You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A secure workflow for the transfer, storing and processing of sensitive data. This is an implementation of ["A Secure Workflow for Shared HPC Systems"](https://ieeexplore.ieee.org/abstract/document/9826008/references#references) at [GWDG]().
5
+
A secure workflow for the transfer, storing and processing of sensitive data. This is an implementation of ["A Secure Workflow for Shared HPC Systems"](https://ieeexplore.ieee.org/abstract/document/9826008/references#references) at [GWDG](https://gwdg.de/).
6
6
7
+
## Note on the Server
8
+
9
+
Due to changes in our server image infrastructure, it is not trivial to easily version the server files to this git repository. Thus, for now, this repository only contains the client files needed to create and submit SecureHPC SLURM jobs.
10
+
11
+
For the last public version containing the server code, see the `serverclient` branch, or the according git tag or github release.
12
+
13
+
If you or your institution has interest in running a more recent verison of SecureHPC, feel free to contact [[email protected]](mailto:[email protected]).
7
14
8
15
## Overview
9
-
This Secure HPC environment enables the processing of sensitive data such as sensitive medical data on shared HPC Systems.
16
+
This SecureHPC environment enables the processing of sensitive data such as sensitive medical data on shared HPC Systems.
10
17
11
18
In a typical user workflow, the user logs in to the frontend and uploads sensitive data. A batch script for processing the data on the compute nodes is run if the user is authorised with a valid `UID`. The processed data is then to be transferred back. This workflow is problematic since it is vulnerable to attacks at several places (for example, if an attacker gains root privileges at the user-end) . The secure workflow ensures security by encrypting data, securing job dependencies in encrypted containers, and using encrypting batch script. Furthermore, a separate Key Server is used for managing keys required for de/encryption.
12
19
@@ -15,7 +22,7 @@ In a typical user workflow, the user logs in to the frontend and uploads sensiti
15
22
In this git repo we have
16
23
* Client: Client-side files. Creation of data containers and keys, encryption of the batch script and exeution(?) on hpc server.
17
24
* Server: Decryption of data and batch file, execution of the batch script, prepating output data container.
18
-
* Tutorial: A tutorial for training users in the Secure HPC workflow. Contains `JobTemplate/` with scripts for implementing client-side secure workflow on a VM.
25
+
* Tutorial: A tutorial for training users in the SecureHPC workflow. Contains `JobTemplate/` with scripts for implementing client-side secure workflow on a VM.
19
26
20
27
### Brief description of the secure workflow
21
28
- A user with `UID` logs into the front end and uploads a [LUKS]()[1] data container.
0 commit comments