Reply to post: Meltdown and Spectre - a Wake-up call for HPC

Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs

fretter

Meltdown and Spectre - a Wake-up call for HPC

Do you want High Performance, or maximum security? Make your mind up, because you can't have both!

https://www.linkedin.com/pulse/meltdown-spectre-wake-up-call-hpc-paul-fretter/

It is a simple fact of engineering design, that there is a trade-off between performance and dependability. To get better than standard performance, we need to sacrifice security features that would otherwise get in the way. For example, if we turned on SELinux and disk encryption on an HPC system, it would no longer be High Performance because of the overheads. Remember, High Performance Computing is a relative term, e.g. relative to the norm which could arguably be regarded as enterprise servers, or desktops/laptops.

Speculative execution appears to be one of those shortcuts to get more performance, but potentially at the expense of security. The OS kernel patches required to mitigate against the Meltdown and Spectre vulnerabilities will force a lot more traffic through the kernel, introducing overheads that will probably (?) impact performance for many applications. So, just because a general-purpose processor is capable of doing many different things, does not mean that we should expect them to be all things at the same time.

While the CPU vendors should have a responsibility for warning users of the trade-offs, and maybe this is where they have been incidentally negligent, we who design and build systems cannot absolve ourselves from the responsibility of making sure we understand what we create.

It is time for a pause, to take in the lesson here and make some tough decisions about where we want performance vs where we need security, and those who are developing HPC-as-a-cloud service will need to look closely at how they will present their "High Performance" offerings on shared platforms.

Paul Fretter

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019