🤖 AI Summary
This work addresses the longstanding challenge in high-performance computing (HPC) of simultaneously achieving high computational performance and robust security for sensitive data, particularly in highly regulated domains such as life sciences. The authors propose a novel, high-security HPC platform that enforces end-to-end encryption across the entire data lifecycle—covering data at rest, in transit, and in use. This is accomplished through the first-time deep integration of AMD hardware-based memory encryption, IBM Storage Scale file-level encryption, and Thales CipherTrust centralized key management, complemented by operating system hardening and mandatory multi-factor authentication. The resulting architecture complies with major security standards including GDPR, ISO/IEC 27001, and FIPS, while significantly minimizing performance overhead. Biomedical benchmarking demonstrates that stringent security and high performance can indeed coexist effectively, achieving a unified balance between safety and efficiency.
📝 Abstract
Traditionally, the architecture of high-performance computing (HPC) systems is tailored for speed, while highly secure computer systems must sacrifice speed for security. However, a wide range of scientific domains, such as the life sciences, call for a combination of performance and security to allow processing sensitive data at scale. Here, we present RAMSES (Research Accelerator for Modeling and Simulation with Enhanced Security), an HPC system designed from the ground up to deliver high performance within a robust security framework. RAMSES integrates hardware-based memory encryption of AMD processors with state-of-the-art file encryption from IBM Storage Scale and the Thales CipherTrust manager, establishing an HPC platform that ensures continuous encryption throughout the data life cycle - at rest, in transit, and in use - in compliance with major data protection standards (European General Data Protection Regulation, ISO/IEC 27001 certification, and Federal Information Processing Standards). In addition, we implemented advanced operating system hardening, a multi-layered security architecture, and mandatory multi-factor authentication to adapt the HPC environment to increased security demands. Benchmark results from the biomedical sector demonstrate that the performance impact of the secure environment is limited and that integration of the conflicting requirements speed and security can be achieved while preserving a coherent, flexible, and user-friendly system.