Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Oracle Security Hardware

Oracle Bakes Security Into New Chips (theregister.co.uk) 99

An anonymous reader writes: Oracle's Larry Ellison gave a presentation yesterday at OpenWorld in which he detailed how the M7 chip's new Silicon Secured Memory system works. "On the M7, pointers and their memory blocks are stamped with a 4-bit 'color,' and accesses are verified to make sure the color in the highest bits of the pointer matches the color of the memory allocation. This works with virtual memory allocated from the heap rather from the stack, it appears. Solaris tries to avoid giving adjacent blocks the same color." El Reg notes that a 4-bit security stamp doesn't really offer that many distinct options. "Four bits of color means there are 24, or 16, possible colors a memory block can have. A hijacked pointer has a one-in-16 chance of having a matching color when it accesses any block of memory, allowing it to circumvent the SSM defense mechanism. ... It is even possible [a hacker] can alter the color bits in a pointer to match the color of a block she wishes to access, and thus avoid any crashes and detection. In short, SSM is a mitigation rather than bulletproof protection." Still, Ellison claims this would have shut down vulnerabilities like Heartbleed and Venom.
This discussion has been archived. No new comments can be posted.

Oracle Bakes Security Into New Chips

Comments Filter:
  • by JoeyRox ( 2711699 ) on Wednesday October 28, 2015 @09:33AM (#50816703)
    Colors? I bet he counts binary as "one potato, two potato, four potato".
    • by Anonymous Coward

      Even if Oracle is an evil organization run by salescritters, I fail to see how this computing metaphor is inappropriate. Good metaphor is encouraged because it takes advantage of existing language and simplifies the tech narrative by overloading the language features, provided it should not mislead the audience. We don't raise a colored flag when we think about the 4-color theorem, graph coloring problems, red-black trees, or quantum color dynamics, etc. ;)

    • by fuzzyfuzzyfungus ( 1223518 ) on Wednesday October 28, 2015 @09:58AM (#50816901) Journal
      I doubt it; but there is a slight possibility that this is actually a delightfully nerdy reference to Paranoia's [wikipedia.org] color-based 'classification' system that some techie deep within the bowels of Oracle managed to sneak past the armies of lawyers, salesmen, and licensing enforcement thugs.
    • Did you miss the part where they have an algorithm that tries not to assign the same colors to adjacent blocks of memory?

      • Yes. But this is NUMA with more randomization across memory boundaries, and the 32 scores that are in each socket. Depending on how an app is threaded, the number of stack overflow jumps that are possible become factorial, not just multiplicative.

        Not 100% safe, but attempts to push the stack through overflow, prediction, or deception, become much easier to both detect, and also to shutdown. It's pretty novel, and more novel than a superficial examination might bear. This said, it's going to be an uphill bat

    • by swillden ( 191260 ) <shawn-ds@willden.org> on Wednesday October 28, 2015 @10:48AM (#50817459) Journal

      Colors? I bet he counts binary as "one potato, two potato, four potato".

      It's very unlikely that the decision to call the categories "colors" originated with the sales/PR people. Designers need names for things, and calling things like this "colors" has a long history. Graph coloring, red-black trees, cache coloring... "color" is a nice notion for labels on chunks of memory or data where the color is an attribute that has no meaning to the underlying structure but is layered on top for bookkeeping purposes. Among other benefits, it makes for nice whiteboard diagrams, because you can actually color the nodes in the diagram.

      • NSA haxors it in 4ms, code gets into wild, end of story. I think 'the man' would rather have us all running around naked with implanted remote activated cyanide charged RFID chips and Illuminati tattoos, and every woman well beyond the 5 year 50,000 mile warranty.

        • NSA haxors it in 4ms, code gets into wild, end of story.

          Nope. This kind of exploit mitigation that has no single hack. It's something that every exploit author has to work around, and exactly how to do that will depend on the nature of the exploit. In particular, this promises to be devastating to ROP [wikipedia.org] attacks, seriously reducing the number of gadgets available and how they can be combined. It's doesn't make exploits impossible, but it makes many of them much harder, and some of them impossible.

      • Colors? I bet he counts binary as "one potato, two potato, four potato".

        It's very unlikely that the decision to call the categories "colors" originated with the sales/PR people. Designers need names for things, and calling things like this "colors" has a long history. Graph coloring, red-black trees, cache coloring... "color" is a nice notion for labels on chunks of memory or data where the color is an attribute that has no meaning to the underlying structure but is layered on top for bookkeeping purposes. Among other benefits, it makes for nice whiteboard diagrams, because you can actually color the nodes in the diagram.

        Colors is also easier to understand for those purchasing the tech who aren't necessarily techies.

        • Colors? I bet he counts binary as "one potato, two potato, four potato".

          It's very unlikely that the decision to call the categories "colors" originated with the sales/PR people. Designers need names for things, and calling things like this "colors" has a long history. Graph coloring, red-black trees, cache coloring... "color" is a nice notion for labels on chunks of memory or data where the color is an attribute that has no meaning to the underlying structure but is layered on top for bookkeeping purposes. Among other benefits, it makes for nice whiteboard diagrams, because you can actually color the nodes in the diagram.

          Colors is also easier to understand for those purchasing the tech who aren't necessarily techies.

          Not in this case. Pointer labeling and its anti-exploit value is still going to be opaque no matter what you call it, and you could apply any common word as the description and the non-technical would be fine using that as the hook. Oracle could be touting their new "porcupine" security technology, it would work as well from a sales perspective. Probably better.

    • I was just impressed with 4bits = 24 what is this quantum?
    • It's not unprecedented. See for instance the "red black tree".
    • which will be the result of the license of this internal processor segmentation of memory.

    • And Oracle, of all companies, is the one to be providing this "security" solution. Given their track record, I wouldn't trust Oracle to secure an honesty box...
  • She? (Score:2, Funny)

    by Anonymous Coward

    It is even possible [a hacker] can alter the color bits in a pointer to match the color of a block she wishes to access, and thus avoid any crashes and detection.

    Go ahead, mod me down as a troll.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      Good catch! Thank you for pointing this out! In this age of equality there's no reason the attacker in the Standard Security Scenario couldn't be a man named Eve and anyone addressing zir without first asking what ze identified as is a shitlord of the highest order pushing their cisgendered patriarchy on everyone else.

      Score another win for social justice!

    • It is even possible [a hacker] can alter the color bits in a pointer to match the color of a block they wish to access, and thus avoid any crashes and detection.

      Go ahead, mod me down as a troll.

      Even better - fully inclusive ;-)

  • by Barnoid ( 263111 ) on Wednesday October 28, 2015 @09:39AM (#50816763)

    Took me a moment to realize that there are 10 kinds of people in this world: those who know how to type powers of two, and those who don't.

    • by armanox ( 826486 )

      Hit me too. You'd think that a site like slashdot would catch that - but apparently the old <sup> tag no longer works.

    • by Anonymous Coward

      Took me a moment to realize that there are 10 kinds of people in this world: those who know how to type powers of two, and those who don't.

      Wait, you mean that isn't base 6?

    • by myrdos2 ( 989497 )

      Hah. I was wondering where they got 24.

  • by Anonymous Coward

    When a workaround for this security measure is discovered, I will have slower hardware that's ineffective at security.

  • I tried using OpenSolaris and OpenIndiana at home, but it seemed it was not the intended use. Can anyone explain what do people and business do with Solaris?
    • by unixisc ( 2429386 ) on Wednesday October 28, 2015 @10:26AM (#50817161)

      Once upon a time, it was the default OS for Unix workstations from Sun Microsystems, long before Oracle bought it. Like if you were a chip designer using CAD tools like Verilog or VHDL, your tools were typically available on Solaris, running on a Sun Workstation w/ 128MB of RAM. Or if you were using SPARC based servers for your Oracle database, Solaris was what you used. There used to be a wide range of SPARC CPUs available for a wide range of applications - from lightweight workstations to supercomputers. The CPU was made by a few CPU vendors - Fujitsu, Ross Technologies, Cypress and Sun itself. There were SPARC based workstations from Integrix and Tatung, in addition to Sun. Unfortunately, at the time, Linux and the BSDs didn't exist on them, so there wasn't exactly the opportunity of some of these companies to make inexpensive but good Unixstations independent of Sun (and later Oracle).

      Today, its intended use are those legacy usages of businesses that built elaborate systems over Suns overtime, and find it very difficult or expensive to migrate to anything else. Oracle pretty much has them by the cajunas and can charge them as many arms and legs as they feel like.

      • Its all true, I was there. Sun was the mightiest company in the land once, the whole internet ran on Solaris machines. Then Linus Torvalds came with his x86 based unix-like thingie, and once mighty Sun toppled like a house of chips.
        • Its all true, I was there. Sun was the mightiest company in the land once, the whole internet ran on Solaris machines. Then Linus Torvalds came with his x86 based unix-like thingie, and once mighty Sun toppled like a house of chips.

          It didn't help that Sun was highly mis-managed, wasteful with spending and gave away so much for free. We were given $150k worth of servers for a pilot which were on loaner. When we called 3 years later, no one even knew we were loaned the equipment. Then Oracle purchased us and finally purchased Sun. So we tossed the equipment.

        • by KGIII ( 973947 )

          Sun's hardware was awesome. Their support, while expensive, was also awesome! Their workstations were also awesome but pricey. Also, not supported nearly as well. However, lemme just say, "Fuck Oracle."

          With the various redundancies built into the Sun servers - we'd probably have had near perfect uptime had I not been the one in the server room and with the admin password. Never mind what I can do to a database. :/ I was, eventually, kicked out of my own server room - it was no longer my domain. I listened,

      • cajunas

        FYI, the word is "cojones".

    • I tried using OpenSolaris and OpenIndiana at home, but it seemed it was not the intended use. Can anyone explain what do people and business do with Solaris?

      Pay Oracle lots and lots of money to say they have Oracle and drive their IT guys insane from all I have seen.

    • by armanox ( 826486 ) <asherewindknight@yahoo.com> on Wednesday October 28, 2015 @10:37AM (#50817301) Homepage Journal

      I ran OpenSolaris as a desktop during its day, and I run Solaris on servers. It's everything that Linux wants to be, to be quite honest. The default filesystem (ZFS) has a lot of very nice features (ZFS on a desktop is like having Apple's Time Machine or Windows Shadow copies for file recovery). SMF (the service manager) is a lot of what systemd should have been. And then there is the licensing and support. CDDL allows a lot of things to be included that GPL operating systems can't - I remember when I ran Solaris 10 on my Inspiron 8000 years ago being amazed at what worked out of the box - flash player, nvidia drivers, mp3 codecs all just worked.

      • by Anonymous Coward

        I ran OpenSolaris as a desktop during its day, and I run Solaris on servers. It's everything that Linux wants to be

        meaning the package manager and included build system is an unmitigated disaster instead of a partial disaster?

        CDDL allows a lot of things to be included that GPL operating systems can't

        not sure what you're talking about. Do you mean it "allowed" Sun to be more comfortable releasing generously? There has never been any license problem with "mere aggregation," which is what an os packager is doing.

        There _should_ be a problem with GPL compatibility inside the kernel, but thanks to Linus's generously stretched "interpretation" of the GPL (that loading modules is equivalent to exec,

    • OpenSolaris is old and discontinued. OpenIndiana is a CDDL fork of OpenSolaris, rebased onto what's now called Illumos (http://illumos.org/), and is one of several Illumos "distros".

      OpenIndiana was meant to be an answer to desktop Linux. It did not do especially well in terms of uptake, for reasons related to Linux's desktop results. However, there are a variety of other distros which are more server-oriented, and they are fairly popular.

      They include for example SmartOS (used by http://joyent.com/ [joyent.com] fo

  • ... is that it's essentially an Oracle only platform (not sure what Fujitsu does w/ it in Japan). So if you want to be locked into Oracle and pay the same sort of cash that you would for an Itanic building, this is the way to go.

    Otherwise, who else is there who's building boxes based on these that could run something that's not from Oracle, and therefore, doesn't involve paying them huge ransoms? As it is, Linux has almost completely left that platform, and I'm not sure of what support the BSDs have le

    • ... is that it's essentially an Oracle only platform (not sure what Fujitsu does w/ it in Japan). So if you want to be locked into Oracle and pay the same sort of cash that you would for an Itanic building, this is the way to go.

      Otherwise, who else is there who's building boxes based on these that could run something that's not from Oracle, and therefore, doesn't involve paying them huge ransoms? As it is, Linux has almost completely left that platform, and I'm not sure of what support the BSDs have left - aside from OpenBSD. Speaking of which, this CPU, given all its security features, could be a good match for OpenBSD, which could explore interesting ways of using the features in it that are actually useful.

      This tech is also being moved to their Cloud offering. So they can provide secure, powerful configurations at a fraction of the cost. They own the cpu, the os and the storage now.

  • what Burroughs was doing 45 years ago.

    • by bws111 ( 1216812 )

      45 years? Longer than that. Storage protection keys were introduced on the IBM 360/67, in August 1965.

  • Who is buying new SPARC machines in 2015?
  • something bakes something something chips

    I skipped breakfast this morning.

  • It looks like Oracle are taking that they bought with Sun's ZFS and applying it to memory hardware.
  • This isn't a panacea, but neither is it useless. It's much like current versions of ASLR (Address Space Layout Randomization), which attempt to make it hard for attackers to guess where important bits of data/code are located in memory by randomizing where stuff is put in memory. The amount of randomization that current ASLR implementations provide is somewhat limited, so it only achieves a few bits of randomization, meaning that the attacker may still be able to guess the correct location with some trial a

  • by jeffb (2.718) ( 1189693 ) on Wednesday October 28, 2015 @10:49AM (#50817473)

    Sound a little... (puts on sunglasses)... half-baked.

  • Is it possible to design a Memory Management Unit that can prevent one process walking all over another processes memory?
  • Their licensing suck, try to build your own cloud with Oracle products in it, you can't it becomes too expensive, and impossible with vmWare 6, but you can buy access to THEIR cloud for much less. Someone should take them to court for it.
    Fuck Oracle.

"A mind is a terrible thing to have leaking out your ears." -- The League of Sadistic Telepaths

Working...