Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF APRIL 25, 2018 FBO #5997
SPECIAL NOTICE

A -- TECHNOLOGY/BUSINESS OPPORTUNITY Processing Protected Data on High Performance Computing Clusters

Notice Date
4/23/2018
 
Notice Type
Special Notice
 
NAICS
238990 — All Other Specialty Trade Contractors
 
Contracting Office
Department of Energy, Lawrence Livermore National Laboratory (DOE Contractor), Industrial Partnerships & Commercialization, 7000 East Avenue, L-795, Livermore, California, 94550
 
ZIP Code
94550
 
Solicitation Number
FBO359-18
 
Archive Date
5/25/2018
 
Point of Contact
Connie L Pitcock, Phone: 925-422-1072
 
E-Mail Address
pitcock1@llnl.gov
(pitcock1@llnl.gov)
 
Small Business Set-Aside
N/A
 
Description
Opportunity : Lawrence Livermore National Laboratory (LLNL), operated by the Lawrence Livermore National Security (LLNS), LLC under contract no. DE-AC52-07NA27344 (Contract 44) with the U.S. Department of Energy (DOE), is offering the opportunity to collaborate on and commercialize LLNL's new method and system for securely processing protected data on high performance computing clusters. Background : The markets for computing with big data sets are rapidly growing. Data analysts, biomedical researchers and a wide variety of other scientists are seeking to run simulations on large scales - using traditional high-performance computing centers as well as cloud computing - and with real-world data sets that have been specially curated and packaged. With this increasing intersection between big data and big hardware and specialized software, there is a growing need for securing the data in use to meet regulatory and privacy demands as well as preserving the organization's competitive advantages. Using traditional high-performance computing (HPC) clusters requires additional security for sensitive data. Typical traditional HPC systems execute large and complex compute tasks, such as sophisticated simulation and data analysis, utilizing hundreds to thousands of individual computers ("compute nodes") that work together. HPC clusters typically operate in "batch" mode: a user submits a request for computation time to the "batch system" which then runs through a variety of steps to execute the job. A key feature of this mode of execution is that the user need not be connected when their job is launched or executed on the cluster. A second key feature is that the job (usually) executes with all the permissions and access afforded to the user when they are connected. Finally, many users' jobs can be executing simultaneously, using separate sets of compute nodes in the cluster. Many data application domains require stringent access control, protection, logging, and auditing for storage and use of sensitive data. The most stringent controls require encryption of data at rest (stored on disk or tape), and in transit (while being transferred over a network). Additional controls may be required wherever data is decrypted or encrypted: wiping of memory, emptying of caches, and secure management of encryption keys. The traditional way of applying encryption tools to protect data result in two protection states for a piece of protected data with respect to a specific user: either the data is encrypted, and not usable by the user, or it is decrypted and completely usable by the user. This traditional approach has a number of issues. These issues are particularly severe in a typical HPC cluster, which operates as a shared resource and in batch mode, providing storage and access to many users simultaneously. Available approaches to utilize encryption in HPC settings require significant changes to the HPC operational and execution environment, and only partially address these issues. Description : LLNL has developed a new method for securely processing protected data on HPC systems with minimal impact on the existing HPC operations and execution environment. It can be used with no alterations to traditional HPC operations and can be managed locally. It is fully compatible with traditional (unencrypted) processing and can run other jobs, unencrypted or not, on the cluster simultaneously. The method has been prototyped and is continuing to be developed at LLNL. Advantages : Livermore's method is scalable to very large data sets, protects against information leakage between managed information domains, and can be federated (work cooperatively across organization boundaries) with compatible systems. Additional advantages of LLNL's secure data processing method include: •1. The requesting user identity, as claimed in a user certificate, is explicitly verified to ensure that the requesting process is executing as assigned by the verified user. •2. The trusted components are explicitly identified, including how they are authenticated, what trusted information they have access to, and the specific version executing. •3. The user software never has access to the actual decryption keys and does not need modification. The user software can perform arbitrary local processing on the unencrypted data, except read or write output, outside the LLNL method. •1. All accesses to read or write protected data are logged and auditable. The log also provides authenticated provenance on all produced output. Provenance and chain of custody tracking is available for derived data objects on HPC clusters. •2. Data owners are explicitly identified, explicitly set enforceable policy, control individual access, and can revoke or deny access at any time in the future. Potential Applications LLNL's data protection system can be used to protect and log storage, transport and processing on HPC clusters of sensitive data, including health-, financial- and/or privacy-protected (HIPAA, FISMA, etc.), proprietary information, critical infrastructure information or sensitive data from any other domain. Because this methodology is a cybersecurity tool for securely working with big data on high-end computing systems, it is expected to be useful to partners and users in a wide variety of industries - information technology, communications, IoT, manufacturing, health care, banking/finance/insurance, government, and education, among others. A different application comes about in the context of mutually distrustful parties seeking to collaborate on specific tasks. LLNL's system enables collaborators to perform a specific software process of interest to both (like training a new machine learning model) without revealing each collaborator's sensitive input data. Once the collaborators codify their mutually-acceptable policy requiring the input data to be secured, LLNL's system enables the two organizations to securely use the data to jointly produce a useful output, without revealing to each other the protected input data required under the policy to be secured. Development Status: LLNL has filed for patent protection and has a copyright on the prototype code. Partnership Criteria NOTE: THIS IS NOT A PROCUREMENT. LLNL is seeking U.S. industry partn ers with a demonstrated ability to work with Federal Laboratories and bring Laboratory innovations to the market. Please visit the IPO website at https://ipo.llnl.gov/resources for more information on working with LLNL and the industrial partnering and technology transfer process. Interested organizations with experience and expertise commensurate with the commercialization efforts needed are invited to respond to this announcement by providing a detailed statement of interest no later than thirty (30) days from the publication date of this notice. The statement of interest should describe the following company elements: •1. Organization name and address •2. The name, address, and telephone number of a point of contact •3. Related experience, expertise and complimentary technologies •4. Demonstrated ability to bring HPC, big data management and/or cybersecurity innovations to the market •5. Demonstrated ability contributing to, testing and inter-operating with third party and open-source software •6. Sufficient resources to accomplish development and commercialization of the system •7. Interest in performing and/or funding cooperative research at the LLNL •8. Relevance for LLNL mission and economic development interest •9. Substantial presence in the United States. Note: LLNL's technology is export controlled, and LLNL prefers to work with U.S. organization(s). Written responses should be directed to: Lawrence Livermore National Laboratory Innovation and Partnerships Office P.O. Box 808, L-795 Livermore, CA 94551-0808 Attention: FBO 359-18 Please provide your written statement within thirty (30) days from the date this announcement is published to ensure consideration of your interest in LLNL's method for Processing Protected Data on High Performance Computing Clusters.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DOE/LLNL/LL/FBO359-18/listing.html)
 
Record
SN04897580-W 20180425/180423230531-9a9475e460899c0dcd159a0cf305c333 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.