Locking Down Science Gateways
By: Steven R Brandt , Max Morris , Patrick Diehl and more
Potential Business Impact:
Keeps computer programs safer by limiting what they can do.
The most recent Linux kernels have a new feature for securing applications: Landlock. Like Seccomp before it, Landlock makes it possible for a running process to give up access to resources. For applications running as Science Gateways, network access is required while starting up MPI, but for the sake of security, it should be taken away prior to the reading of user-supplied parameter files. We explore the usefulness of Landlock by modifying and locking down three mature scientific codes: The Einstein Toolkit (a code that studies the dynamics of relativistic astrophysics, e.g. neutron star collisions), Octo-Tiger (a code for studying the dynamics of non-relativistic astrophysics, e.g. white dwarfs), and FUKA (an initial data solver for relativistic codes). Finally, we implement a fully-functioning FUKA science gateway that relies on Landlock (instead of user authentication) for security.
Similar Papers
Securing Operating Systems Through Fine-grained Kernel Access Limitation for IoT Systems
Cryptography and Security
Secures small computers by blocking bad commands.
DistilLock: Safeguarding LLMs from Unauthorized Knowledge Distillation on the Edge
Cryptography and Security
Keeps AI learning private on your device.
Safe Sharing of Fast Kernel-Bypass I/O Among Nontrusting Applications
Operating Systems
Lets apps share computer parts safely and fast.