计算机科学与探索 ›› 2014, Vol. 8 ›› Issue (5): 543-549.DOI: 10.3778/j.issn.1673-9418.1312025

• 学术研究 • 上一篇    下一篇

HPC机群分布式强制访问控制技术可行性研究

霍建同+,李云春,杨秀梅   

  1. 北京航空航天大学 网络信息中心,北京 100191
  • 出版日期:2014-05-01 发布日期:2014-05-05

Feasibility Research on Distributed Mandatory Access Control for HPC Cluster

HUO Jiantong+, LI Yunchun, YANG Xiumei   

  1. Network Information and Computing Center, Beihang University, Beijing 100191, China
  • Online:2014-05-01 Published:2014-05-05

摘要: 高性能计算(high performance computing,HPC)机群具有单一系统和分布式系统的双重特点,从而对机群的安全性提出了新的挑战。根据高性能计算机群的安全现状和需求,提出了一种适用于高性能计算机群的分布式强制访问控制模型;根据该模型设计了一个基于单节点的强制访问控制系统SE Linux,实现了高性能计算机群访问控制系统框架,并搭建了一个原型系统。最后,对高性能计算机群强制访问控制技术的可行性进行了分析和验证。分析结果表明,高性能计算机群分布式强制访问控制技术在功能上能够满足高性能计算机群的安全需求,对系统的计算和带宽的消耗也在可接受的范围内。

关键词: 高性能计算机群, 强制访问控制(MAC), SE Linux, 机群安全策略

Abstract: The high performance computing (HPC) cluster has the features of single system and distributed system, the cluster security is a new challenge. According to the research and analysis on the security and demand of cluster, this paper puts forward a suitable model for HPC cluster, and designs an implementation framework based on the node-level mandatory access control (MAC) system, SE Linux. Then, this paper builds a prototype system. In the last section, this paper studies the feasibility of the distributed mandatory access control for HPC cluster, both the function and the performance. The results show that, the MAC technology for HPC cluster can satisfy the security demand of the HPC cluster in the function, and the cost of MAC also can be acceptable.

Key words: high performance computing cluster, mandatory access control (MAC), SE Linux, cluster security strategy