A-Z Index | Directory | Careers
What We Do

Security

At Berkeley Lab, we are researching and developing advanced computer systems and architecture technologies to secure scientific, high-performance computing systems, high-bandwidth research and education networks, and energy delivery systems. Our approach to security and privacy solutions focuses on enabling or improving processes and workflows that may otherwise not be possible due to real or perceived security restrictions that, using today’s solution, impose onerous usability or performance constraints.

Most recently, Berkeley Lab’s efforts in developing secure, advanced systems have focused on researching and developing new architectures appropriate to the performance and usage needs of scientific computing to secure scientific data from the edge to the HPC center. This includes sensor and edge systems that collect and process data outside the protection boundaries of traditional HPC centers, including against attacks such as ransomware and physical attacks against the computing system. Our approach addresses the gaps left by existing solutions for scientific workflows to address the specific power, performance, usability, and needs from the edge to the HPC center.

Projects

Data Enclaves for Scientific Computing

Scientific data today is at risk due to how it is collected, stored, and analyzed in highly disparate computing systems. We believe that in order to solve these problems, future HPC hardware and software solutions should be co-designed together with security and scientific computing integrity concepts designed and built into as much of the stack from the outset as possible.
This project is developing new architectures appropriate to the performance and usage needs of scientific computing to secure scientific data from the edge to the HPC center. This includes sensor and edge systems that collect and process data outside the protection boundaries of traditional HPC centers, including against attacks such as ransomware and physical attacks against the computing system. Our approach will address the gaps left by existing solutions for scientific workflows to address the specific power, performance, usability, and needs from the edge to the HPC center. Contact: Sean Peisert (Peisert on the Web)

Trusted CI – The National Science Foundation Cybersecurity of Excellence

The mission of Trusted CI — the National Science Foundation (NSF) Cybersecurity of Excellence — is to improve the cybersecurity of NSF computational science and engineering projects, while allowing those projects to focus on their science endeavors. As the National Science Foundation Cybersecurity Center of Excellence, Trusted CI draws on expertise from multiple internationally recognized institutions, including Indiana University, the University of Illinois, the University of Wisconsin-Madison, the Pittsburgh Supercomputing Center, and Berkeley Lab. Drawing on this expertise, Trusted CI collaborates with NSF-funded research organizations to focus on addressing the unique cybersecurity challenges faced by such entities. Contact: Sean Peisert (Peisert on the Web)

Medical Science DMZ

A Science DMZ is a portion of the network, built at or near the local network perimeter of an individual research institution, that is designed such that the equipment, configuration, and security poli- cies are optimized for high-performance workflows and large datasets. The traditional Science DMZ model is not currently employed in environments subject to the HIPAA Security Rule and HITECH requirements, due to the presumed technical controls based on de facto use of stateful and deep packet–inspecting commercial firewalls. The Medical Science DMZ is reengineered for “restricted data” as an approach that allows data flows at scale while simultaneously addressing the HIPAA Security Rule and related regulations governing sensitive data and appropriately managing risk. Contact: Sean Peisert (Peisert on the Web)

A Mathematical and Data-Driven Approach to Intrusion Detection for High-Performance Computing

The overall goals of this project were to develop mathematical and statistical methods to detect intrusions of high-performance computing systems. Our mathematical analysis was predicated on special characteristics of HPC systems than can be exploited to detect misuse or fraud. In this research work, we employed real system data, which we obtained in collaboration with staff in the NERSC Division of LBNL. Contact: Sean Peisert (Peisert on the Web)

News

Sean Peisert Tapped to Take on Deputy Director Role at Trusted CI

June 28, 2022

Sean Peisert has been tapped to serve as deputy director on the leadership team of Trusted CI, the NSF Cybersecurity Center of Excellence. Read More »

Berkeley Lab Cybersecurity Specialist Highlights Data Sharing Benefits, Challenges at NAS Meeting

December 4, 2018

Sean Peisert, chief cybersecurity researcher at Lawrence Berkeley National Lab, recently gave an invited talk on the challenges of data sharing in biomedical science at a meeting of the Committee on Science, Engineering, Medicine, and Public Policy, a joint unit of the National Academy of Sciences, National Academy of Engineering, and the National Academy of Medicine. Read More »

Berkeley Lab Researchers Contribute to Making Blockchains Even More Robust

January 30, 2018

In the last few years, researchers at Berkeley Lab, UC Davis, and the University of Stavanger in Norway have developed a new protocol, called BChain, which makes private blockchain even more robust. The researchers are also working with colleagues at Berkeley Lab and beyond to adapt this tool to support applications that are of strategic importance to the Department of Energy’s Office of Science. Read More »

Last edited: 09/27/2023

A U.S. Department of Energy National Laboratory Operated by the University of California