By Topic

IBM Journal of Research and Development

Issue 6 • Date Nov.-Dec. 2013

Mobile Computing and IBM POWER7+ Technologies

This issue contains eleven papers on three different topics. The first four papers concern new technologies built into IBM POWER7+ chips. These include enhanced performance through higher frequency operation at fixed power, new firmware functions which reduce power at runtime, and on-chip accelerators for cryptography, random number generation, and active memory expansion. The next six papers describe a number of methods by which personal mobile devices can be safely and securely integrated with highly secure enterprise applications. The final paper describes new storage class memory for large servers.

Filter Results

Displaying Results 1 - 14 of 14
  • Cover 1

    Page(s): C1
    Save to Project icon | PDF file iconPDF (949 KB)  
    Freely Available from IEEE
  • Table of Contents

    Page(s): 1 - 2
    Save to Project icon | PDF file iconPDF (47 KB)  
    Freely Available from IEEE
  • Preface: Mobile computing and IBM POWER7+ technologies

    Page(s): 0:1 - 0:2
    Save to Project icon | PDF file iconPDF (48 KB)  
    Freely Available from IEEE
  • IBM POWER7+ design for higher frequency at fixed power

    Page(s): 1:1 - 1:18
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (11615 KB)  

    The IBM POWER7+™ microprocessor is the next-generation IBM POWER® processor implemented in IBM's 32-nm silicon-on-insulator process. In addition to enhancing the chip functionality, implementing core-level and chiplet-level power gating and significantly increasing the size of the on-chip cache, the chip achieves a frequency boost of 15% to 25% compared with its predecessor at the same power. To achieve these challenging goals and deliver a serviceable power-frequency limited yield (PFLY), the IBM team made significant innovations in the post-silicon hardware-tuning methodology to counteract the inherent process variability and developed new PFLY models that account for several sources of variability in power and frequency. The paper describes the new methodology and the models, provides analysis of the sources of variability and their impact on power and frequency, and describes the work done to achieve correlation between the models and hardware measurements. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Runtime power reduction capability of the IBM POWER7+ chip

    Page(s): 2:1 - 2:17
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (9191 KB)  

    Four new energy management features in the POWER7+™ chip enable larger reductions in chip power consumption and further increase energy efficiency of the system during runtime compared with prior POWER7® systems. First, per-core power gating reduces idle power consumption by allowing the system to turn off the voltage to the processor cores when they are not being used. Second, real-time measurement and control of operational guardband allows for higher maximum clock frequency as well as better dynamic voltage selection to reduce power. Third, per-thread utilization counters enable the firmware to sense processor utilization on a finer granularity and set per-core frequency targets with greater accuracy. Finally, a per-core memory access counter allows firmware to more accurately account for power consumption and budget it on a per-processor core basis. These hardware capabilities together enable new EnergyScale™ firmware functions that include voltage optimization to achieve higher turbo frequencies under stressful environmental conditions, automated idle state detection and management, per-core adaptive frequency scaling, and online power modeling for real-time estimation of energy savings. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • IBM POWER7+ processor on-chip accelerators for cryptography and active memory expansion

    Page(s): 3:1 - 3:16
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (5392 KB)  

    With the heightened focus on computer security, IBM POWER® server workloads are spending an increasing number of cycles performing cryptographic functions. Active memory expansion (AME), a technology to dynamically increase the effective memory capacity of a system by compressing and decompressing memory pages, is also enjoying increasing deployment in POWER server systems. Together, cryptography and AME consume enough central processing unit (CPU) cycles in a typical installation to warrant adding dedicated hardware accelerators on the processor chip to offload the compute-intensive parts of these functions from the processor cores. IBM POWER7+™ is the first POWER server to include on-chip hardware accelerators for symmetric (shared key) and asymmetric (public key) cryptography and memory compression/decompression for AME. A true random number generator (RNG) is also integrated on-chip. This paper describes the hardware accelerator framework, including location relative to the cores and memory, accelerator invocation, data movement, and error handling. A description of each type of accelerator follows, including details of supported algorithms and the corresponding hardware data flows. Algorithms supported include the Advanced Encryption Standard, Secure Hash Algorithm, and Message Digest 5 algorithm as bulk cryptographic functions; asymmetric cryptographic functions in support of RSA and elliptic curve cryptography; and a novel dictionary-based compression algorithm with high throughput supporting AME. A presentation of accelerator performance is included. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • True hardware random number generation implemented in the 32-nm SOI POWER7+ processor

    Page(s): 4:1 - 4:7
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (2198 KB)  

    This paper provides a description of the hardware random number generator that is implemented on the IBM POWER7+™ processor. We discuss the underlying mechanism using basic ring oscillator circuits implemented in standard digital logic circuits. The source of entropy is based on sampling phase jitter in the ring oscillators, and the rate of phase jitter accumulation is measured. We show that the design is simple and robust yet able to generate a high rate of random bits while using a minimum of logic area. The design is very resistant to physical manipulation, being able to produce solid entropy values under environmental conditions that exceed the requirements of the surrounding circuitry. With a design-specific mechanism to correct for ring oscillator sample bias, the output shows a very high rate of entropy, which is validated. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Cooperative solutions for Bring Your Own Device (BYOD)

    Page(s): 5:1 - 5:11
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (2195 KB)  

    Enterprises today are faced with critical decisions as they consider exposing corporate data and applications to mobile devices. Many employees already own smartphones and tablets that have now matured to a point where these devices can be effectively managed using mobile device management (MDM) products. While this maturing device capability may provide the platform for enterprises to ensure a certain level of corporate compliance, MDM systems alone do not provide separation between corporate and personal assets in such a way that the “bring your own device” (BYOD) community is willing to adopt it. Key questions such as “Who owns the data on the device?” or “Does the enterprise have the authority to wipe away some or all of the data on a device upon concern of a security breach?” must be addressed. To extend the utility and flexibility of personally owned mobile devices in the enterprise, device management as well as asset separation should be considered. Unlike traditional corporate-issued laptops, which can be protected by full disk encryption techniques, mobile devices are more diverse in their individual platform capabilities. In addition, at most enterprises, most mobile devices that are brought forward for business purposes are personally owned, and this presents unique challenges. For personally owned enterprise-connected devices, it is important to preserve the user experience as it relates to personal use while providing a containerized enterprise experience as well as the additional layers of authentication that the enterprise imposes. This paper describes IBM's internal transformational journey relating to the creation of a comprehensive mobile ecosystem, highlighting newer revolutionary mobile device virtualization and containerization technologies that can separate personal and enterprise assets, provide for a transparent personal device experience, and ensure the security requirements of the enterprise. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Mobile innovation applications for the BYOD enterprise user

    Page(s): 6:1 - 6:10
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (6072 KB)  

    As employees began to bring their consumer mobile devices to the office, employees expected corporations to embrace or to provide solutions similar to consumer solutions they were used to on their smartphones. However, because of accountability and security concerns, many enterprises prefer employees use corporate alternatives to popular consumer apps. However, many of these expected enterprise alternatives to consumer solutions were not available to employees. In this paper, we discuss lessons learned during the BYOD (Bring Your Own Device) transformation process leading to the rapid development and deployment of internal alternatives to consumer applications, as well as the introduction of technologies to reduce the cost brought on by a large influx of mobile devices connected to the enterprise. We also discuss the importance of a filtered approach to access content through the firewall into the enterprise arena as an alternative to the full virtual private network approach granted to PC devices. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Enabling Bring-Your-Own-Device using mobile application instrumentation

    Page(s): 7:1 - 7:11
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (3543 KB)  

    Many enterprises are investigating Bring-Your-Own-Device (BYOD) policies, which allow employees to use their personal devices in the workplace. This has led to mixed-use scenarios, where consumer and enterprise software are installed on the same device. In this paper, we describe the Secured Application Framework for Enterprise (SAFE), a comprehensive system for enabling BYOD that allows enterprise and consumer applications to coexist side-by-side on the device. Rather than partition the device by profiles, SAFE embeds enterprise functions in each enterprise application; this allows for a seamless user experience and minimal intrusiveness on the part of the enterprise. We describe the SAFE toolset that implements the embedding of the SAFE instrumentation layer, and then provide an overview of several enterprise features that can be configured using SAFE. Specifically, we describe modeling for analytics, testing and replay, anomaly detection, and cloud data services, all enterprise features that can transparently be added to mobile applications. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Runtime adaptive multi-factor authentication for mobile devices

    Page(s): 8:1 - 8:17
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (7889 KB)  

    The Runtime Adaptive Multi-factor authentication ENvironment (RAMEN) is a client and server-side framework that provides multi-factor authentication policy enforcement for mobile devices running iOS® and Android®. On the client side, RAMEN uses a security manager that can intercept network calls and forward them for secure authentication to a server-side proxy. The server-side proxy contains a dynamic policy engine that can be configured to choose between different authentication methods depending on the mobile context. RAMEN is an extensible framework that has interfaces to plug in different authentication methods. We describe the policy model and implementation of RAMEN. We show the value of RAMEN to developers through an implementation of location-aware security policies that can be set up to enforce security zones that relax or enhance security requirements for different applications. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Mobile Optimized Digital Identity (MODI): A framework for easier digital certificate use

    Page(s): 9:1 - 9:11
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (2159 KB)  

    Traditional authentication methods such as passwords no longer meet all the security requirements of today's enterprise. Digital certificates provide a much more secure, resilient alternative solution. However, digital certificates are cumbersome to use for an end-user and are complex to implement for a resource provider. In this paper, we describe the Mobile Optimized Digital Identity (MODI) framework, which aims to solve the logistical issues of using certificates as an authentication method for both the end-user and the resource provider. The MODI framework consists of three tightly integrated components that work in concert: a mobile device application (MDA), an authentication toolkit, and a trusted third-party the security broker (SB). With a dedicated MODI MDA, certificate deployment, maintenance, and use are greatly simplified for the end-user. The MODI authentication toolkit enables resource providers to easily integrate with the framework, thus shielding developers from needing any knowledge of digital certificates and their implementation. Using mobile devices, the end-user authentication tool allows the MODI solution to expand its scope beyond conventional network access to novel physical access scenarios with the aid of proximity scanning technologies such as near-field communication (NFC). View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Automatic detection of inter-application permission leaks in Android applications

    Page(s): 10:1 - 10:12
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (983 KB)  

    The Android® operating system builds upon already well-established permission systems but complements them by allowing application components to be reused within and across applications through a single communication mechanism, called the Intent mechanism. In this paper, we describe techniques that we developed for statically detecting Android application vulnerability to attacks that obtain unauthorized access to permission-protected information. We address three kinds of such attacks, known as confused deputy, permission collusion, and Intent spoofing. We show that application vulnerability to these attacks can be detected using taint analysis. Based on this technique, we developed PermissionFlow, a tool for discovering vulnerabilities in the byte code and configuration of Android applications. To enable PermissionFlow analysis, we developed a static technique for automatic identification of permission-protected information sources in permission-based systems. This technique identifies application programming interfaces (APIs) whose execution leads to permission checking and considers these APIs to be sources of taint. Based on this approach, we developed Permission Mapper, a component of PermissionFlow that improves on previous work by performing fully automatic identification of such APIs for Android Java® code. Our automated analysis of popular applications found that 56% of the most popular 313 Android applications actively use intercomponent information flows. Among the tested applications, PermissionFlow found four exploitable vulnerabilities. By helping ensure the absence of inter-application permission leaks, we believe that the proposed analysis will be highly beneficial to the Android ecosystem and other mobile platforms that may use similar analyses in the future. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Flash storage integration in the IBM System z EC12 I/O drawer

    Page(s): 11:1 - 11:14
    Save to Project icon | Click to expandQuick Abstract | PDF file iconPDF (5907 KB)  

    Flash storage is integrated for the first time on System z® as a card in the EC12 I/O drawer. This provides a number of functions and benefits in the immediate product, in addition to laying a foundation for further system benefits in future generations of System z systems. Enabling flash MLC (multilevel cell) technology as SCM (storage class memory) in an enterprise-class product required myriad diverse individual technological advances, together with a series of system design features. Extreme care and attention were paid to ensure that the required level of System z reliability was maintained. As with legacy I/O, the programming interface is subchannel-based. The subchannel programming interface is expanded with new architecture via the extended asynchronous-data-move facility. Operating system changes were required to enable exploitation of the features that this new system technology offers. These individual hardware, firmware, and software design aspects are described in this paper, along with the overall functionality and system-level value of this new technology. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.

Aims & Scope

The IBM Journal of Research and Development is a peer-reviewed technical journal, published bimonthly, which features the work of authors in the science, technology and engineering of information systems.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Clifford A. Pickover
IBM T. J. Watson Research Center