Cybersecurity for Scientific Computing, Networking, and HPC

The Berkeley Lab’s Computational Research Division is an active participant in a number of projects in the arena of security for scientific, high-performance computing systems and high-bandwidth research and education networks.  Research sponsors have typically included DOE’s ASCR program and the National Science Foundation (NSF) SaTC program and OAC office, among others. 

LBNL’s cybersecurity goals are to research, develop, evaluate, adapt, and integrate advanced security and privacy solutions that enable or improve scientific workflows that may otherwise not be possible due to real or perceived security restrictions that, using today’s solution, impose onerous usability and/or performance constraints, thereby hindering scientific progress.

LBNL has had a leadership role in security in scientific computing environments for many years, including the development of the Zeek (Bro) Network Security Monitor, the 100G performance enhancements of Zeek (Bro), and Zeek (Bro)’s commercial spin-off, Corelight, Inc., as well as leading several DOE-sponsored activities related to defining a cybersecurity research program within the DOE Office of Science.  More recently, LBNL led the coordination of the “Cyber R&D” Enterprise Cyber Capability (ECC) of the DOE-wide Integrated Joint Cybersecurity Coordination Center (iJC3) — a sponsored R&D program involving ten DOE National Laboratories as performers. LBNL is currently a co-lead of Trusted CI, the NSF Cybersecurity Center of Excellence.

Recent highlights of LBNL’s cybersecurity R&D activities include:

DOE Cybersecurity Workshops and Reports

ASCR Cybersecurity for Scientific Computing Workshop, June 2–3, 2015 [ report]

ASCR Cybersecurity Workshop, January 7–9, 2015 [ report, news]

DOE Grassroots Cybersecurity Initiative, 2008–2010 [ Frincke presentation, Catlett ASCAC presentation, report 1, report 2, report 3]

DOE Cybersecurity R&D Challenges for Open Science: Developing a Roadmap and Vision, January 24–26, 2007 [ news, report]

Some recent news:

Summer Students Tackle COVID-19 — Oct. 21, 2020

Impact of AI in DOE National Laboratories (YouTube video) (security discussion at 1'07") — Sept. 29, 2019

Berkeley Lab Cybersecurity Specialist Highlights Data Sharing Benefits, Challenges at NAS Meeting — Dec. 4, 2018

CRD’s Peisert to Discuss Data Sharing at National Academies' COSEMPUP Meeting — Nov. 5, 2018

Berkeley Lab Contributes to $2.5M supplemental grant for NSF-funded Cybersecurity Center of Excellence — Oct. 5, 2018

Lab Experts Help Coordinate ISC18, World’s First, Largest Computing Conference — June 21, 2018

Into the Medical Science DMZ (Science Node) — March 23, 2018

Berkeley Lab Researchers Contribute to Making Blockchains Even More Robust — January 30, 2018

ESnet’s Science DMZ Design Could Help Transfer, Protect Medical Research Data — October 16, 2017

Berkeley Lab’s cybersecurity expert Sean Peisert discusses challenges & opportunities of securing HPC — Aug. 24, 2017

HPC security article in Communications of the ACM

Video accompanying HPC security article on Vimeo

Cybersecurity: New Directions for Research and Education Networks — May 26, 2017

Mind the gap: Speaking like a cybersecurity pro — Feb. 10, 2017

Building a CENIC Security Strategy — Jan. 11, 2017

Working Group on Open Science Cybersecurity Risks Releases First Document Draft for Public Comment — Oct. 31, 2016

NSF Cybersecurity Center of Excellence, ESnet Organize Working Group on Open Science Threats — Jun. 22, 2016

ESnet, CENIC Announce Joint Cybersecurity Initiative - CRD’s Sean Peisert to serve as director of initiative [ TABL] — Jan. 19, 2016

Key Representative Publications:

Sean Peisert, “ Trustworthy Scientific Computing,” Communications of the ACM (CACM), 64(5), pp. 18–21, May 2021.

Ayaz Akram, Anna Giannakou, Venkatesh Akella, Jason Lowe-Power, and Sean Peisert, “ Performance Analysis of Scientific Computing Workloads on General Purpose TEEs,” Proceedings of the 35th IEEE International Parallel & Distributed Processing Sysmposium (IPDPS), May 17–21, 2021.

Ayaz Akram, Anna Giannakou, Venkatesh Akella, Jason Lowe-Power, and Sean Peisert, “ Performance Analysis of Scientific Computing Workloads on Trusted Execution Environments,” arXiv preprint arXiv:2010.13216, 25 Oct 2020.

Bogdan Copos and Sean Peisert, “ Catch Me If You Can: Using Power Analysis to Identify HPC Activity,” arXiv preprint arXiv:2005.03135, 2020.

Sean Peisert, Eli Dart, William K. Barnett, James Cuff, Robert L. Grossman, Edward Balas, Ari Berman, Anurag Shankar, and Brian Tierney, “ The Medical Science DMZ: An Network Design Pattern for Data-Intensive Medical Science”, Journal of the American Medical Informatics Association (JAMIA), 25,(3):267–274, March 2018.

Sean Peisert, “ Security in High-Performance Computing Environments”, Communications of the ACM (CACM), 60(9):72-80, September 2017.

Sean Peisert, Von Welch, Andrew Adams, Michael Dopheide, Susan Sons, RuthAnne Bevier, Rich LeDuc, Pascal Meunier, Stephen Schwab, and Karen Stocks, Ilkay Altintas, James Cuff, Reagan Moore, and Warren Raquel, “ Open Science Cyber Risk Profile,” February 2017.

Sean Whalen, Sean Peisert, Matt Bishop, “ Multiclass Classification of Distributed Memory Parallel Computations,” Pattern Recognition Letters (PRL), 34(3):322-329, February 2013.

Sean Whalen, Sophie Engle, Sean Peisert, Matt Bishop, “ Network-Theoretic Classification of Parallel Computation Patterns,” International Journal of High Performance Computing Applications (IJHPCA), 26(2):159-169, May 2012.

Projects

Listings of specific projects in security for high-performance computing and security for scientific networking are available.

.js-id-science-security

Symbiosis in Byzantine Fault Tolerance and Intrusion Detection

This project was funded by NSF’s SaTC program, and was co-led by Sean Peisert. The theme of this effort was to integrate Byzantine fault tolerance (BFT) into intrusion detection systems (IDS), at both the fundamental and system levels, thereby improving both BFT and IDS. potential to improve BFT.