Survey of Supercomputer Cluster Security Issues
by G. Markowsky
Abstract – The authors believe that providing security for supercomputer clusters is different from providing security for stand-alone PCs. The types of programs that supercomputer clusters run and the sort of data available on supercomputer clusters are fundamentally different from the programs and data found on stand-alone PCs. This situation might attract a different type of attacker with different goals and different tactics. This paper discusses the results of a questionnaire sent out to many supercomputer clusters in the United States and relates them to a literature search that was also undertaken. These results suggest approaches that can be taken to further secure supercomputer clusters.
1. Motivation
As a result of working in cybersecurity and working on some classified supercomputer computations, we became curious about whether the security problems for supercomputer clusters were different from those faced by desktops. Some of the reasons for suspecting that there might be differences are:
– different types of data, including classified data;
– interest on the part of governments;
– access to great computing power;
– the greater sophistication of users;
– the greater sophistication of attackers.
Additionally, it is clear that supercomputer cluster operators are aware of each other, so the supercomputer cluster network might be a tempting target. Our goals were to get some insight into the state of the art in cluster security and to help cluster operators secure their clusters.
1.1 The Stakkato Intrusions
In the course of doing the research for this paper, we came across a discussion of the “The Stakkato Intrusions.” A very detailed discussion of this protracted attack against supercomputer clusters can be found in Nixon [1]. Quoting from the abstract we have: During
15 months, from late 2003 until early 2005, hundreds of supercomputing sites, universities and companies worldwide were hit in a series of intrusions, with the perpetrator leapfrogging from site to site using harvested ssh passwords.
The damage has been estimated to exceed $100 million in the United States alone. The intrusions were eventually traced to a Swedish teenager who was visited by police. After the visit the intrusions stopped. All together, approximately 1,000 sites were compromised to some degree.
2. Some Questions
Some of the questions that we were hoping to get some insight into were:
1. What is the level of computer security expertise shown among cluster operators?
2. To what extent are clusters targeted by organizations rather than random hackers?
3. How common are physical or social engineering attacks?
4. How sophisticated are the attackers?
3. The Survey
In designing a survey we worried about several factors.
Of particular concern to us were the following:
– The survey must not be intrusive.
– We must get people to trust us enough to complete the survey.
– The survey must not reveal weak spots to potential adversaries.
– The survey must be short and easy to complete.
– The survey should preserve anonymity.
While we do not believe in security through obscurity, we also did not want to call attention to any particular institution because of our work.