HPC systems used for research run a wide variety of software and workflows. This software is often written or modified by users to meet the needs of their research projects, and rarely is built with security in mind. In this paper we explore several of the key techniques that MIT Lincoln Laboratory Supercomputing Center has deployed on its systems to manage the security implications of these workflows by providing enforced separation for processes, filesystem access, network traffic, and accelerators to make every user feel like they are running on a personal HPC.
@article{arxiv.2409.10770,
title = {HPC with Enhanced User Separation},
author = {Andrew Prout and Albert Reuther and Michael Houle and Michael Jones and Peter Michaleas and LaToya Anderson and William Arcand and Bill Bergeron and David Bestor and Alex Bonn and Daniel Burrill and Chansup Byun and Vijay Gadepally and Matthew Hubbell and Hayden Jananthan and Piotr Luszczek and Lauren Milechin and Guillermo Morales and Julie Mullen and Antonio Rosa and Charles Yee and Jeremy Kepner},
journal= {arXiv preprint arXiv:2409.10770},
year = {2025}
}