Accessing protected data by a high-performance computing cluster

Barnes, Peter; Fedor-Thurman, Daniel; Halliday, Kyle D.

Title: Accessing protected data by a high-performance computing cluster

Full Record
Other Related Research

Abstract

A data protection system is provided that allows applications to access protected data in a way that restricts applications from outputting to unauthorized targets any unprotected data derived from the protected data and that ensures that the applications do not have access to a key that allows access to the unprotected data. The data protection system provides a policy server that may execute on a service node of a high performance computing system and a data encryption process that may execute on each compute node that is allocated to an application or batch job. The policy server maintains policies of entities specifying access control for protected data. The data encryption process generates a secure execution environment for an application process and interfaces with the policy server to retrieve keys for decrypting protected data in accordance with a policy, and it decrypts and provides the decrypted data to the application process.

Inventors:: Barnes, Peter; Fedor-Thurman, Daniel; Halliday, Kyle D.

Issue Date:: 2021-04-06

Research Org.:: Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1823817

Patent Number(s):: 10970410

Application Number:: 15/795,040

Assignee:: Lawrence Livermore National Security, LLC (Livermore, CA)

DOE Contract Number:: AC52-07NA27344

Resource Type:: Patent

Resource Relation:: Patent File Date: 10/26/2017

Country of Publication:: United States

Language:: English

Citation Formats


                    Barnes, Peter, Fedor-Thurman, Daniel, and Halliday, Kyle D. Accessing protected data by a high-performance computing cluster.  United States: N. p., 2021. 
        Web.

Copy to clipboard


                    Barnes, Peter, Fedor-Thurman, Daniel, & Halliday, Kyle D. Accessing protected data by a high-performance computing cluster.  United States.

Copy to clipboard


                    Barnes, Peter, Fedor-Thurman, Daniel, and Halliday, Kyle D. Tue .  
        "Accessing protected data by a high-performance computing cluster".  United States.  https://www.osti.gov/servlets/purl/1823817.

Copy to clipboard


                    
@article{osti_1823817,

  title        = {Accessing protected data by a high-performance computing cluster},

  author       = {Barnes, Peter and Fedor-Thurman, Daniel and Halliday, Kyle D.},

  abstractNote = {A data protection system is provided that allows applications to access protected data in a way that restricts applications from outputting to unauthorized targets any unprotected data derived from the protected data and that ensures that the applications do not have access to a key that allows access to the unprotected data. The data protection system provides a policy server that may execute on a service node of a high performance computing system and a data encryption process that may execute on each compute node that is allocated to an application or batch job. The policy server maintains policies of entities specifying access control for protected data. The data encryption process generates a secure execution environment for an application process and interfaces with the policy server to retrieve keys for decrypting protected data in accordance with a policy, and it decrypts and provides the decrypted data to the application process.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {2021},

  month        = {4}

}

Copy to clipboard

Patent:

Save / Share:

Export Metadata

Save to My Library

Similar Records in DOE Patents and OSTI.GOV collections:

Failure detection in high-performance clusters and computers using chaotic map computations

Patent Rao, Nageswara S.

A programmable media includes a processing unit capable of independent operation in a machine that is capable of executing 10.sup.18 floating point operations per second. The processing unit is in communication with a memory element and an interconnect that couples computing nodes. The programmable media includes a logical unit configured to execute arithmetic functions, comparative functions, and/or logical functions. The processing unit is configured to detect computing component failures, memory element failures and/or interconnect failures by executing programming threads that generate one or more chaotic map trajectories. The central processing unit or graphical processing unit is configured to detect amore » « less
Full Text Available
Self-pacing direct memory access data transfer operations for compute nodes in a parallel computer

Patent Blocksome, Michael A

Methods, apparatus, and products are disclosed for self-pacing DMA data transfer operations for nodes in a parallel computer that include: transferring, by an origin DMA on an origin node, a RTS message to a target node, the RTS message specifying an message on the origin node for transfer to the target node; receiving, in an origin injection FIFO for the origin DMA from a target DMA on the target node in response to transferring the RTS message, a target RGET descriptor followed by a DMA transfer operation descriptor, the DMA descriptor for transmitting a message portion to the target node,more » « less
Full Text Available
Chaining direct memory access data transfer operations for compute nodes in a parallel computer

Patent Archer, Charles J [Rochester, MN]; Blocksome, Michael A [Rochester, MN]

Methods, systems, and products are disclosed for chaining DMA data transfer operations for compute nodes in a parallel computer that include: receiving, by an origin DMA engine on an origin node in an origin injection FIFO buffer for the origin DMA engine, a RGET data descriptor specifying a DMA transfer operation data descriptor on the origin node and a second RGET data descriptor on the origin node, the second RGET data descriptor specifying a target RGET data descriptor on the target node, the target RGET data descriptor specifying an additional DMA transfer operation data descriptor on the origin node; creating,more » « less
Full Text Available
Cloud object store for archive storage of high performance computing data using decoupling middleware

Patent Bent, John M.; Faibish, Sorin; Grider, Gary

Cloud object storage is enabled for archived data, such as checkpoints and results, of high performance computing applications using a middleware process. A plurality of archived files, such as checkpoint files and results, generated by a plurality of processes in a parallel computing system are stored by obtaining the plurality of archived files from the parallel computing system; converting the plurality of archived files to objects using a log structured file system middleware process; and providing the objects for storage in a cloud object storage system. The plurality of processes may run, for example, on a plurality of compute nodes.more » « less
Full Text Available
Matrix multiplication operations with data pre-conditioning in a high performance computing architecture

Patent Eichenberger, Alexandre E; Gschwind, Michael K; Gunnels, John A

Mechanisms for performing matrix multiplication operations with data pre-conditioning in a high performance computing architecture are provided. A vector load operation is performed to load a first vector operand of the matrix multiplication operation to a first target vector register. A load and splat operation is performed to load an element of a second vector operand and replicating the element to each of a plurality of elements of a second target vector register. A multiply add operation is performed on elements of the first target vector register and elements of the second target vector register to generate a partial productmore » « less
Full Text Available

Similar Records