Minisymposium

Tim Dykes and Martin Matthiesen will discuss the topic of confidential high performance computing from both the platform vendor and operational perspectives in the context of Europe's HPC Flagship LUMI. The talk will initially outline the requirement for secure workloads in HPC, highlighting the challenges presented by system architecture, system software, applications, typical usage patterns, threat models, and common misconceptions surrounding confidentiality and data processing. We will briefly cover examples of existing approaches to support confidential workloads on HPC systems, and then present an overview of a joint effort to develop an end-to-end container-based technology prototype for remote workload execution on Cray EX supercomputers. We consider protection from in-storage, in-flight, and in-execution access by third parties through container encryption, secure sub-networks, and a fully attested hardware and software stack, without requiring any application modification. We will discuss our experiences building this technology from both the platform vendor and data-center operator perspectives, and contrast with other approaches also in use. We will summarise highlighting future work and outstanding challenges to be solved.

The domain of high-performance computing is currently experiencing a paradigm shift known as "convergent computing":Cloud providers are now able to provide supercomputer-like performance, and HPC centers are improving their utilization with multi-tenancy models, blurring the line between these domains.

At the same time, a decades-old idea called Unikernels experiences a revival in cloud computing.These library-operating system images aim to achieve high-performance and low overhead while maintaining high isolation, making them suitable for modern convergent cloud systems.

Isolation, however, is not a “silver bullet” for ensuring security and integrity.Offloading computations to a computation provider requires trust in that party and their infrastructure.That’s what a set of technologies called confidential computing aims to solve.In cloud and HPC, most implementations of confidential computing are based on virtualization. Therefore, combining it with Unikernels appears to be a logical next step.

This presentation will explore how supercomputing can benefit from confidential computing and Unikernels, discuss the effects of confidential computing technologies on Unikernels, and share our experiences in integrating them into our own Unikernel Hermit.

Confidential Computing safeguards data in use against unauthorized access or modification, including by privileged software. Architectures like Intel SGX, AMD SEV, Arm CCA, and IBM Ultravisor implement this protection through access control policies. In some cases, they also employ cryptographic memory protection schemes, which are the subject of this talk. We review such schemes from academia and industry and categorize them based on protection levels corresponding to Adversaries with varying capabilities, budgets, and strategies. The cryptographic memory protection schemes are built from encryption and integrity primitives, modes of operation, and anti-replay structures. We consider the choices of these building blocks and of their combinations. The performance impact of selected designs is assessed through the SimPoints methodology in a simulated system. We focus on technologies that maintain good software speeds and do not rely on components which are external to the System-on-a-Chip (SoC). Therefore, methods such as Oblivious RAMs or the protection of the SoC-to-memory link are excluded. Finally, we introduce novel solutions to minimize performance and memory overheads: Our integrity trees based on 3-way split counters outperform the state-of-the-art while being more straightforward to implement. Their compactness allows storage in on-chip physically protected memory.

In this roundtable, the speakers of the Minisymposium and additional guests will discuss with the audience the question “How secure can handling sensitive data in HPC be?”, with an introduction given by Martin Matthiesen (CSC – IT Center for Science, Finland), moderated by Tiziano Müller (HPE, Switzerland). This includes the following topics: Enabling collaboration in HPC through Confidential Computing: How does Confidential Computing allow researchers from different institutions to securely work on sensitive data in a shared HPC environment, exploring solutions for data privacy while facilitating collaboration. Mitigating security risks in cloud-based HPC with Confidential Computing: Discussing how Confidential Computing helps address security concerns when using public cloud resources for HPC. Desirable and achievable levels of confidentiality with today’s technology will be evaluated. Standardization and interoperability of Confidential Computing for HPC: This topic explores the ongoing efforts to create standards and ensure compatibility between different TEE implementations for seamless use in HPC environments.The future of Confidential Computing in HPC: This dives into potential future advancements in Confidential Computing technologies and their impact on HPC. It could explore areas like integration with AI workloads or leveraging Confidential Computing for emerging HPC architectures.