Many of us have heard of Moore's law or have used the term when discussing the increases in computing power over the last couple of decades. The law was named after Gordon E. Moore, co-founder of Intel. He wrote a paper in 1965 that stated, since the invention of integrated circuit, IC in 1958 until 1965 the number of devices in an integrated circuit had doubled every year. He then went on to predict that the trend would continue for the next decade. His prediction has proven to be uncanny since the semiconductor industry still uses his premise for planning purposes.
In 1975, Moore altered his prediction that the number of transistors doubling from every year to every two years. He adamantly denies that he predicted 18 months, even though that is what I always heard. I suppose that the modifier I heard was that every 18 months the CPU, RAM, or hard disk would double. I thought it was interesting that Moore actually predicted IC capabilities to double every 2 years. According to the sources I was able find, this trend has continued from the 70s until today. That is definitely an exponential growth in the number of transistors within an integrated circuit.
This growth has been accomplished by overcoming heat and separation of the devices that are part of the circuit. This advancement of further miniaturization of transistors has lead to advancements in memory at the same time. The miniaturization of the transistor and the subsequent IC capability increase has lead to memory in devices to grow by orders of magnitude. This is evident in the memory cards in digital cameras, smart phones, and USB memory devices. Each of these devices have memory capabilities that are beyond mainframes of years past.
The term Moore's law has also been linked to trends in technology that experience exponential growth. We need to remember that Moore's law pertains to transistor count in ICs and for the purpose of this discussion the effect it has had on computers.
The ultimate effect is on the growth of data being created as discussed in a previous blog. In that blog we discussed what the increase in disk size has contributed to the massive growth of data being stored. The first question that should come to mind is; if computing power is increasing at this exponential rate, why does it still seem like our computers still run slowly?
The explanation may lie in another law named Wirth's law, commonly referred to as the great Moore's law compensator. The principal of Wirth's law is that generations of software accumulate enough "bloat" to overcome the performance gains from Moore's law.
A prime example is a test where a Word task using Office 2007 on a prototypical 2007 computer accomplished the task in half the time of Office 2000 on a typical 2000 computer. According to Moore's law, the computational speed increased by more than eight times but the task accomplishment only improved by a factor of .5 instead of .125.
The blame can't be totally leveled against software bloat as there are other factors that contribute to the computational speed reduction. If the processor speed has truly doubled, has system components like disks and memory been able to keep pace with the faster CPU. A system isn't judged by CPU speed alone but by how well all the components work together.
Since the latency of disk access or even memory access can slow up the computational abilities the overall performance gains aren't what we should expect. Designers have been working on reducing the access time for disk drives along with utilization of cache memory on the disk controllers. The use of solid state drives to decrease the performance hit caused by high disk access times is also highly beneficial.
The CPU manufacturers have created innovative designs to alleviate some of the bottlenecks by methods such as out-of-order execution, on-chip caching, and prefetching. They have also added cache memory to the CPUs, level 1, level 2, and even level 3 to reduce the latency of data retrieval.
One recent design change by CPU manufacturers is to use is a multi-core chip to aid in the power dissipation and give the system multiple processors. These have many of the attributes of a multiple CPU system only from a single processor component.
The computer architects that design the overall systems chose components that take into consideration how the software utilizes the increased system capabilities. The issue becomes, does software/system utilize the increased processing power to the fullest. One way to accomplish this is to make applications that are multi-threaded to better use the capabilities of the faster multi-core systems.
One of the major drawbacks to Moore's law is the continued and sometimes rapid obsolescence of the systems we purchase. This aspect can be a concern to a company that might have limited resources therefore a rapid deployment of an upgraded processer could threaten the continuation of a legacy application. If an application that a company relies upon doesn't work on the latest processor or be modified to utilize the capabilities, the application might be retired.
The last aspect of any system is networking of computers enabling the exchange of data between systems. The amount of data that is created, shared and stored is growing at an extremely fast rate as discussed in the blog, Data Explosion. The network needs to increase the speed with which it can transmit data to the various systems. While the network interface cards have increased their speed from 2Mb/s to 10Mb/s to 100Mb/s to1Gb/s to 10 GB/s, the backbone for most companies hasn't been upgraded. While the computing system may be very fast, again we see that the transferring of data can be the choke point.
If we look at this increase of capability from a security standpoint, the computing power can cause a paramount problem. To be able to handle the massive amounts of network traffic, log data, and security decisions on a daily basis, security professionals must be constantly looking for more processing power. The advent of the powerful dual or quad core processors are great if the security software can utilize the increased power. If the security software that we rely upon to assist us isn't multi-threaded then most of the computing power will be of no avail.
So how do we as security professionals find multi-threaded software? We seem to be in the same predicament as the network or system architects that are attempting to utilize the amazing capabilities of these new processors and the inherently powerful systems. We need to find tools that operate in such a way as to utilize the computing power.
The other side of the coin is; these amazing capabilities of the new computers create an environment for the nefarious ones to utilize this power for their gain. Brute force attacks can be accomplished faster along with fingerprinting of edge security devices can be done with more stealth. I can only imagine that the tools being created by malware developers are using the multi-threaded design we sorely need to protect our networks.
From the research I have done, I find that the majority of software is not multi-threaded. Why is that true? There may be a list of reasons, one could be the software doesn't lend itself to multi-threading. Another could be that the concept isn't taught in depth to programming students. We, as IT professional, need to request the software we purchase be multi-threaded and make conscious decisions to mention this when asked for our input for improvements to an application that already is in use. As for those of us that are in the security profession, we need to push for multi-threaded applications to enable us to gather and process the data that we use to make our networks more secure.
We can wait for the security vendors to improve their software or we can make conscious buying decisions that will push our vendors to provide more capable tools. I expect our security tools will become more and more capable but I hope we keep pas with our adversaries.
