Locking Down Science Gateways with Landlock and Seccomp
This work addresses security in scientific computing gateways, but the approach is incremental, applying existing Linux security mechanisms to a specific domain.
The authors explore using Landlock and Seccomp to secure science gateways by restricting resource access after startup, demonstrating a fully-functioning gateway for the FUKA code that relies on Landlock for security instead of user authentication.
The most recent Linux kernels have a new feature for securing applications: Landlock. Like Seccomp before it, Landlock makes it possible for a running process to give up access to resources. For applications running as Science Gateways, network access is required while starting up MPI, but for the sake of security, it should be taken away prior to the reading of user-supplied parameter files. We explore the usefulness of Landlock by modifying and locking down three mature scientific codes: The Einstein Toolkit (a code that studies the dynamics of relativistic astrophysics, e.g. neutron star collisions), Octo-Tiger (a code for studying the dynamics of non-relativistic astrophysics, e.g. white dwarfs), and FUKA (an initial data solver for relativistic codes). Finally, we implement a fully-functioning FUKA science gateway that relies on Landlock (instead of user authentication) for security.