� More Eason | Main | Driving While Black: A Personal History �

February 10, 2005

Cell: Processing Jail

IBM's new Cell chip could be revolutionary.

"It’s hard to avoid the conclusion that Cell processors will have an extraordinarily secure but cumbersome memory model. For each main-memory access, the processor would have to consult four lookup tables... Three of those tables are in DRAM, which implies slow off-chip memory references; the other table is in the DMA controller’s SRAM. In some cases, the delays caused by the table lookups might eat more clock cycles than reading or writing the actual data. The patent hints that some keys might unlock multiple memory locations or sandboxes, perhaps granting blanket permission for a rapid series of accesses, within certain bounds."

The Cell chip promises to destroy spam, viruses and spyware. That's the good news. The bad news is that here we have the makings of the beginning of the end of file sharing, basically the ability to put DRM security into hardware.

While it's certainly true that security schemes like DVD decoding can be 'chipped', those are rare individuals who can. The ability to short circuit the memory model of the CPU is going to be a rarer quality still. So, practically speaking, once Cell chips are common, the world loses the power of the masses to overcome industry security.

This is yet another indication to me that we are coming closer to the surveillance society, that more and more of our activities can and will be monitored. There are many ways out, but not for the urbane. Some other time, I will talk about life off the grid, which I predict will be the return of the rugged 70s, which was actually a pretty interesting time in its own right. But now, let's consider life in the grid.

The promise of grid computing is delicious, and the Cell processor will be a great enabler of that. A moment's consideration suggests to me that somehow, there are going to be fingerprints on processes. In certain ways this too is very exciting. For those of you who are less technically inclined, think of it this way. If you are using windows, if you bring up the task manager, you can see all of the programs your computer is using, sorta. Notice the difference between 'Applications' and 'Processes'. As I write this I show 9 applications running, which corresponds exactly to the number of windows open on my desktop. But when I pop over to Processes, I show 76. One of the things Unix guys (like me) fuss about is that some of these processes can be made invisible to Windows. There might be 10 or 20 more running that I don't know about. That's a simple definition of spyware, and it's a big security hole in Windows. In Unix and Linux systems a command called 'ps' gives a much more comprehensive view. That is, unless your kernel has been hacked.

The general solution to knowing what exactly is running on your machine is 'fingerprinting'. There are algorithms called 'hashes' that can uniquely identify that every bit in a collection of bytes are in the right place and order. The one I like is called MD5. You could take a huge file, say a 10GB picture of yourself, and change one pixel on a nose hair and MD5 will generate a completely different fingerprint of it. The security tool ZoneAlarm maintains a table of hashes for every program that your computer allows to talk to the internet. But a more advanced kind of security program would have fingerprints of every process that your CPU runs at all. Digital Rights Management extends this concept to certain types of data as well. Whereas ZoneAlarm gives the authority for allowing or restricting programs to you personally, DRM would have third parties determine that authority.

The Cell chip facilitates such matters by having its own unique ID which can be checked. It doesn't take long for a database guy like me to add two plus two. If you think online registration of programs you buy is a pain, imagine the day when it's done for you whether you like it or not. That's what DRM architecture is all about, and the backdoors will only be in hardware, or at least that's the plan the way I would plan it.

The great exciting advantage of this is that I could conceivably authorize my mother's computer, with her permission, to help me crunch some numbers. In fact, I could join a computing pool and authorize some fingerprinted programs and/or data to be run simultaeously by the group.

Now here's the killer, which I never thought of until this moment. I could create a program within which is some encrypted data, that can only run on processors I designate. I could, in effect, create my own DRM scheme. 'I' meaning Al Qaeda. Of course, there will always be 'old' computers and those who don't run Cell processors, and there will conceivably be ways to disassemble code compiled for Cell use only, so there will always be ways to crack the uncrackable. But this is just one more escalation in the complexity of modern computing. It's like an arms race.

Posted by mbowen at February 10, 2005 09:56 AM

Trackback Pings

TrackBack URL for this entry: