Accessing protected data by a high-performance computing cluster
Abstract
A data protection system is provided that allows applications to access protected data in a way that restricts applications from outputting to unauthorized targets any unprotected data derived from the protected data and that ensures that the applications do not have access to a key that allows access to the unprotected data. The data protection system provides a policy server that may execute on a service node of a high performance computing system and a data encryption process that may execute on each compute node that is allocated to an application or batch job. The policy server maintains policies of entities specifying access control for protected data. The data encryption process generates a secure execution environment for an application process and interfaces with the policy server to retrieve keys for decrypting protected data in accordance with a policy, and it decrypts and provides the decrypted data to the application process.
- Inventors:
- Issue Date:
- Research Org.:
- Lawrence Livermore National Laboratory (LLNL), Livermore, CA (United States)
- Sponsoring Org.:
- USDOE
- OSTI Identifier:
- 1823817
- Patent Number(s):
- 10970410
- Application Number:
- 15/795,040
- Assignee:
- Lawrence Livermore National Security, LLC (Livermore, CA)
- Patent Classifications (CPCs):
-
G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
- DOE Contract Number:
- AC52-07NA27344
- Resource Type:
- Patent
- Resource Relation:
- Patent File Date: 10/26/2017
- Country of Publication:
- United States
- Language:
- English
Citation Formats
Barnes, Peter, Fedor-Thurman, Daniel, and Halliday, Kyle D. Accessing protected data by a high-performance computing cluster. United States: N. p., 2021.
Web.
Barnes, Peter, Fedor-Thurman, Daniel, & Halliday, Kyle D. Accessing protected data by a high-performance computing cluster. United States.
Barnes, Peter, Fedor-Thurman, Daniel, and Halliday, Kyle D. Tue .
"Accessing protected data by a high-performance computing cluster". United States. https://www.osti.gov/servlets/purl/1823817.
@article{osti_1823817,
title = {Accessing protected data by a high-performance computing cluster},
author = {Barnes, Peter and Fedor-Thurman, Daniel and Halliday, Kyle D.},
abstractNote = {A data protection system is provided that allows applications to access protected data in a way that restricts applications from outputting to unauthorized targets any unprotected data derived from the protected data and that ensures that the applications do not have access to a key that allows access to the unprotected data. The data protection system provides a policy server that may execute on a service node of a high performance computing system and a data encryption process that may execute on each compute node that is allocated to an application or batch job. The policy server maintains policies of entities specifying access control for protected data. The data encryption process generates a secure execution environment for an application process and interfaces with the policy server to retrieve keys for decrypting protected data in accordance with a policy, and it decrypts and provides the decrypted data to the application process.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2021},
month = {4}
}
Works referenced in this record:
Format-preserving cryptographic systems
patent-application, July 2008
- Spies, Terence; Pauker, Matthew J.
- US Patent Application 11/654054; 20080170693
Policy enforcement for compute nodes
patent-application, June 2017
- Arumugam, Dilli Dorai Minnal; Mujumdar, Prasad
- US Patent Application 14/965055; 20170171246
Method of forming virtual computer cluster within shared computing environment
patent-application, April 2006
- Kallahalla, Mahesh; Uysal, Mustafa; Swaminathan, Ram
- US Patent Application 10/959536; 20060075278
Encryption load balancing and distributed policy enforcement
patent-application, January 2008
- Mattsson, Ulf; Rozenberg, Yigal
- US Patent Application 11/644106; 20080022136
Graphics processing unit resource sharing
patent-application, September 2017
- Gandhi, Anshul; Lei, Hui; Radhakrishnan, Jayaram Kallapalayam
- US Patent Application 15/059822; 20170256018
Method and system for facilitating isolated workspace for applications
patent-application, February 2014
- Deasy, Stephen; Newell, Craig
- US Patent Application 13/595881; 20140059642
System and method for cluster management based on HPC architecture
patent-application, November 2005
- Ballew, James D.; Early, Gary R.; Davidson, Shannon V.
- US Patent Application 10/825539; 20050251567
Executable identity based file access
patent-application, December 2012
- Mittal, Hemant; Raman, Shankar
- US Patent Application 13/577174; 20120310983
Secure Virtual File Management System
patent-application, August 2013
- Akella, Venkata Sastry; Sharma, Rahul; Krishnan, Sanjeev
- US Patent Application 13/734545; 20130219176
Non-invasive whitelisting
patent-application, March 2016
- Johri, Amritanshu; Singh, Balbir; Khurana, Jaskaran
- US Patent Application 14/495692; 20160088011
Memory system with versatile content control
patent-application, July 2007
- Jogand-Coulomb, Fabrice; Holtzman, Michael; Qawami, Bahman
- US Patent Application 11/314410; 20070168292
Job assigning device, job assigning method, and computer product
patent-application, October 2007
- Imai, Yuji
- US Patent Application 11/480444; 20070233837