skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: High-Performance Secure Database Access Technologies for HEP Grids

Abstract

The Large Hadron Collider (LHC) at the CERN Laboratory will become the largest scientific instrument in the world when it starts operations in 2007. Large Scale Analysis Computer Systems (computational grids) are required to extract rare signals of new physics from petabytes of LHC detector data. In addition to file-based event data, LHC data processing applications require access to large amounts of data in relational databases: detector conditions, calibrations, etc. U.S. high energy physicists demand efficient performance of grid computing applications in LHC physics research where world-wide remote participation is vital to their success. To empower physicists with data-intensive analysis capabilities a whole hyperinfrastructure of distributed databases cross-cuts a multi-tier hierarchy of computational grids. The crosscutting allows separation of concerns across both the global environment of a federation of computational grids and the local environment of a physicist’s computer used for analysis. Very few efforts are on-going in the area of database and grid integration research. Most of these are outside of the U.S. and rely on traditional approaches to secure database access via an extraneous security layer separate from the database system core, preventing efficient data transfers. Our findings are shared by the Database Access and Integration Services Workingmore » Group of the Global Grid Forum, who states that "Research and development activities relating to the Grid have generally focused on applications where data is stored in files. However, in many scientific and commercial domains, database management systems have a central role in data storage, access, organization, authorization, etc, for numerous applications.” There is a clear opportunity for a technological breakthrough, requiring innovative steps to provide high-performance secure database access technologies for grid computing. We believe that an innovative database architecture where the secure authorization is pushed into the database engine will eliminate inefficient data transfer bottlenecks. Furthermore, traditionally separated database and security layers provide an extra vulnerability, leaving a weak clear-text password authorization as the only protection on the database core systems. Due to the legacy limitations of the systems’ security models, the allowed passwords often can not even comply with the DOE password guideline requirements. We see an opportunity for the tight integration of the secure authorization layer with the database server engine resulting in both improved performance and improved security. Phase I has focused on the development of a proof-of-concept prototype using Argonne National Laboratory’s (ANL) Argonne Tandem-Linac Accelerator System (ATLAS) project as a test scenario. By developing a grid-security enabled version of the ATLAS project’s current relation database solution, MySQL, PIOCON Technologies aims to offer a more efficient solution to secure database access.« less

Authors:
;
Publication Date:
Research Org.:
PIOCON Technologies, Inc.
Sponsoring Org.:
USDOE
OSTI Identifier:
937423
Report Number(s):
DOE/ER/84369
TRN: US0903200
DOE Contract Number:
FG02-05ER84369
Resource Type:
Technical Report
Country of Publication:
United States
Language:
English
Subject:
29 ENERGY PLANNING, POLICY, AND ECONOMY; ACCELERATORS; ANL; ARCHITECTURE; CERN; COMPUTERS; DATA PROCESSING; ENGINES; HADRONS; MANAGEMENT; PERFORMANCE; PHYSICS; RECOMMENDATIONS; SECURITY; STORAGE; VULNERABILITY; Database, Grid, Security, High-Performance, Scalable, Access, Virtual Machine, Edge Services, Aspect Oriented

Citation Formats

Matthew Vranicar, and John Weicher. High-Performance Secure Database Access Technologies for HEP Grids. United States: N. p., 2006. Web. doi:10.2172/937423.
Matthew Vranicar, & John Weicher. High-Performance Secure Database Access Technologies for HEP Grids. United States. doi:10.2172/937423.
Matthew Vranicar, and John Weicher. Mon . "High-Performance Secure Database Access Technologies for HEP Grids". United States. doi:10.2172/937423. https://www.osti.gov/servlets/purl/937423.
@article{osti_937423,
title = {High-Performance Secure Database Access Technologies for HEP Grids},
author = {Matthew Vranicar and John Weicher},
abstractNote = {The Large Hadron Collider (LHC) at the CERN Laboratory will become the largest scientific instrument in the world when it starts operations in 2007. Large Scale Analysis Computer Systems (computational grids) are required to extract rare signals of new physics from petabytes of LHC detector data. In addition to file-based event data, LHC data processing applications require access to large amounts of data in relational databases: detector conditions, calibrations, etc. U.S. high energy physicists demand efficient performance of grid computing applications in LHC physics research where world-wide remote participation is vital to their success. To empower physicists with data-intensive analysis capabilities a whole hyperinfrastructure of distributed databases cross-cuts a multi-tier hierarchy of computational grids. The crosscutting allows separation of concerns across both the global environment of a federation of computational grids and the local environment of a physicist’s computer used for analysis. Very few efforts are on-going in the area of database and grid integration research. Most of these are outside of the U.S. and rely on traditional approaches to secure database access via an extraneous security layer separate from the database system core, preventing efficient data transfers. Our findings are shared by the Database Access and Integration Services Working Group of the Global Grid Forum, who states that "Research and development activities relating to the Grid have generally focused on applications where data is stored in files. However, in many scientific and commercial domains, database management systems have a central role in data storage, access, organization, authorization, etc, for numerous applications.” There is a clear opportunity for a technological breakthrough, requiring innovative steps to provide high-performance secure database access technologies for grid computing. We believe that an innovative database architecture where the secure authorization is pushed into the database engine will eliminate inefficient data transfer bottlenecks. Furthermore, traditionally separated database and security layers provide an extra vulnerability, leaving a weak clear-text password authorization as the only protection on the database core systems. Due to the legacy limitations of the systems’ security models, the allowed passwords often can not even comply with the DOE password guideline requirements. We see an opportunity for the tight integration of the secure authorization layer with the database server engine resulting in both improved performance and improved security. Phase I has focused on the development of a proof-of-concept prototype using Argonne National Laboratory’s (ANL) Argonne Tandem-Linac Accelerator System (ATLAS) project as a test scenario. By developing a grid-security enabled version of the ATLAS project’s current relation database solution, MySQL, PIOCON Technologies aims to offer a more efficient solution to secure database access.},
doi = {10.2172/937423},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Mon Apr 17 00:00:00 EDT 2006},
month = {Mon Apr 17 00:00:00 EDT 2006}
}

Technical Report:

Save / Share:
  • (oak - A259)
  • This project is focused on the development of advanced components and system technologies for secure data transmission on high-speed fiber optic data systems. This work capitalizes on (1) a strong relationship with outstanding faculty at the University of California-Davis who are experts in high speed fiber-optic networks, (2) the realization that code division multiple access (CDMA) is emerging as a bandwidth enhancing technique for fiber optic networks, (3) the realization that CDMA of sufficient complexity forms the basis for almost unbreakable one-time key transmissions, (4) our concepts for superior components for implementing CDMA, (5) our expertise in semiconductor device processingmore » and (6) our Center for Nano and Microtechnology, which is where the majority of the experimental work was done. Here we present a novel device concept, which will push the limits of current technology, and will simultaneously solve system implementation issues by investigating new state-of-the-art fiber technologies. This will enable the development of secure communication systems for the transmission and reception of messages on deployed commercial fiber optic networks, through the CDMA phase encoding of broad bandwidth pulses. CDMA technology has been developed as a multiplexing technology, much like wavelength division multiplexing (WDM) or time division multiplexing (TDM), to increase the potential number of users on a given communication link. A novel application of the techniques created for CDMA is to generate secure communication through physical layer encoding. Physical layer encoding devices are developed which utilize semiconductor waveguides with fast carrier response times to phase encode spectral components of a secure signal. Current commercial technology, most commonly a spatial light modulator, allows phase codes to be changed at rates of only 10's of Hertz ({approx}25ms response). The use of fast (picosecond to nanosecond) carrier dynamics of semiconductors, as opposed to field dynamics of liquid crystal molecules, enable phase codes at GHz rates. The semiconductor arrayed waveguide grating (AWG) is the building block of the encoder/decoder device. A monolithically integrated AWG is developed in this LDRD. Using this building block, the AWG can be integrated with phase modulators to create temporally varying phase codes; this allows superior physical level encoding technology. The breadth of this project is wide, covering a free space optic demonstration (large optic at the meter scale) of the encoding system. This was done as a proof-of-principal exercise and to investigate the time varying phase codes (''locks'' and ''keys''). Then a monolithically integrated AWG implemented at the millimeter was investigated. The mono lithically integrated AWG has the same functionality as the table top free space optic but reduced down in size to be easily embedded in fiber optic networks.« less
  • High performance computing environments are often used for a wide variety of workloads ranging from simulation, data transformation and analysis, and complex workflows to name just a few. These systems may process data at various security levels but in so doing are often enclaved at the highest security posture. This approach places significant restrictions on the users of the system even when processing data at a lower security level and exposes data at higher levels of confidentiality to a much broader population than otherwise necessary. The traditional approach of isolation, while effective in establishing security enclaves poses significant challenges formore » the use of shared infrastructure in HPC environments. This report details current state-of-the-art in virtualization, reconfigurable network enclaving via Software Defined Networking (SDN), and storage architectures and bridging techniques for creating secure enclaves in HPC environments.« less
  • The BaBar Copy Program (bbcp) is an excellent representative of peer-to-peer (P2P) computing. It is also a pioneering application of its type in the P2P arena. Built upon the foundation of its predecessor, Secure Fast Copy (sfcp), bbcp incorporates significant improvements performance and usability. As with sfcp, bbcp uses ssh for authentication; providing an elegant and simple working model--if you can ssh to a location, you can copy files to or from that location. To fully support this notion, bbcp transparently supports 3rd party copy operations. The program also incorporates several mechanism to deal with firewall security; the bane ofmore » P2P computing. To achieve high performance in a wide area network, bbcp allows a user to independently specify, the number of parallel network streams, tcp window size, and the file I/O blocking factor. Using these parameters, data is pipelined from source to target to provide a uniform traffic pattern that maximizes router efficiency. For improved recoverability, bbcp also keeps track of copy operations so that an operation can be restarted from the point of failure at a later time; minimizing the amount of network traffic in the event of a copy failure. Here, we preset the bbcp architecture, it's various features, and the reasons for their inclusion.« less