High Performance Computing (HPC) defines a computing paradigm characterized by extraordinarily powerful computing capacity. An HPC infrastructure is also equipped with high-bandwidth network connections, and extensive storage. The mentioned resources make their employment in academic and industrial environments clear, as well as the manipulation of huge amounts of sensitive and critical data. Since HPC infrastructures involve a broad quantity of desirable resources, including confidential data, and are employed for research and industry tasks, they become an attractive target for malicious entities. Furthermore, the heterogeneous resources involved in the HPC systems and their consideration as “trusted” systems worsen the situation. Applying traditional security measures to individual nodes of the infrastructure is an inadequate strategy because it does not consider the system as a whole. To enhance security, use a “defense-in-depth” strategy by implementing multiple layers of controls across the system, ensuring that if one or two layers fail, others remain in place to thwart potential attacks. While not ensuring absolute security, it makes successful attacks highly challenging. Clearly, this approach does not provide absolute security but only offers the means to make a successful attack so difficult to execute that it becomes unsustainable for an attacker. These considerations push the necessity to identify the threats that an HPC infrastructure may be affected to and how the security of these systems may be assessed to understand: the security level of the analyzed infrastructure; the applied security controls, if they are implemented; and the possible ones that may be applied to improve the security level. By following this direction, with this work, we propose: (i) a threat analysis for an HPC system through a fine-grained threat modeling technique; and (ii) a possible approach to perform a security assessment of an HPC system. Additionally, we propose a possible approach to selecting suitable security controls to improve the security level of an HPC infrastructure. Lastly, we present some results for V:HPCCRI: the supercomputer of the University of Campania Luigi Vanvitelli.
Threat Analysis and Security Assessment of an HPC System
Elia R.;Rak M.
2026
Abstract
High Performance Computing (HPC) defines a computing paradigm characterized by extraordinarily powerful computing capacity. An HPC infrastructure is also equipped with high-bandwidth network connections, and extensive storage. The mentioned resources make their employment in academic and industrial environments clear, as well as the manipulation of huge amounts of sensitive and critical data. Since HPC infrastructures involve a broad quantity of desirable resources, including confidential data, and are employed for research and industry tasks, they become an attractive target for malicious entities. Furthermore, the heterogeneous resources involved in the HPC systems and their consideration as “trusted” systems worsen the situation. Applying traditional security measures to individual nodes of the infrastructure is an inadequate strategy because it does not consider the system as a whole. To enhance security, use a “defense-in-depth” strategy by implementing multiple layers of controls across the system, ensuring that if one or two layers fail, others remain in place to thwart potential attacks. While not ensuring absolute security, it makes successful attacks highly challenging. Clearly, this approach does not provide absolute security but only offers the means to make a successful attack so difficult to execute that it becomes unsustainable for an attacker. These considerations push the necessity to identify the threats that an HPC infrastructure may be affected to and how the security of these systems may be assessed to understand: the security level of the analyzed infrastructure; the applied security controls, if they are implemented; and the possible ones that may be applied to improve the security level. By following this direction, with this work, we propose: (i) a threat analysis for an HPC system through a fine-grained threat modeling technique; and (ii) a possible approach to perform a security assessment of an HPC system. Additionally, we propose a possible approach to selecting suitable security controls to improve the security level of an HPC infrastructure. Lastly, we present some results for V:HPCCRI: the supercomputer of the University of Campania Luigi Vanvitelli.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
