NCSA CyberSecurity

Restricted Community Accounts

Portal-based access to high-performance computing resources for communities is an emerging paradigm of allowing unprecented numbers of users access to HPC systems. Examples of this include the GridChem portal and the TeraGrid type 1 science gateways.

Processes launched by these portals still need to run in a Unix account on the HPC resources they utilize. This raises a number of security concerns as users of the portals are not vetted in the same manner as normal users of the HPC resource. The portal is also an additional link in the trust chain from the resource to the user that could be compromised, leading in turn to the compromise of the HPC resource.

Our work is focused on developing tools that enable the HPC administrators to sandbox the processes initiated by the portal. This allows the administrator to limit the trust they place in the portal, mitigating their risk in the even the portal is compromised.

Project Status:

This project has now ended.

Former Project Staff:

Design documents:

Conference papers:

User's Guides


Download are possible through CVS or in source tarball form from this website. Details can be found on the project downloads page

This project was funded under the NCSA NSF core program plan.