Quick Thoughts: Security Concerns Demand Processor Diversity

Print Friendly, PDF & Email

SEE LAST PAGE OF THIS REPORT Paul Sagawa / Tejas Raut Dessai

FOR IMPORTANT DISCLOSURES 203.901.1633/.553.9827

psagawa@ / trdessai@ssrllc.com


January 8, 2018

Quick Thoughts: Security Concerns Demand Processor Diversity

  • Two major CPU security vulnerabilities were revealed last week, one that specifically affects INTC chips back to ‘95 and another that with impact for nearly all modern microprocessors.
  • Scientists from cloud operators and chip makers have been working in secret to patch these flaws, discovered months ago, which can affect individual devices but are more serious for datacenters.
  • Cloud operators have already patched their datacenters, albeit at a processing performance cost. Private enterprise IT operations may find it difficult to close all their vulnerabilities.
  • INTC, with a 95% share of datacenter CPUs and vulnerable to both exploits, has been widely criticized for its response. Alternatives from QCOM, IBM, AMD and others may gain at its expense.

Intel found itself in an unpleasant situation last week after it was revealed that researchers at TU Graz, Google’s Project Zero group and few other institutions had co-incidentally detected a pair of two-decade old vulnerabilities in one of the most basic security defenses of a computer – the isolation of untrusted programs that keeps them from accessing other processes on the computer or its kernel memory. These vulnerabilities threaten all customers, including cloud based service providers, as affected processors can be manipulated to access information and workloads from other processors in the datacenter. We have noted an inevitable threat to Intel’s hegemony in datacenters, as explosive AI growth and cheaper and faster alternatives drive growing processor diversity (http://www.ssrllc.com/publication/hyperscale-semiconductors-processor-diversity-coming-to-the-cloud/). Now with these security flaws identified, hyperscalers have additional reason to migrate x86 processors and look to diversify CPU architecture for non-AI workloads to limit exposure to such rogue incidents and improve overall security and service by having direct control over hardware design, as market share wars begin.

The two separate vulnerabilities, codenamed Spectre and Meltdown, both exploit a technique called “speculative execution” used by processors to accelerate computing speeds. Meltdown, an exclusive risk to Intel processors, is much easier to exploit than Spectre, which threatens pretty much EVERY processor (smartphones, desktops, datacenters, etc.) on the market in recent years. Speculative execution optimizes performance by guessing the computing steps most likely to be required next and executing them ahead – if the guess is wrong, the CPU trashes the results and continues to execute the requested commands. Spectre measures the timing needed to perform these speculative tasks and uses that to infer the properties of the process that spurred them, enabling unauthorized sharing of information between processes before checks that establish that a fetch request is valid. Meltdown breaks the isolation between process in a way that allows one process running on the computer to read kernel data from another – which might include private user details, browsing data, program data, or authorizing passwords.

Once the news broke, Intel shared several ways to address the flaws, using methods that are generally known to penalize processor performance such as blocking memory sharing between user programs and the kernel. The company’s initial statement has been widely criticized in the developer community for obfuscating details and blurring impact of the flaws on performance. Reports that INTC CEO Brian Krzanich sold off half of his stock before making the flaw public doesn’t help either. Hyperscale platform operators have been privy to the flaws for months and have initiated steps to safeguard customers. MSFT issued patches to Surface devices last week and is expected to introduce necessary patch to safeguard windows users on Tuesday. AWS, Azure and Google Cloud have all pushed software patches to mitigate risk but all at a cost of reduced throughput from Intel processors. Private enterprise datacenters may remain vulnerable, as patches from systems vendors are generally available but must be meticulously implemented to plug all effected computers. The inevitable incidence of hacks exploiting these holes could be further impetus to push sensitive data to public cloud datacenters with more consistent and sophisticated security defenses.

Intel dominates the 84% of the hyperscale datacenter processor market that is still CPUs – the remaining 16% is co-processors for AI workloads, and will continue to displace more and more of the total cloud processor market going forward. In a recent research report, (http://www.ssrllc.com/publication/hyperscale-semiconductors-processor-diversity-coming-to-the-cloud/), we projected that AI processing solutions would make up more than 40% of hyperscale purchases in 2022. Within the 58% of the market that we expect to remain CPUs, we forecast that Intel’s share might fall from more than 95% today to 75% in the same time frame. Given this week’s news, that estimate might be quite overoptimistic. Low cost, low power solutions that are not vulnerable to the more serious Meltdown exploit, such as Qualcomm’s ARM-based offering, IBM’s Power9, or even x86-based AMD CPUs, stand to compete vigorously for CPU share. Hyperscaler’s inherently have very low switching barriers and will look to hedge against potential issues as cloud adoption grows and market share wars begin to play out and service levels become critical to maintain a market lead.

Print Friendly, PDF & Email