This supercomputer encrypts your data even while it’s running it

Most people who handle sensitive data already encrypt it in two places. They lock it down when it sits on a hard drive, and they lock it down when it moves across a network. There has always been a third moment that stayed open. The instant a computer pulls that data into memory to work on it, the protection drops away. For a few seconds or a few hours, the information sits in the open, readable by anyone with deep enough access to the machine.

A research team at the University of Cologne built a supercomputer that closes that gap. The system is called RAMSES, and it keeps data scrambled even during the moment of processing.

confidential computing HPC

The problem with the middle step

The reason that third step stayed exposed for so long comes down to physics and cost. Encrypting and decrypting data takes work, and a supercomputer’s whole job is speed. Adding a security layer to every memory operation sounded like a recipe for grinding a fast machine to a crawl.

Recent chips changed the math. AMD processors now carry a feature that encrypts memory in the hardware itself, automatically, as the data flows in and out. The encryption happens at the level of the chip’s memory controller, so the program running on top of it does not need any changes. The work gets done on data that stays scrambled the entire time.

That detail carries a security payoff worth pausing on. When this protection is on, even the administrators who run the machine cannot read what a user’s job is doing in memory. The same holds for the software layer that manages the virtual machines. A person with the keys to the building still cannot open the box.

Putting the pieces together

RAMSES wires several existing tools into one workflow. The memory protection comes from AMD. File encryption runs through IBM storage software, with the cryptographic keys kept inside a dedicated security appliance from a company called Thales. Logins require a second factor through Cisco Duo, the same kind of phone-tap approval many office workers see every morning.

The part that matters for a regular user is how simple the front end stays. A researcher adds one short instruction to a job request, and the system handles the rest. It spins up a private, encrypted environment, fetches the right keys, runs the work, and then wipes the environment clean when the job ends. The temporary machine vanishes at shutdown, leaving only the encrypted results behind. From the user’s seat, a secure job and an ordinary job look almost the same.

What it costs in speed

The team tested the setup on two genomics workloads, the kind of jobs that scan and align DNA data. These are real research tasks, the type the machine runs every day for medical and biological work.

One job leaned on disk activity, and turning on the strongest security slowed it by about 4.4 percent. A second job leaned heavily on memory, and that one slowed by 18 percent. The gap between those two numbers tells the story. Jobs that hammer memory pay more, since memory is exactly where the encryption does its work.

The team also pulled the cost apart to see where it came from. Running inside a private virtual environment, before any encryption at all, accounted for roughly half of the slowdown. The memory encryption itself added most of the rest. The file encryption was close to free.

One question worth asking

RAMSES is a working system with published numbers, and the design rests on the hardware’s guarantees. A separate point is worth flagging for anyone reading closely.

The technical writeup refers to two versions of AMD’s memory protection. An earlier version appears in one section, and a newer, stronger version appears in the conclusion. The newer version adds defenses against certain attacks that the older one lacks, and the promise of protection from a compromised administrator leans on those defenses. The chips in RAMSES can run the stronger version. The paper uses both names, so the exact configuration stays an open question.

Why build it on campus

The motivation behind the whole project is regulation. The machine handles human genomic data and medical imaging, the most protected categories under European privacy law. Sending that data to a commercial cloud, even a secure one, means moving it outside the institution and taking on extra legal and audit burdens.

Keeping the supercomputer in-house lets the university hold the data inside its own walls, run its own audits, and control physical access to the hardware. The center offers the service to its researchers at no charge. The source code is available to other academic institutions on request, which gives other centers a starting point and a set of real numbers to plan around.

Download: Secure Foundations for AI Workloads on AWS

Don't miss