University of Cologne Builds RAMSES Supercomputer for End-to-End Data Encryption
2026-07-02 15:45
Favorite

en.Wedoany.com Reported - A research team at the University of Cologne has built a supercomputer named RAMSES that can keep data encrypted during processing, filling a security gap beyond data storage and transmission.

Previously, when computers processed sensitive data, encryption was typically applied to hard drive storage and network transmission. However, once data was loaded into memory for processing, the protection disappeared, leaving information exposed in memory where anyone with sufficient access could read it. This long-standing problem stemmed primarily from physical limitations and costs. Encryption and decryption require computing resources, and the core mission of a supercomputer is speed; adding a security layer to every memory operation could lead to significant performance degradation.

The latest chips have changed this situation. The RAMSES system integrates built-in features of AMD processors, where the hardware itself automatically encrypts memory as data flows in and out. Encryption occurs at the chip's memory controller level, requiring no modifications to the programs running on it, and data remains encrypted throughout the entire process. Once protection is enabled, even the administrator managing the machine cannot read the contents of user jobs in memory, nor can the software layer managing virtual machines.

RAMSES integrates a variety of existing tools: memory protection comes from AMD, file encryption is achieved through IBM storage software, encryption keys are stored in dedicated security devices from Thales, and login requires secondary verification via Cisco Duo. For ordinary users, the front-end operation remains simple; they only need to add a short instruction to the job request, and the system will start a private encrypted environment, obtain keys, run the job, and clean up the environment, ultimately leaving only the encrypted result. The user experience for secure jobs is almost identical to that of regular jobs.

The team tested the system on two genomics workloads, including scanning and aligning DNA data. Test results showed: for a task dependent on disk activity, speed decreased by approximately 4.4% after enabling the strongest security protection; for another task highly dependent on memory, speed decreased by 18%. An overhead breakdown revealed that running in a private virtual environment without any encryption accounted for about half of the speed reduction; memory encryption itself contributed most of the remainder; file encryption added almost no overhead.

Technical documentation indicates two versions of AMD memory protection: an earlier version and a newer, stronger one. The new version adds defenses against certain attacks, and the promise of protection against compromised administrators relies on these defenses. The chips in RAMSES can run the stronger version; the paper uses both names, and the exact configuration remains an open question.

The motivation for the entire project is related to regulatory requirements. The machine processes human genomic data and medical images, which fall under the most protected categories under European privacy laws. Sending data to a commercial cloud means transferring it outside the institution, incurring additional legal and audit burdens. By keeping the supercomputer on campus, the university can retain control over the data, conduct its own audits, and control physical access to the hardware. The center provides its services free of charge to its researchers, and the source code is available to other academic institutions upon request.

This bulletin is compiled and reposted from information of global Internet and strategic partners, aiming to provide communication for readers. If there is any infringement or other issues, please inform us in time. We will make modifications or deletions accordingly. Unauthorized reproduction of this article is strictly prohibited. Email: news@wedoany.com