pith. sign in

arxiv: 2606.27919 · v1 · pith:PA24KIHEnew · submitted 2026-06-26 · 💻 cs.DC · cs.CR

RAMSES: Secure high-performance computing for sensitive data

Peter Heger , Lech Nieroda , Roland Pabel , Christoph Stollwerk , Stefan Borowski , Kamil Tokmakov , Michael Commer , Martin Peifer
show 2 more authors
Stefan Wesner Viktor Achter
This is my paper

Pith reviewed 2026-06-29 02:43 UTC · model grok-4.3

classification 💻 cs.DC cs.CR
keywords high-performance computingdata securityencryptionsensitive databiomedical computingregulatory complianceHPC architectureperformance benchmarks
0
0 comments X

The pith

RAMSES shows an HPC platform can keep sensitive data encrypted at every stage while limiting performance loss to acceptable levels.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper describes RAMSES, an HPC system built to process sensitive data at scale by combining hardware memory encryption with file encryption and operating system hardening. Data stays protected at rest, in transit, and during use through AMD processor features, IBM Storage Scale, and Thales CipherTrust tools, all while meeting GDPR, ISO 27001, and FIPS requirements. Multi-factor authentication and layered security measures adapt the environment to stricter demands without breaking existing workflows. Biomedical benchmarks indicate the added protections cause only limited slowdowns. A reader would care because fields that handle private information at large volumes could run demanding calculations without choosing between speed and compliance.

Core claim

RAMSES integrates AMD hardware-based memory encryption with IBM Storage Scale file encryption and Thales CipherTrust management to maintain continuous encryption throughout the data life cycle. It adds advanced operating system hardening and mandatory multi-factor authentication. The resulting platform complies with European General Data Protection Regulation, ISO/IEC 27001, and Federal Information Processing Standards. Benchmark results from the biomedical sector show the performance impact of these measures remains limited, allowing speed and security to coexist in a coherent, flexible, and user-friendly system.

What carries the argument

The continuous encryption stack that protects data at rest, in transit, and in use, combined with OS hardening inside a standard HPC architecture.

If this is right

  • Biomedical research can run large-scale computations on sensitive data without major speed penalties.
  • HPC installations can meet strict data-protection regulations while retaining flexibility for users.
  • Encryption throughout the data life cycle becomes practical in performance-critical environments.
  • Existing HPC software stacks remain usable after the addition of these security layers.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same layered approach might support other domains that need both high computation and privacy, such as financial risk modeling.
  • Ongoing validation against new workloads would be needed to confirm the limited-impact result holds more widely.
  • Integration challenges could arise if the encryption components require frequent updates to stay current with standards.

Load-bearing premise

The chosen encryption stack and hardening steps will continue to deliver acceptable performance and security under production workloads beyond the biomedical benchmarks shown.

What would settle it

Performance measurements on a broader set of production workloads that reveal either large slowdowns or encryption failures despite the described measures would disprove the central claim.

Figures

Figures reproduced from arXiv: 2606.27919 by Christoph Stollwerk, Kamil Tokmakov, Lech Nieroda, Martin Peifer, Michael Commer, Peter Heger, Roland Pabel, Stefan Borowski, Stefan Wesner, Viktor Achter.

Figure 1
Figure 1. Figure 1: GPFS-based file encryption on RAMSES. File encryption is managed through the GPFS kernel module and the Thales CipherTrust Manager for Remote Key Man￾agement (RKM). Two encrypted file sets (fileset a, fileset b) with three files each are shown. Each file is encrypted via its unique File Encryption Key (FEK1-6), which is stored in the file’s extended attributes. FEKs in turn are encrypted by a file set-spec… view at source ↗
Figure 2
Figure 2. Figure 2: Secure vs. traditional HPC workflow on RAMSES. 1: UoC members connect to the UoC network using multi-factor authentication (MFA) based on their IDM credentials and Cisco Duo. 2: Registered HPC users login to RAMSES using multi-factor authentication with an SSH key pair and Cisco Duo. 3: On the frontend node(s), users submit their jobscript for confidential (left side) or traditional computing (right side) … view at source ↗
Figure 3
Figure 3. Figure 3: The RAMSES SSH key upload website. A: UoC members with approved RAMSES account can connect to the RAMSES key upload website (https://ramses -umc.itcc.uni-koeln.de/web-sshkey/login) from within the University network, using their UoC IDM credentials and Cisco Duo. B, C: To improve user experience and security, a JavaScript-Plugin carries out SSH key pair generation and ensures its protection with a strong p… view at source ↗
Figure 4
Figure 4. Figure 4: RAMSES’s security layout. The physical and logical system components of RAMSES are separated into four security levels, S0 to S3, illustrated as concentric circles. Unprivileged users can only access login and compute nodes of the lowest security level, S3 (outer ring). Access to nodes of higher security levels (S0 to S2) is restricted to privileged accounts and implemented through unidirectionality, harde… view at source ↗
Figure 5
Figure 5. Figure 5: Performance of two contrasting workloads under various encryp￾tion regimes. RepeatMasker (top; I/O-heavy) and BWA-MEM2 (bottom; memory￾intensive) runs were carried out in seven different configurations with six replicates each: 1) Standard SMP node without memory and without file encryption (SMP-M⊖F⊖); 2) SME-enabled node with memory encryption, without file encryption (SME-M⊕F⊖); 3) SME-enabled node with … view at source ↗
read the original abstract

Traditionally, the architecture of high-performance computing (HPC) systems is tailored for speed, while highly secure computer systems must sacrifice speed for security. However, a wide range of scientific domains, such as the life sciences, call for a combination of performance and security to allow processing sensitive data at scale. Here, we present RAMSES (Research Accelerator for Modeling and Simulation with Enhanced Security), an HPC system designed from the ground up to deliver high performance within a robust security framework. RAMSES integrates hardware-based memory encryption of AMD processors with state-of-the-art file encryption from IBM Storage Scale and the Thales CipherTrust manager, establishing an HPC platform that ensures continuous encryption throughout the data life cycle - at rest, in transit, and in use - in compliance with major data protection standards (European General Data Protection Regulation, ISO/IEC 27001 certification, and Federal Information Processing Standards). In addition, we implemented advanced operating system hardening, a multi-layered security architecture, and mandatory multi-factor authentication to adapt the HPC environment to increased security demands. Benchmark results from the biomedical sector demonstrate that the performance impact of the secure environment is limited and that integration of the conflicting requirements speed and security can be achieved while preserving a coherent, flexible, and user-friendly system.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. The manuscript describes RAMSES, an HPC system integrating AMD SME hardware memory encryption, IBM Storage Scale file encryption, Thales CipherTrust key management, OS hardening, multi-layered security architecture, and mandatory MFA. The design targets continuous encryption (at rest, in transit, and in use) for sensitive biomedical data while complying with GDPR, ISO/IEC 27001, and FIPS. The central claim is that biomedical-sector benchmarks demonstrate limited performance impact, showing that speed and security requirements can be reconciled in a coherent, flexible, user-friendly system.

Significance. If the performance claims are substantiated with quantified overheads against unsecured baselines and representative HPC workloads, the work would be significant for domains requiring secure processing of sensitive data at scale. The explicit end-to-end encryption stack and compliance mapping constitute a concrete systems contribution that could serve as a reference for other secure HPC deployments.

major comments (2)
  1. [Abstract] Abstract: The load-bearing claim that 'benchmark results from the biomedical sector demonstrate that the performance impact of the secure environment is limited' supplies no quantitative overhead figures, workload descriptions, comparison baselines, error bars, or statistical details. Without these, the central performance claim cannot be evaluated.
  2. [Abstract] Abstract: The assumption that the encryption stack (AMD SME + IBM Storage Scale + Thales CipherTrust) plus OS hardening will continue to deliver acceptable performance under production workloads beyond the specific biomedical benchmarks is untested in the provided text; no additional access patterns or scaling results are referenced to support generalizability.
minor comments (1)
  1. The abstract would be strengthened by including at least one concrete performance metric (e.g., percentage overhead on a named benchmark) to allow readers to assess the 'limited impact' claim immediately.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback on our manuscript. We address the major comments point by point below, agreeing where revisions are needed to improve clarity and substantiation of claims.

read point-by-point responses

  1. Referee: [Abstract] Abstract: The load-bearing claim that 'benchmark results from the biomedical sector demonstrate that the performance impact of the secure environment is limited' supplies no quantitative overhead figures, workload descriptions, comparison baselines, error bars, or statistical details. Without these, the central performance claim cannot be evaluated.

    Authors: We agree that the abstract lacks the requested quantitative details. The full manuscript (Section 4) contains the benchmark results with overhead figures, workload descriptions (e.g., representative biomedical applications), comparison baselines (unsecured vs. secured configurations), error bars, and statistical details. We will revise the abstract to include key quantitative results summarizing these findings. revision: yes

  2. Referee: [Abstract] Abstract: The assumption that the encryption stack (AMD SME + IBM Storage Scale + Thales CipherTrust) plus OS hardening will continue to deliver acceptable performance under production workloads beyond the specific biomedical benchmarks is untested in the provided text; no additional access patterns or scaling results are referenced to support generalizability.

    Authors: The manuscript scope is centered on the biomedical sector with benchmarks for workloads typical of that domain. We do not present additional access patterns or scaling results beyond these, nor do we claim broad generalizability. We will revise the abstract and/or discussion section to explicitly note this scope limitation and indicate that further validation for other workloads would be required. revision: partial

Circularity Check

0 steps flagged

No circularity: systems description with external benchmarks, no derivations or self-referential predictions

full rationale

The paper describes an HPC system implementation (AMD SME + IBM Storage Scale + Thales CipherTrust + OS hardening) and cites benchmark results from the biomedical sector to support performance claims. No equations, fitted parameters, predictions, or derivation chains exist. Claims rest on implementation details and external benchmarks rather than reducing to self-definitions or self-citations. No load-bearing steps match any enumerated circularity pattern.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

This is a systems-engineering report on a deployed platform. No mathematical derivations, fitted constants, or new theoretical entities are involved; the central claim rests entirely on the described implementation and the (undetailed) benchmark results.

pith-pipeline@v0.9.1-grok · 5780 in / 1102 out tokens · 39598 ms · 2026-06-29T02:43:10.383212+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

65 extracted references · 19 canonical work pages

  1. [1]

    Advanced Micro Devices, Inc.: AMD SEV-SNP: Strengthening VM isolation with integrity protection and more. Tech. rep., AMD (Jan 2020), https://www.amd.com/ content/dam/amd/en/documents/epyc-business-docs/white-papers/SEV-SNP-s trengthening-vm-isolation-with-integrity-protection-and-more.pdf

    2020

  2. [2]

    In: 2021 IEEE International Parallel and Distributed Processing Symposium (IPDPS)

    Akram, A., Giannakou, A., Akella, V., Lowe-Power, J., Peisert, S.: Performance analysis of scientific computing workloads on general purpose TEEs. In: 2021 IEEE International Parallel and Distributed Processing Symposium (IPDPS). pp. 1066– 1076 (May 2021),https://doi.org/10.1109/IPDPS49936.2021.00115

    work page doi:10.1109/ipdps49936.2021.00115 2021

  3. [3]

    Arm Ltd.: Realm Management Extension (RME) — System Architecture. Tech. rep., Arm Ltd. (Jun 2021), https://documentation-service.arm.com/static/60d330 9b677cf7536a55bae0

    2021

  4. [4]

    Journal of the American Chemical Society 146(29), 20009–20018 (2024), https://doi.org/10.102 1/jacs.4c03849

    Chen, C., Nguyen, D.T., Lee, S.J., Baker, N.A., Karakoti, A.S., Lauw, L., Owen, C., Mueller, K.T., Bilodeau, B.A., Murugesan, V., Troyer, M.: Accelerating com- putational materials discovery with machine learning and cloud high-performance computing: from large-scale screening to experimental validation. Journal of the American Chemical Society 146(29), 2...

    2024

  5. [5]

    Cisco Systems, Inc.: Complete identity security and MFA solutions|Duo Security (2026),https://duo.com/, accessed: 2026-01-14

    2026

  6. [6]

    Cloud-Security-Alliance: Survey report—security practices in HPC & HPC cloud (2020), https://cloudsecurityalliance.org/artifacts/survey-report-securit y-practices-in-hpc-cloud, accessed: 2025-10-27

    2020

  7. [7]

    Confidential Computing Consortium: Confidential computing: Hardware-based trusted execution for applications and data. Whitepaper Version 1.3, Confidential Computing Consortium, Linux Foundation (Nov 2022), https://confidentialcomp uting.io/wp-content/uploads/sites/10/2023/03/CCC_outreach_whitepaper_up dated_November_2022.pdf

    2022

  8. [8]

    Computers & Security 154, 104457 (2025), https://www.sciencedirect.com/ science/article/pii/S0167404825001464

    Coppolino, L., D’Antonio, S., Mazzeo, G., Romano, L.: An experimental evaluation of TEE technology: Benchmarking transparent approaches based on SGX, SEV, and TDX. Computers & Security 154, 104457 (2025), https://www.sciencedirect.com/ science/article/pii/S0167404825001464

    2025

  9. [9]

    BMC Bioinformatics 19, 348 (Oct 2018), https://doi.org/10.1186/s128 59-018-2376-y

    Crescente, J.M., Zavallo, D., Helguera, M., Vanzetti, L.S.: MITE Tracker: an accu- rate approach to identify miniature inverted-repeat transposable elements in large genomes. BMC Bioinformatics 19, 348 (Oct 2018), https://doi.org/10.1186/s128 59-018-2376-y

    work page doi:10.1186/s128 2018

  10. [10]

    Cyber Risk Institute (CRI): The CRI profile: A financial sector use case for the NIST cybersecurity framework. Tech. rep., Cyber Risk Institute (May 2023), https: //cyberriskinstitute.org/the-profile

    2023

  11. [11]

    Department of Defense Chief Information Officer, Zero Trust Portfolio Management Office: DoD zero trust strategy. Strategy Document Version 1.0, United States De- partment of Defense, Office of the Chief Information Officer (DoD CIO), Washington, D.C., USA (Oct 2022), https://dodcio.defense.gov/Portals/0/Documents/Libra ry/DoD-ZTStrategy.pdf , prepared by...

    2022

  12. [12]

    Economics Working Paper Series 1601, University of the West of England, Bristol, Bristol, UK (2016), https://www2.uwe.ac.uk/faculties/BBS/Documents/1601.pdf

    Desai, T., Ritchie, F., Welpton, R.: Five Safes: Designing data access for research. Economics Working Paper Series 1601, University of the West of England, Bristol, Bristol, UK (2016), https://www2.uwe.ac.uk/faculties/BBS/Documents/1601.pdf

    2016

  13. [13]

    Genome Research 35(12), 2626–2636 (2025),http://genome.cshlp.org/content/35/12/2626.abstract

    Dokmai, N., Zhu, K., Sahinalp, S.C., Cho, H.: Secure phasing of private genomes in a trusted execution environment with TX-Phase. Genome Research 35(12), 2626–2636 (2025),http://genome.cshlp.org/content/35/12/2626.abstract

    2025

  14. [14]

    Regulation 2016/679, Official Journal of the European Union (2016), https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679 , oJ L 119, 4.5.2016, pp

    European Parliament, Council of the European Union: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Regulation 2016/679, Of...

    2016

  15. [15]

    Financial Stability Board (FSB): Summary report on financial sector cybersecurity: Regulations, guidance and supervisory practices. Tech. rep., Financial Stability Board (Oct 2017),https://www.fsb.org/wp-content/uploads/P131017-1.pdf

    2017

  16. [16]

    Proceedings of the National Academy of Sciences of the United States of America 117, 9451–9457 (Apr 2020),https://doi.org/10.1073/pnas.1921046117

    Flynn, J.M., Hubley, R., Goubert, C., Rosen, J., Clark, A.G., Feschotte, C., Smit, A.F.: RepeatModeler2 for automated genomic discovery of transposable element fami- lies. Proceedings of the National Academy of Sciences of the United States of America 117, 9451–9457 (Apr 2020),https://doi.org/10.1073/pnas.1921046117

    work page doi:10.1073/pnas.1921046117 2020

  17. [17]

    Genome Research 34, 769– 777 (Jun 2024),https://doi.org/10.1101/gr.278090.123

    Gabriel, L., Br˚ una, T., Hoff, K.J., Ebel, M., Lomsadze, A., Borodovsky, M., Stanke, M.: Braker3: Fully automated genome annotation using RNA-seq and protein evi- dence with Genemark-ETP, AUGUSTUS, and TSEBRA. Genome Research 34, 769– 777 (Jun 2024),https://doi.org/10.1101/gr.278090.123

    work page doi:10.1101/gr.278090.123 2024

  18. [18]

    In: Proceedings of the 30th USENIX Security Symposium

    Gaddam, S., Luykx, A., Sinha, R., Watson, G.: Reducing HSM reliance in pay- ments through proxy re-encryption. In: Proceedings of the 30th USENIX Security Symposium. pp. 4061–4080. USENIX Security ’21, USENIX Association (2021), https://www.usenix.org/conference/usenixsecurity21/presentation/gaddam

    2021

  19. [19]

    SN Computer Science 2(5) (2021),https://doi.org/10.1007/s42979-021-00781-8

    Giallorenzo, S., Mauro, J., Poulsen, M.G., Siroky, F.: Virtualization costs: Bench- marking containers and virtual machines against bare-metal. SN Computer Science 2(5) (2021),https://doi.org/10.1007/s42979-021-00781-8

    work page doi:10.1007/s42979-021-00781-8 2021

  20. [20]

    Technical Spec- ification (2021), https://globalplatform.org/wp-content/uploads/2021/03/GPD _TEE_Internal_Core_API_Specification_v1.3.1_PublicRelease_CC.pdf

    GlobalPlatform: TEE Internal Core API Specification, public release. Technical Spec- ification (2021), https://globalplatform.org/wp-content/uploads/2021/03/GPD _TEE_Internal_Core_API_Specification_v1.3.1_PublicRelease_CC.pdf

    2021

  21. [21]

    Guo, Y., Chandramouli, R., Wofford, L., Gregg, R., Key, G., Clark, A., Hinton, C., Prout, A., Reuther, A., Adamson, R., Warren, A., Bangalore, P., Deumens, E., Farkas, C.: High-performance computing security: Architecture, threat analysis, and security posture. Tech. Rep. NIST SP 800-223, National Institute of Standards and Technology, Gaithersburg, MD (2...

    work page doi:10.6028/nist.sp.800-223 2024

  22. [22]

    PLoS Computational Biology 17, e1009244 (Jul 2021), https://doi.org/10.1371/journal.pcbi.1009244

    Hanussek, M., Bartusch, F., Kr¨uger, J.: Performance and scaling behavior of bioinfor- matic applications in virtualization environments to create awareness for the efficient use of compute resources. PLoS Computational Biology 17, e1009244 (Jul 2021), https://doi.org/10.1371/journal.pcbi.1009244

    work page doi:10.1371/journal.pcbi.1009244 2021

  23. [23]

    International Journal of Information Security 24(3), 146 (2025), https://doi.org/10.1007/s10207-025-01044-w

    Hussain, M.A., Samrouth, K., Bakir, N.: A survey on malware attacks in industrial air-gap systems. International Journal of Information Security 24(3), 146 (2025), https://doi.org/10.1007/s10207-025-01044-w

    work page doi:10.1007/s10207-025-01044-w 2025

  24. [24]

    Intel Corporation: Intel®hardware shield – Intel®Total Memory Encryption. Tech. rep., Intel Corporation (2022), https://www.intel.com/content/dam/www/centra l-libraries/us/en/documents/white-paper-intel-tme.pdf

    2022

  25. [25]

    International Standard 19790, ISO/IEC (2025),https://www.iso.org/standard/82423.html

    International Organization for Standardization and International Electrotechnical Commission: ISO/IEC 19790:2025 — Information security, cybersecurity and pri- RAMSES: Next-generation HPC security 21 vacy protection — Security requirements for cryptographic modules. International Standard 19790, ISO/IEC (2025),https://www.iso.org/standard/82423.html

    2025

  26. [26]

    ISO/IEC: ISO/IEC 27001:2022 — information security, cybersecurity and privacy protection — information security management systems — requirements. Interna- tional Standard ISO/IEC 27001:2022, International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC), Geneva, Switzerland (Oct 2022), https://www.iso.org/standard/...

    2022

  27. [27]

    ITCC, University of Cologne: Identity management – uniKIM (2024), https://itcc .uni-koeln.de/en/services/accounts-communication/identity-management-u nikim, accessed: 2026-01-14

    2024

  28. [28]

    ITCC, University of Cologne: RAMSES SSH Key Upload (2026), https://ramses-u mc.itcc.uni-koeln.de/web-sshkey/login, accessed: 2026-01-14

    2026

  29. [29]

    In: Klus´ aˇ cek, D., Corbal´ an, J., Rodrigo, G.P

    Jette, M.A., Wickberg, T.: Architecture of the Slurm workload manager. In: Klus´ aˇ cek, D., Corbal´ an, J., Rodrigo, G.P. (eds.) Job Scheduling Strategies for Parallel Process- ing. pp. 3–23. Springer Nature Switzerland, Cham (2023), https://link.springer. com/chapter/10.1007/978-3-031-43943-8_1

    work page doi:10.1007/978-3-031-43943-8_1 2023

  30. [30]

    Joint Task Force Transformation Initiative: Security and privacy controls for infor- mation systems and organizations (NIST special publication 800-53 rev. 5). Tech. Rep. 800-53 Rev. 5, National Institute of Standards and Technology (Sep 2020), https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final

    2020

  31. [31]

    IEEE Access 9, 98772–98789 (2021), http://dx.doi.org/10.1109/A CCESS.2021.3096189

    Jung, W., Lee, E., Kim, S., Kim, J., Kim, N., Lee, K., Min, C., Cheon, J.H., Ahn, J.H.: Accelerating fully homomorphic encryption through architecture-centric analysis and optimization. IEEE Access 9, 98772–98789 (2021), http://dx.doi.org/10.1109/A CCESS.2021.3096189

    work page doi:10.1109/a 2021

  32. [32]

    Ad- vanced Micro Devices, Inc

    Kaplan, D., Powell, J., Woller, T.: AMD Memory Encryption – White Paper. Ad- vanced Micro Devices, Inc. (2021), https://www.amd.com/content/dam/amd/en/doc uments/epyc-business-docs/white-papers/memory-encryption-white-paper.p df

    2021

  33. [33]

    Open Infrastructure Foundation (2024), https://katacontainers.io , accessed: 2024

    Kata Containers Community: Kata containers — open source container runtime software. Open Infrastructure Foundation (2024), https://katacontainers.io , accessed: 2024

    2024

  34. [34]

    J Med Internet Res 24(9), e33720 (Sep 2022),https://doi.org/10.2196/33720

    Kavianpour, S., Sutherland, J., Mansouri-Benssassi, E., Coull, N., Jefferson, E.: Next- generation capabilities in Trusted Research Environments: Interview study. J Med Internet Res 24(9), e33720 (Sep 2022),https://doi.org/10.2196/33720

    work page doi:10.2196/33720 2022

  35. [35]

    In: Proceedings of the SC ’25 Workshops of the International Conference for High Performance Computing, Networking, Storage and Analysis

    Keßler, R., Nieroda, L., Volpert, S., Gr ¨af, M., Achter, V., Hunhold, L., Wesner, S.: Evaluating trusted execution environment performance for genome sequence align- ment: An AMD SEV case study. In: Proceedings of the SC ’25 Workshops of the International Conference for High Performance Computing, Networking, Storage and Analysis. p. 1951–1958. SC Worksh...

    work page doi:10.1145/3731599.3767558 1951

  36. [36]

    In: Mulder, V., Mermoud, A., Lenders, V., Tellenbach, B

    Kr¨ahenb¨uhl, C., Perrig, A.: Key management. In: Mulder, V., Mermoud, A., Lenders, V., Tellenbach, B. (eds.) Trends in Data Protection and Encryption Technologies, pp. 15–20. Springer Nature Switzerland, Cham (2023), https://doi.org/10.1007/97 8-3-031-33386-6_4

    work page doi:10.1007/97 2023

  37. [37]

    Journal of Cloud Computing 12(1) (Dec 2023),https://doi.org/10.1186/s13677-023-00546-z

    Kuity, A., Peddoju, S.K.: Investigating performance metrics for container-based HPC environments using x86 and OpenPOWER systems. Journal of Cloud Computing 12(1) (Dec 2023),https://doi.org/10.1186/s13677-023-00546-z

    work page doi:10.1186/s13677-023-00546-z 2023

  38. [38]

    In: Galinina, O., Andreev, S., Balandin, S., Koucheryavy, Y

    Kuzminykh, I., Ghita, B., Shiaeles, S.: Comparative analysis of cryptographic key management systems. In: Galinina, O., Andreev, S., Balandin, S., Koucheryavy, Y. 22 Heger et al. (eds.) Internet of Things, Smart Spaces, and Next Generation Networks and Systems. pp. 80–94. Springer International Publishing, Cham (2020), https://link.springe r.com/chapter/1...

    work page doi:10.1007/978-3-030-65729-1_8 2020

  39. [39]

    Genome Research 20, 1297–1303 (Sep 2010), https://doi.org/10.1 101/gr.107524.110

    McKenna, A., Hanna, M., Banks, E., Sivachenko, A., Cibulskis, K., Kernytsky, A., Garimella, K., Altshuler, D., Gabriel, S., Daly, M., DePristo, M.A.: The Genome Analysis Toolkit: a MapReduce framework for analyzing next-generation DNA se- quencing data. Genome Research 20, 1297–1303 (Sep 2010), https://doi.org/10.1 101/gr.107524.110

    2010

  40. [40]

    Future Generation Computer Systems 134, 13–21 (2022), https://www.sc iencedirect.com/science/article/pii/S0167739X22001145

    Meftah, S., Tan, B.H.M., Aung, K.M.M., Yuxiao, L., Jie, L., Veeravalli, B.: Towards high performance homomorphic encryption for inference tasks on CPU: An MPI approach. Future Generation Computer Systems 134, 13–21 (2022), https://www.sc iencedirect.com/science/article/pii/S0167739X22001145

    2022

  41. [41]

    National Institute of Standards and Technology: FIPS 140-2: Security requirements for cryptographic modules, update 2 (including Annex A: Approved security func- tions). Tech. rep., National Institute of Standards and Technology (May 2001), https://csrc.nist.gov/files/pubs/fips/140-2/upd2/final/docs/fips140 2annexa.pdf

    2001

  42. [42]

    National Institute of Standards and Technology: FIPS 197: Advanced Encryption Standard (AES). Tech. rep., National Institute of Standards and Technology (Nov 2001),https://doi.org/10.6028/NIST.FIPS.197-upd1

    work page doi:10.6028/nist.fips.197-upd1 2001

  43. [43]

    National Institute of Standards and Technology: FIPS 140-3: Security requirements for cryptographic modules. Tech. rep., National Institute of Standards and Technology (Mar 2019),https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf

    2019

  44. [44]

    National Science Foundation: Ten ways advanced computing catalyzes science.https: //phys.org/news/2015-11-ten-ways-advanced-catalyzes-science.html (Nov 2015), retrieved October 27, 2025

    2015

  45. [45]

    Future Generation Computer Systems 141, 677–691 (2023), https://www.sciencedirect.com/scienc e/article/pii/S0167739X2200423X

    Nolte, H., Spicher, N., Russel, A., Ehlers, T., Krey, S., Krefting, D., Kunkel, J.: Secure HPC: A workflow providing a secure partition on an HPC system. Future Generation Computer Systems 141, 677–691 (2023), https://www.sciencedirect.com/scienc e/article/pii/S0167739X2200423X

    2023

  46. [46]

    NVIDIA Mellanox OFED / Networking docs (online) (2023), https: //docs.nvidia.com/networking/display/MLNXOFEDv53100143/Single+Root+IO+ Virtualization+%28SR-IOV%29

    NVIDIA / Mellanox: Single root I/O virtualization (SR-IOV) — NVIDIA Mellanox documentation. NVIDIA Mellanox OFED / Networking docs (online) (2023), https: //docs.nvidia.com/networking/display/MLNXOFEDv53100143/Single+Root+IO+ Virtualization+%28SR-IOV%29

    2023

  47. [47]

    White Paper WP-11459-001, v1.0, NVIDIA Corporation (Jul 2023), https://images.nvidia.co m/aem-dam/en-zz/Solutions/data-center/HCC-Whitepaper-v1.0.pdf

    NVIDIA Corporation: Confidential compute on NVIDIA Hopper H100. White Paper WP-11459-001, v1.0, NVIDIA Corporation (Jul 2023), https://images.nvidia.co m/aem-dam/en-zz/Solutions/data-center/HCC-Whitepaper-v1.0.pdf

    2023

  48. [48]

    bioRxiv (2025), https://www.biorxiv.org/content/early/2025/0 2/16/2025.02.12.637905

    Palitzsch, K., Wiehe, T., Heger, P.: Decay of the CTCF paralog BORIS in neog- nathous birds. bioRxiv (2025), https://www.biorxiv.org/content/early/2025/0 2/16/2025.02.12.637905

    2025

  49. [49]

    Spec- ification (Jan 2010), https://pcisig.com/PCIExpress/Specs/IOV/SingleRootIOVi rtualizationandSharing_1.1

    PCI-SIG: Single root I/O virtualization and sharing specification, revision 1.1. Spec- ification (Jan 2010), https://pcisig.com/PCIExpress/Specs/IOV/SingleRootIOVi rtualizationandSharing_1.1

    2010

  50. [50]

    In: Meng, W., Yan, Z., Piuri, V

    Prantl, T., Engel, S., Horn, L., Kaiser, D., Iffl ¨ander, L., Bauer, A., Krupitzer, C., Kounev, S.: Performance impact analysis of homomorphic encryption: A case study using linear regression as an example. In: Meng, W., Yan, Z., Piuri, V. (eds.) Infor- mation Security Practice and Experience. pp. 284–298. Springer Nature Singapore, Singapore (2023), http...

    work page doi:10.1007/978-981-9 2023

  51. [51]

    Rose, S., Borchert, O., Mitchell, S., Connelly, S.: Zero trust architecture (NIST special publication 800-207). Tech. Rep. 800-207, National Institute of Standards and RAMSES: Next-generation HPC security 23 Technology (Aug 2020), https://nvlpubs.nist.gov/nistpubs/SpecialPublicati ons/NIST.SP.800-207.pdf

    2020

  52. [52]

    Nature Computational Science 1(5), 321–331 (2021), https://doi.org/10.1 038/s43588-021-00060-9

    Schlick, T., Portillo-Ledesma, S.: Biomolecular modeling thrives in the age of tech- nology. Nature Computational Science 1(5), 321–331 (2021), https://doi.org/10.1 038/s43588-021-00060-9

    2021

  53. [53]

    2013–2015

    Smit, A., Hubley, R., Green, P.: RepeatMasker Open-4.0. 2013–2015. Software (2015), http://www.repeatmasker.org

    2013

  54. [54]

    SSH: What is an SSH key? An overview of SSH keys (2025), https://www.ssh.com/ academy/ssh-keys, accessed: 2026-01-14

    2025

  55. [55]

    Tenhunen, V., van der Meer, L., Azab, A., Reale, M., Ruzicka, M., Moed, M., Manzi, A., Sipos, G.: Trusted Research Environments – Landscape Report. Tech. rep., EGI Foundation (Oct 2024), https://documents.egi.eu/public/RetrieveFile?docid =4169&filename=EGI_TRE_WG_Landscape_Report_2024-10-25.pdf&version=2

    2024

  56. [56]

    Thales Trusted Cyber Technologies: The case for centralized multicloud encryption key management. White paper, Thales Trusted Cyber Technologies (Sep 2022),https: //www.thalestct.com/wp-content/uploads/2022/09/The-case-for-centralized -multicloud-encryption-key-lifecycle-management-tct-wp.pdf

    2022

  57. [57]

    Thales Trusted Cyber Technologies: HashiCorp Vault with Luna HSMs – Integration Guide. Integration guide / White paper, Thales Trusted Cyber Technologies (Jul 2022), https://cpl.thalesgroup.com/sites/default/files/content/integratio n_guides/field_document/2022-07/HashiCorpVault_LunaHSM_IntegrationGuid e_RevE.pdf

    2022

  58. [58]

    UK Health Data Research Alliance: Trusted Research Environments (TRE) Green Paper. Tech. rep., UK Health Data Research Alliance (2020), https://ukhealthda ta.org/wp-content/uploads/2020/04/200430-TRE-Green-Paper-v1.pdf

    2020

  59. [59]

    Universit¨at zu K ¨oln: Informationssicherheitsleitlinie der Universit ¨at zu K ¨oln (ISL- UzK). Amtliche Mitteilungen 96/2025, Universit¨at zu K¨oln, K¨oln, Deutschland (Oct 2025), https://am.uni-koeln.de/e45267/data/records52760/AM_2025-96_ISL_ UzK_ger.pdf, herausgegeben vom Rektor der Universit ¨at zu K¨oln, Albertus-Magnus- Platz, 50923 K¨oln. Erschei...

    2025

  60. [60]

    In: 2019 IEEE International Par- allel and Distributed Processing Symposium (IPDPS)

    Vasimuddin, M., Misra, S., Li, H., Aluru, S.: Efficient architecture-aware accel- eration of BWA-MEM for multicore systems. In: 2019 IEEE International Par- allel and Distributed Processing Symposium (IPDPS). pp. 314–324 (May 2019), https://doi.org/10.1109/IPDPS.2019.00041

    work page doi:10.1109/ipdps.2019.00041 2019

  61. [61]

    Waltermire, K., Conroy, T., Harriston, M., Irrechukwu, C., Krishnan, N., Memole- Doodson, J., Nkrumah, B., Perper, H., Prince, S., Wynne, D.: Sp 1800-18: Privileged account management for the financial services sector. Draft Practice Guide NIST SP 1800-18, National Institute of Standards and Technology (NIST), National Cy- bersecurity Center of Excellence...

    2018

  62. [62]

    ramses-access

    Xia, W., Sakurai, M., Balasubramanian, B., Liao, T., Wang, R., Zhang, C., Sun, H., Ho, K.M., Chelikowsky, J.R., Sellmyer, D.J., Wang, C.Z.: Accelerating the discov- ery of novel magnetic materials using machine learning–guided adaptive feedback. Proceedings of the National Academy of Sciences of the United States of America 119(47), e2204485119 (2022),htt...

    work page doi:10.1073/pnas.2204485119 2022

  63. [63]

    Standard SMP node without memory and without file encryption (SMP-M ⊖F⊖)

  64. [64]

    SME-enabled node with memory encryption, without file encryption (SME-M ⊕F⊖)

  65. [65]

    Numbers on top denote average CPU efficiency of the respective job type

    SME-enabled node with memory encryption and file encryption (SME-M ⊕F⊕); 4) VM on standard SMP node without memory encryption and without file encryption (VM-M⊖F⊖); 5) VM on standard SMP node without memory encryption, but with file encryption (VM-M ⊖F⊕); 6) VM on SEV-enabled node with memory encryption, without file encryption (VM-M ⊕F⊖); 7) VM on SEV-en...