tiCrypt enables secure HPC batch processing using SLURM within an encrypted compute environment, supporting workloads such as machine learning, simulations, and large-scale data processing.

SLURM is widely used to orchestrate HPC workloads, but traditional clusters introduce security risks when handling regulated data, including weak authentication models, limited job isolation, administrative visibility into data, and challenges in auditing activity.

tiCrypt Security Model

tiCrypt addresses these risks with a user-centric cryptographic approach:

• Public-key authentication (no passwords)
• End-to-end encrypted storage
• User-controlled keys
• Isolated virtual machines for computation
• Restricted network communication

This model reduces reliance on infrastructure trust and protects data even if underlying systems are compromised.

Architecture Overview

tiCrypt integrates SLURM by separating scheduling from execution:

A project-level VM Controller coordinates storage, job execution, and communication with the tiCrypt backend. Standard SLURM commands (e.g., sbatch, srun) work without modification.

Job Execution Flow

1. User submits a job from a secure VM
2. Request is sent to the tiCrypt backend
3. Resources are scheduled via SLURM
4. Secure worker VMs are provisioned
5. Job executes in isolated VMs
6. Resources are released after completion

This ensures SLURM manages resources while computation remains within the secure environment.

Isolation and Security

• Scheduler cannot access data or code
• Jobs run in isolated, project-specific VMs
• Compute nodes communicate via authenticated tunnels
• All data remains encrypted

Summary

By separating control and execution and running workloads in isolated virtual machines, tiCrypt enables secure HPC batch processing with SLURM while maintaining strong protections for regulated data.