|
BGL Data Confidentiality
The BGL network is an open research network. We cannot
guarantee complete security for any data that resides on BGL. It is
up to the users to provide the security that they need and to
understand that BGL and its networks are open to many users and
cannot be protected at a partitioned level.
The basic level of protection that can be provided is unix file level
permissions and it is left to the users to do the correct thing with
the permissions. For example, the default permissions are group and
world readable. Users should change the directories which will hold
sensitive data to remove the world readable/writable/executable bits and if
they won't need to share data with another user, remove the group as well.
If a users needs a group for their project, please send email to
support@bgl.mcs.anl.gov
and provide a group name (that name must be 8
alpha chars or less) and a list of the usernames of desired members.
Users should also ensure that their umasks are set to the proper
setting so that newly created files and directories are protected as
desired. The default setting is group and world readable, which a
user wishing to protect their data from being read by others should
not be using. If a user needs help determining the proper umask and
setting it up as their default, they should send email to
consult@bgl.mcs.anl.gov and someone will help them set up their
environment as necessary.
It is up to the user to determine whether they need to encrypt their
files while they are on disk. BGL does not have the facilities to
provide encrypted filesystems. That means the data has to be
encrypted in the user's program before it is written out to disk or
the user may choose to run an encryption program over the final files.
If the user chooses to wait to run the encryption program over the
completed files, they should understand that the data in the files
will be vulnerable until that time. If a users wishes to encrypt the
data and needs help with this, they should send email to
consult@bgl.mcs.anl.gov.
Warning:
BGL administrators with root privileges can view all data on the
system unless it is encrypted. It is only viewable on certain highly
restricted machines and generally speaking, administrators only look
at user data when requested to or if there is a suspected
problem/security issue. However, it is the responsiblity of the user
to encrypt the data if they wish to prevent the admins from viewing
it.
BGL Software Use
Proprietary/Licensed Software
All software used on ALCF computers must be appropriately acquired and used
according to the appropriate licensing. Possession or use of illegally
copied software is prohibited. Likewise, users shall not copy copyrighted
software, except as permitted by the owner of the copyright. Currently, the
use of export-controlled codes is prohibited.
BGL Data Use
Prohibited Data
The ALCF computer systems are operated as research systems and only contain
data related to scientific research and do not contain personally
identifiable information (data that falls under the Privacy Act of 1974
5U.S.C. 552a). Use of ALCF resources to store, manipulate, or remotely
access any sensitive or national security information is prohibited. This
includes, but is not limited to: classified information, unclassified
controlled nuclear information (UCNI), naval nuclear propulsion information
(NNPI), the design or development of nuclear, biological, or chemical
weapons or any weapons of mass destruction. The use of ALCF resources for
personal or non-work-related activities is also prohibited.
Export Control
All principal investigators using ALCF resources and ALCF staff members are
responsible for knowing whether their project generates any of these
prohibited data types or information that falls under Export Control. For
questions, contact the BGL support team at support@bgl.mcs.anl.gov.
|