PNNL

Abstract

The security of your data and of your network is in the hands of intrusion detection systems, virus scanners and spam filters, which are all critically based on string matching. But network links are getting faster and faster, and string matching is getting more and more difficult to perform in real time. Traditional processors are not keeping up with the performance demands, whereas specialized hardware will never be able to compete with commodity hardware in terms of cost effectiveness, reusability and ease of programming. Advanced multi-core architectures like the IBM Cell Broadband Engine promise unprecedented performance at a low cost, thanks to their popularity and production volume. Nevertheless, the suitability of the Cell processor to string matching has not been investigated so far. In this paper we investigate the performance attainable by the Cell processor when employed for deterministic string matching algorithms. We have modelled string matching in terms of Celloptimized modular components, we have identified the ones which constitute a bottleneck, implemented them optimally and measured their maximum throughput. Our findings show that the Cell architecture is an ideal candidate to tackle modern security needs: two processing elements alone, out of the eight available on a Cell processor provide sufficient computational power to filter a network link with bit rates in excess of 10 Gbps.