Data Enclaves for Scientific Computing
Principal Investigators:
Sean Peisert
Venkatesh Akella
Jason Lowe-Power
Research Staff:
Affiliated Graduate Students:
Past Researchers:
Ayaz Akram (UC Davis / LBNL)
Scientific data today is at risk due to how it is collected, stored, and analyzed in highly disparate computing systems. We believe that in order to solve the problems described above that future HPC hardware and software solutions should be co-designed together with security and scientific computing integrity concepts designed and built into as much of the stack from the outset as possible.
This project is developing new architectures appropriate to the performance and usage needs of scientific computing to secure scientific data from the edge to the HPC center. This includes includes sensor and edge systems that collect and process of that data takes place outside protection boundaries of traditional HPC centers, including against attacks such as ransomware and physical attacks against the computing system. Our approach will address the gaps left by existing solutions for scientific workflows to address the specific power, performance, and usability, and needs from the edge to the HPC center.
This project is supported by the US Department of Energy’s Office of Science’s Advanced Scientific Computing Research (ASCR) program under the following grants:
“Toward a Hardware/Software Co-Design Framework for Ensuring the Integrity of Exascale Scientific Data,” PI: Sean Peisert, 2015.
“Cybersecurity for Edge-to-Center Scientific Computing in Advanced Wireless Environments,” PI: Sean Peisert, Co-PIs: Venkatesh Akella and Jason Lowe-Power, 2021.
It is also funded by NNSA DNN R&D:
“Data Enclaves for Secure Computing (DESC): Enabling Secure Nuclear Treaty Verification in Hostile Environments,” PI: Sean Peisert, Co-PIs: Venkatesh Akella, David Archer, and Jason Lowe-Power, 2024.
It is also funded by LBNL Contractor Supported Research.
See also the hardware-software security page at DArchR, the UC Davis Architecture Research group.
Press regarding this project:
Berkeley Lab Cybersecurity Specialist Highlights Data Sharing Benefits, Challenges at NAS Meeting — Dec. 4, 2018
CRD’s Peisert to Discuss Data Sharing at National Academies’ COSEMPUP Meeting — Nov. 5, 2018
Lab Experts Help Coordinate ISC18, World’s First, Largest Computing Conference - June 21, 2018
Publications resulting from this project:
Ayaz Akram, Venkatesh Akella, Sean Peisert, and Jason Lowe-Power, “SoK: Limitations of Confidential Computing via TEEs for High-Performance Compute Systems,” Proceedings of the 2022 IEEE International Symposium on Secure and Private Execution Environment Design (SEED), Sept. 26–27, 2022.
Ayaz Akram, Venkatesh Akella, Sean Peisert, and Jason Lowe-Power, “Enabling Design Space Exploration for RISC-V Secure Compute Environments,” Proceedings of the Fifth Workshop on Computer Architecture Research with RISC-V (CARRV), (co-located with ISCA 2021) June 17, 2021
Sean Peisert, “Trustworthy Scientific Computing,” Communications of the ACM (CACM), 64(5), pp. 18–21, May 2021.
Ayaz Akram, Anna Giannakou, Venkatesh Akella, Jason Lowe-Power, and Sean Peisert, “Performance Analysis of Scientific Computing Workloads on General Purpose TEEs,” Proceedings of the 35th IEEE International Parallel & Distributed Processing Symposium (IPDPS), May 17–21, 2021.
Ayaz Akram, “Trusted Execution for High-Performance Computing,” Proceedings of the 15th EuroSys Doctoral Workshop (EuroDW), 2021. video
Ayaz Akram, “Architectures for Secure High-Performance Computing,” Proceedings of the Young Architect Workshop (YArch) held in conjunction with the International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), April 2021. video
Ayaz Akram, Anna Giannakou, Venkatesh Akella, Jason Lowe-Power, and Sean Peisert, “Performance Analysis of Scientific Computing Workloads on Trusted Execution Environments,” arXiv preprint arXiv:2010.13216, 25 Oct 2020.
Presentations:
Sean Peisert, “Trustworthy Scientific Cyberinfrastructure,” NASEM Cyber Resilience Forum Summer 2023 Meeting, San Francisco, CA, August 31, 2023.
Keynote: “Usable Computer Security and Privacy to Enable Data Sharing in High-Performance Computing Environments,” 3rd High-Performance Computing Security Workshop, NIST National Cybersecurity Center of Excellence (NCCoE), Rockville, MD, March 16, 2023. NIST IR 8476 Workshop Report
Keynote: “Usable Computer Security and Privacy to Enable Data Sharing in High-Performance Computing Environments,” Interdisciplinary Symposium on Responsible Innovation: Intersection of Privacy and Artificial Intelligence, Center for Data Science and AI Research (CeDAR), University of California, Davis, March 10, 2023.
“Responsible Innovation at the Intersection of Privacy and Artificial Intelligence (AI),” (panel; with Eric Dang, Darci Sears, moderators; Tom Kemp, and Richard Arney) Interdisciplinary Symposium on Responsible Innovation: Intersection of Privacy and Artificial Intelligence, Center for Data Science and AI Research (CeDAR), University of California, Davis, March 10, 2023.
“Securing Edge-to-Center Computing with Trustworthy Data Domains,” Monterey Data Workshop, April 21, 2022.
Sean Peisert, “Cybersecurity and Privacy R&D for Science and Energy,” Networking and Information Technology Research and Development (NITRD) Cyber Security and Information Assurance (CSIA) Interagency Working Group (IWG) Meeting, March 24, 2022.
Sean Peisert, “Securing Edge-to-Center Computing with Trustworthy Data Domains,” 2022 AFRL/AFOSR/DOE Energy Cost of Information Workshop, February 18, 2022.
Venkatesh Akella and Sean Peisert, “Usable Computer Security and Privacy to Enable Data Sharing for Scientific Research,” Trusted Computing Center of Excellence (TCCOE) Summit, February 1–3, 2022.
Keynote: “Usable Computer Security and Privacy to Enable Data Sharing for Scientific Research,” Second International Silicon Valley Cybersecurity Conference (SVCC), December 3, 2021.
Sean Peisert, “Advancing Cybersecurity as an Enabling Capability in High-Performance Computing Environments”, HPC User Forum, Sept. 7–9, 2021
Sean Peisert, “Cyber Privacy and Security Risks During the Pandemic” (panel - with Bart Preneel, KU Leuven; Kritika Bhardwaj, NLU Delhi; Margaret Bourdeaux, Harvard/Berkman Klein; Susan Landau, Tufts; and Smitha Prasad, NLU Delhi), Hewlett Foundation event hosted by the Fletcher School at Tufts University and the Centre for Communication Governance (CCG) at National Law University, Delhi, December 17, 2020.
Sean Peisert, “Fragility, Interdependence, and Tradeoffs — Cybersecurity and Privacy Lessons from the Pandemic,” Federal Cybersecurity R&D Interagency Working Group (CSIA IWG), NITRD, December 3, 2020.
Sean Peisert, “Scientific Computing and Sensitive Data,” DataLab Health Data Science and Systems Research and Learning Cluster, University of California, Davis, October 2, 2020.
Sean Peisert, “Privacy-Preserving Data Analysis in Scientific Computing Environments,” White House Office of Science & Technology Policy Workshop, Eisenhower Administration Building, Washington, D.C., Jan. 31, 2020.
Sean Peisert, “Privacy-Preserving Data Analysis for Energy Delivery Systems and Scientific Discovery,” Western Area Power Administration (WAPA), Golden, CO, November 5, 2019.
Ayaz Akram and Anna Giannakou, Venkatesh Akella, Jason Lowe-Power, Sean Peisert, “Using Trusted Execution Environments on High Performance Computing Platforms,” Open-Source Enclaves Workshop (OSEW 2019), Berkeley, CA, July 25, 2019.
Sean Peisert, “Usable Computer Security and Privacy to Enable and Encourage Data Sharing for Scientific Research,” National Academies of Sciences, Engineering, and Medicine Committee on Science, Engineering, Medicine, and Public Policy (COSEMPUP) Meeting, Washington, D.C., November 8, 2018.
Sean Peisert, “Cybersecurity Challenges and Opportunities in High-Performance Computing Environments,” International Supercomputing Conference (ISC), Frankfurt, Germany, June 26, 2018.
Other Resources:
Ayaz Akram, Setting up Trusted HPC System in the Cloud, November 19, 2020.
More information is available on other Berkeley Lab R&D projects focusing on cybersecurity in general, as well as specifically on cybersecurity for research cyberinfrastructure and high-performance computing.