  8. Adam Huffman 04/02/2018

  9. More ambitious science • Pressure from hyper-scalers • More capable instruments • Working across domains • Pressure from funders Adam Huffman 04/02/2018

  10. More ambitious science https://www.genomicsengland.co.uk/the-100000-genomes-project/ https://allofus.nih.gov/ Adam Huffman 04/02/2018

  11. HPC meets the “Real World” • Electronic Health Records (EHR) • Hospital Episode Statistics (HES) • Prescription Data • https://www.bigdata-heart.eu/ Adam Huffman 04/02/2018

  12. Adam Huffman 04/02/2018

  13. HPC meets the “Real World” • Protected data implies data sharing • Data sharing implies agreements and audits • Clashing requirements? Adam Huffman 04/02/2018

  14. HPC meets the “Real World” Adam Huffman 04/02/2018

  15. HPC meets the “Real World” • Protected data implies data sharing • Data sharing implies agreements and audits • Clashing requirements? • Take care of your reputation… Adam Huffman 04/02/2018

  16. Adam Huffman 04/02/2018

  17. HPC meets the “Real World” • Data sharing agreements and audits “There were three auditors – lead, support and trainee. All were friendly but well informed and looking hard at what we presented. As well as policies, They looked in almost forensic detail at the computer used to download the data, the drive where it was stored and the two machines in the secure computing room where it had been worked on.” - Wulf Forrester-Barker - NDORMS, University of Oxford Adam Huffman 04/02/2018

  18. HPC meets the “Real World” • Data sharing agreements and audits “There were three auditors – lead, support and trainee. All were friendly but well informed and looking hard at what we presented. As well as policies, They looked in almost forensic detail at the computer used to download the data, the drive where it was stored and the two machines in the secure computing room where it had been worked on.” - Wulf Forrester-Barker - NDORMS, University of Oxford Adam Huffman 04/02/2018

  19. HPC meets the “Real World” • Audits on HPC systems conducted by external contractors when processing NIH data • Shift in the burden of proof? – https://deepmind.com/blog/trust-confidence- verifiable-data-audit/ Adam Huffman 04/02/2018

  20. HPC (and Big Data) meets the “Real World” “The ‘wow’ phase of big data appears to be coming to an end, and a more sober understanding of its power is replacing it.” - Dr. Patrick Healy, University of Limerick Adam Huffman 04/02/2018

  21. Big Data Déjà Vu? Can’t we just use simple segregation of systems for this? Cf. traditional air- • gap Affordability • Flexibility • https://www.welivesecurity.com/2014/11/11/sednit-espionage-group-attacking-air-gapped-networks/ Adam Huffman 04/02/2018

  22. OpenStack Clinical Cloud https://www.linkedin.com/pulse/cambridge-university-transforms-medical-imaging-dell-openstack-eric/ Name Surname dd/mm/yyyy

  23. Adam Huffman 04/02/2018

  24. Exactly how anonymous? Process of anonymising data becoming harder? • http://knowledge.freshfields.com/m/Global/r/1640/can_clinical_tria • l_data_be_adequately_anonymised Correlating data sources becoming easier • Can we safely process anonymised data on general purpose clusters? • European Medicines Agency • Data anonymization workshop • http://www.ema.europa.eu/ema/index.jsp?curl=pages/news_a • nd_events/events/2017/10/event_detail_001526.jsp&mid=WC0 b01ac058004d5c3 Adam Huffman 04/02/2018

  25. Immutable Data Security Infrastructure? OpenStack as data centre API Move towards immutable infrastructure Not just virtualisation - Ironic Explicitly encode relationships between networks, users, security policies https://fosdem.org/2018/schedule/event/vai_op enstack_gdpr_compliance/ Adam Huffman 04/02/2018

  26. Big Data Déjà Vu? OpenStack Congress “ open policy framework for the cloud” Monitoring • Proactive enforcement • Reactive enforcement • Adam Huffman 04/02/2018

  27. Part 1 – Error Table Error if any VMs connected to Internet is not using Secure Error Table VM Device SecurityG 1 Congress Default Engine Router 2 Default 1 Port Security Router Table Connected to Internet Table Table UUID Name Network Router Port Device Port 1 Default DHCP 1 Private Router1 2 Secure VM1 2 Router1 3

  28. Part 2 – Error Table Error if any VMs connected to Internet is not using Secure Error Table VM Device SecurityG 1 Congress Secure Engine Router Empty 1 Port Security Router Table Connected to Internet Table Table UUID Name Network Router Port Device Port 1 Default DHCP 1 Private Router1 2 Secure VM1 2 Router1 3

  29. Big Data Déjà Vu? OpenStack Congress Isn’t this just what we do anyway? • Things go wrong, and that’s why we still have jobs • Audit and proactive enforcement • Delegate some admin rights to users, mistakes happen • Effectively forces creation of documentation, essential for audit • Adam Huffman 04/02/2018

  30. Big Data Déjà Vu? Containers help security? https://github.com/coreos/clair Build on work on security in the container world “ static analysis of vulnerabilities in application containers” https://github.com/cilium/cilium Extend this to check for data privacy “ API-aware Networking and Security for compliance? Containers based on BPF” Adam Huffman 04/02/2018

  31. Adam Huffman 04/02/2018

  32. Big Data Déjà Vu? “The Cloud” We need to find answers that work on infrastructures that we don’t control e.g. public clouds, owing to pressure to use them from funders Can we have fast enough encryption, possibly via AVX512, to use it ubiquitously? Adam Huffman 04/02/2018

  33. Big Data Déjà Vu? Hardware aspects of “The Cloud” Meltdown/Spectre, VMs particularly badly affected AMD Secure Encrypted Virtualization https://developer.amd.com/amd-secure-memory-encryption-sme-amd- secure-encrypted-virtualization-sev/ “Secure Encrypted Virtualization is Unsecure” https://arxiv.org/pdf/1712.05090.pdf Adam Huffman 04/02/2018

  34. Modest Hopes, and a New Realism Or, conclusions Data security needs to be considered at the system design stage • The HPC community needs to engage much more widely • … and expect to be challenged , rather than left alone in the office with • no windows Job time = computing time + I/O time + data transfer time + • anonymization time + data security negotiation time… Adam Huffman 04/02/2018

  35. Image credits http://spsswizard.com/assumptions-spss/ https://www.allmusic.com/album/things-have-changed-mw0002540390 https://blog.volkovlaw.com/2015/08/calculating-the-incalculable-reputational-damage-part-i-of-iii/ https://www.welivesecurity.com/2014/11/11/sednit-espionage-group-attacking-air-gapped-networks/ https://www.silicon.fr/shadow-cloud-menace-opportunite-les-dsi-97072.html https://xkcd.com/668/ OpenStack Congress presentation from the Vancouver Summit Adam Huffman 04/02/2018

  36. Thank You adam.huffman@bdi.ox.ac.uk @adamhuffman Adam Huffman 04/02/2018

Recommend

Reconciling Performance and Security in High Load Environments Ignat Korchagin @ignatkn $

Reconciling Performance and Security in High Load Environments Ignat Korchagin @ignatkn $

Reconciling Performance and Security in High Load Environments Ignat Korchagin @ignatkn $ whoami Performance and security at Cloudflare Passionate about security and crypto Enjoy low level programming @ignatkn Performance vs

1.45k views • 133 slides
Introduction to the Security Area (the one area to rule them all) Alexey Melnikov & Sean

Introduction to the Security Area (the one area to rule them all) Alexey Melnikov & Sean

Introduction to the Security Area (the one area to rule them all) Alexey Melnikov & Sean Turner 2014-11-09 Purpose Provide a high level overview of the Security Area: Why you want security services and what they are What are

563 views • 33 slides
Getting the Performance Out Of Getting the Performance Out Of High Performance Computing High

Getting the Performance Out Of Getting the Performance Out Of High Performance Computing High

Getting the Performance Out Of Getting the Performance Out Of High Performance Computing High Performance Computing Jack Dongarra I nnovative Computing Lab University of Tennessee and Computer Science and Math Division Oak Ridge Nat ional

380 views • 13 slides
Parallel Data Migration Between GPFS Filesystems via the iRODS Rule Engine Ilari Korhonen, PDC

Parallel Data Migration Between GPFS Filesystems via the iRODS Rule Engine Ilari Korhonen, PDC

Parallel Data Migration Between GPFS Filesystems via the iRODS Rule Engine Ilari Korhonen, PDC Center for High Performance Computing The 12th Annual iRODS Users Group Meeting June 9th 2020, The Internet Background PDC is a HPC center based

236 views • 19 slides
Scalable Data Services with mongoDB High Performance High Availability for... Managers

Scalable Data Services with mongoDB High Performance High Availability for... Managers

Scalable Data Services with mongoDB High Performance High Availability for... Managers Architects Developers (Web) Admins Data ... http://www.flickr.com/photos/annarbor/4350618884/in/set- 72157623414542180/ Data Services ... services

607 views • 50 slides
as the Basis of a High- Performance Data Store William J. Bolosky , Dexter Bradshaw, Randolph B.

as the Basis of a High- Performance Data Store William J. Bolosky , Dexter Bradshaw, Randolph B.

Paxos Replicated State Machines as the Basis of a High- Performance Data Store William J. Bolosky , Dexter Bradshaw, Randolph B. Haagens, Norbert P. Kusters and Peng Li March 30, 2011 Q: How to build a fault-tolerant, high-performance data

531 views • 27 slides
Twister2: A High-Performance Big Data Programming Environment HPBDC 2018: The 4th IEEE

Twister2: A High-Performance Big Data Programming Environment HPBDC 2018: The 4th IEEE

Twister2: A High-Performance Big Data Programming Environment HPBDC 2018: The 4th IEEE International Workshop on High-Performance Big Data, Deep Learning, and Cloud Computing Geoffrey Fox, May 21, 2018 Judy Qiu, Supun Kamburugamuve Department

762 views • 54 slides
High performance data processing with Halide Roel Jordans High performance computjng 2

High performance data processing with Halide Roel Jordans High performance computjng 2

High performance data processing with Halide Roel Jordans High performance computjng 2 Architecture Trends 3 Processing platgorm architectures Increasing latency / energy CPU CPU GPU Cache Cache Cache Cache Local memory Memory 4

841 views • 28 slides
High Performance Computing and Which Big Data? Chaitan Baru, Associate Director, Data

High Performance Computing and Which Big Data? Chaitan Baru, Associate Director, Data

High Performance Computing and Which Big Data? Chaitan Baru, Associate Director, Data Initiatives, SDSC (currently on assignment at National Science Foundation) Overview of Presentation Background What we benchmark Which big data

605 views • 24 slides
Sparse Grid Regression for Performance Prediction Using High-Dimensional Run Time Data Slide 1

Sparse Grid Regression for Performance Prediction Using High-Dimensional Run Time Data Slide 1

Chair for High-Performance Computing Philipp Neumann Sparse Grid Regression for Performance Prediction Using High-Dimensional Run Time Data Slide 1 Euro-Par 2019: P. Neumann Outline Performance Analysis and Higher Dimensions Sparse

577 views • 22 slides
Fruit and Vegetable Streamlining Rule Establishing a Performance Standard for Authorizing the

Fruit and Vegetable Streamlining Rule Establishing a Performance Standard for Authorizing the

Fruit and Vegetable Streamlining Rule Establishing a Performance Standard for Authorizing the Importation and Interstate Movement of Fruits and Vegetables (7 CFR 318 and 319) What does this rule do This rule will enable APHIS to use the

326 views • 15 slides
Performance of HPC Middleware over Infiniband WAN Designing Efficient FTP Mechanisms for High

Performance of HPC Middleware over Infiniband WAN Designing Efficient FTP Mechanisms for High

Performance of HPC Middleware over Infiniband WAN Designing Efficient FTP Mechanisms for High Performance Data Transfer over Infiniband High Performance Data Transfer in Grid Environment Using GridFTP over Infiniband Presented by: Ashish

655 views • 32 slides
One Exploit to Rule them All? On the Security of Drop-in Replacement and Counterfeit

One Exploit to Rule them All? On the Security of Drop-in Replacement and Counterfeit

Johannes Obermaier, Marc Schink, Kosma Moczek August 11, 2020 One Exploit to Rule them All? On the Security of Drop-in Replacement and Counterfeit Microcontrollers Outline - Research Scope - Optical Die Inspection - Security Concept -

936 views • 58 slides
Company Introduction Improving the security and performance of your data centres, networks and

Company Introduction Improving the security and performance of your data centres, networks and

SOLUTIONS & SUPPORT PROFESSIONAL & MANAGED SERVICES Company Introduction Improving the security and performance of your data centres, networks and applications Network Data Cyber Application Network Test www.phoenixdatacom.com

476 views • 10 slides
High-performance FLOSS tooling for DPA Ilya Kizhvatov Digital Security group Joint work with

High-performance FLOSS tooling for DPA Ilya Kizhvatov Digital Security group Joint work with

High-performance FLOSS tooling for DPA Ilya Kizhvatov Digital Security group Joint work with Cees-Bart Breunesse (Riscure North America) CRYPTACUS workshop, Nijmegen, 2017-11-17 Main points In many applications, attack time and not the

386 views • 10 slides
Big Bang, Big Data, Big Iron: High Performance Computing for Cosmic Microwave Background Data

Big Bang, Big Data, Big Iron: High Performance Computing for Cosmic Microwave Background Data

Big Bang, Big Data, Big Iron: High Performance Computing for Cosmic Microwave Background Data Analysis Julian Borrill Computational Cosmology Center, Berkeley Lab Space Sciences Laboratory, UC Berkeley with BOOMERanG, MAXIMA, Planck,

706 views • 39 slides
HPC & BD Services @ Uni.lu Building up High Performance Computing & Big Data Competence

HPC & BD Services @ Uni.lu Building up High Performance Computing & Big Data Competence

HPC & BD Services @ Uni.lu Building up High Performance Computing & Big Data Competence Center to support national priorities Dr. Sbastien Varrette International Supercomputing Conference (ISC18) 2nd Workshop on HPC Collaboration

770 views • 27 slides
Building Rich, High Performance Tools for Prac7cal Data

Building Rich, High Performance Tools for Prac7cal Data

Building Rich, High Performance Tools for Prac7cal Data Analysis Wes McKinney @wesmckinn Lambda Foundry, Inc. Talk Overview Background Goals Key Ingredients Examples My

1.03k views • 56 slides
>>> DAPHNE initial design considerations for the FEB >>> High Performance data

>>> DAPHNE initial design considerations for the FEB >>> High Performance data

>>> DAPHNE initial design considerations for the FEB >>> High Performance data acquisition for ARAPUCAS in Dune experiment Name: Manuel Arroyave and Javier Castao Date: May 29, 2019 [~]$ _ [1/17] >>> Content 1.

333 views • 18 slides
Horus: Fine-Grained Encryption- Based Security for High Performance Petascale Storage Ranjana

Horus: Fine-Grained Encryption- Based Security for High Performance Petascale Storage Ranjana

Horus: Fine-Grained Encryption- Based Security for High Performance Petascale Storage Ranjana Rajendran Ethan L. Miller Darrell D. E. Long Storage Systems Research Center University of California, Santa Cruz Sunday, November 13, 11

532 views • 16 slides
Analysis of High-Throughput Biological Data Part I: Scalable High Performance Algorithms and

Analysis of High-Throughput Biological Data Part I: Scalable High Performance Algorithms and

NZIMA NZIMA Napier Napier 2008 2008 Analysis of High-Throughput Biological Data Part I: Scalable High Performance Algorithms and Implementations Mike Langston Professor Department of Electrical Engineering and Computer Science University

904 views • 73 slides
DEFCon: High-Performance Event Processing with Information Security Matteo Migliavacca, Ioannis

DEFCon: High-Performance Event Processing with Information Security Matteo Migliavacca, Ioannis

DEFCon: High-Performance Event Processing with Information Security Matteo Migliavacca, Ioannis Papagiannis, Peter Pietzuch Imperial College London David M. Eyers, Jean Bacon Cambridge Computer Laboratory Peter R. Pietzuch Brian Shand

494 views • 35 slides
HPE SecureData for Big Data Platform HPE Vertica Big Data Platform HPE Security Data

HPE SecureData for Big Data Platform HPE Vertica Big Data Platform HPE Security Data

HPE SecureData for Big Data Platform HPE Vertica Big Data Platform HPE Security Data Security February 2016 Data Security Impacts Design and Delivery of Big Data Projects Data Security frequently is a leading Role Security Impacts

545 views • 23 slides
High Performance Networking for Wide Area Data Grids Brian L. Tierney (bltierney@lbl.gov) Data

High Performance Networking for Wide Area Data Grids Brian L. Tierney (bltierney@lbl.gov) Data

High Performance Networking for Wide Area Data Grids Brian L. Tierney (bltierney@lbl.gov) Data Intensive Distributed Computing Group Lawrence Berkeley National Laboratory and CERN IT/PDP/TE CERN IT Seminar Overview The Problem

465 views • 27 slides

More recommend