Lawrence Berkeley National Laboratory

Traditional security approaches do not adequately address all the requirements of open, scientific computing facilities. Many of the methods used for more restricted environments, including almost all corporate/commercial systems, do not meet the needs of today's science. Use of only the available "state of the practice" commercial methods will have adverse impact on the ability of DOE to accomplish its science goals, and impacts the productivity of the DOE Science community. In particular, NERSC and other high performance computing (HPC) centers have special security challenges that are unlikely to be met unless DOE funds development and support of reliable and effective tools designed to meet the cyber security needs of High Performance Science. The security challenges facing NERSC can be collected into three basic problem sets: network performance and dynamics, application complexity and diversity, and a complex user community that can have transient affiliations with actual institutions. To address these problems, NERSC proposes the following four general solutions: auditing user and system activity across sites; firewall port configuration in real time; cross-site/virtual organization identity management and access control; and detecting security issues in application middleware. Solutions are also proposed for three general long term issues: data volume, application complexity, and information integration.