Oracle Bakes Security Into New Chips

An anonymous reader writes: Oracle's Larry Ellison gave a presentation yesterday at OpenWorld in which he detailed how the M7 chip's new Silicon Secured Memory system works. "On the M7, pointers and their memory blocks are stamped with a 4-bit 'color,' and accesses are verified to make sure the color in the highest bits of the pointer matches the color of the memory allocation. This works with virtual memory allocated from the heap rather from the stack, it appears. Solaris tries to avoid giving adjacent blocks the same color." El Reg notes that a 4-bit security stamp doesn't really offer that many distinct options. "Four bits of color means there are 24, or 16, possible colors a memory block can have. A hijacked pointer has a one-in-16 chance of having a matching color when it accesses any block of memory, allowing it to circumvent the SSM defense mechanism. ... It is even possible [a hacker] can alter the color bits in a pointer to match the color of a block she wishes to access, and thus avoid any crashes and detection. In short, SSM is a mitigation rather than bulletproof protection." Still, Ellison claims this would have shut down vulnerabilities like Heartbleed and Venom.

Always entertaining when salesmen try to talk tech

[JoeyRox]

Colors? I bet he counts binary as "one potato, two potato, four potato".

She?

It is even possible [a hacker] can alter the color bits in a pointer to match the color of a block she wishes to access, and thus avoid any crashes and detection.

Go ahead, mod me down as a troll.

Re:She?

Good catch! Thank you for pointing this out! In this age of equality there's no reason the attacker in the Standard Security Scenario couldn't be a man named Eve and anyone addressing zir without first asking what ze identified as is a shitlord of the highest order pushing their cisgendered patriarchy on everyone else.

Score another win for social justice!

Re: She?

[lister+king+of+smeg]

Yes, she

She, the brown-skinned, multi-racial, handicapped pansexual wiccan furry who was born with a penis.

I think I went to school with him/her

Re: She?

[packrat0x]

Yes, she

She, the brown-skinned, multi-racial, handicapped pansexual wiccan furry who was born with a penis.

I think I went to school with him/her

... and those 2, 3, or 4 years were the best or worst years of your life.

Re:She?

[TemporalBeing]

It is even possible [a hacker] can alter the color bits in a pointer to match the color of a block they wish to access, and thus avoid any crashes and detection.

Go ahead, mod me down as a troll.

Even better - fully inclusive ;-)

24, or 16

[Barnoid]

Took me a moment to realize that there are 10 kinds of people in this world: those who know how to type powers of two, and those who don't.

Re:24, or 16

[armanox]

Hit me too. You'd think that a site like slashdot would catch that - but apparently the old <sup> tag no longer works.

Re:24, or 16

Took me a moment to realize that there are 10 kinds of people in this world: those who know how to type powers of two, and those who don't.

Wait, you mean that isn't base 6?

Re:24, or 16

Hit me too. You'd think that a site like slashdot would catch that - but apparently the old <sup> tag no longer works.

What <sup> tag?

(Reading that question out loud makes you sound like Bugs Bunny)

Re:24, or 16

[myrdos2]

Hah. I was wondering where they got 24.

Re:24, or 16

I still don't see where they got 24 from ... maybe in base 6 ... (2*6+4=16)

Re:24, or 16

I still don't see where they got 24 from ... maybe in base 6 ... (2*6+4=16)

You got it. Well done!

These new base 6 security chips would have utterly baffled those hackers, but there you go and publish the algorithm.

Re:24, or 16

I took me 3 solid minutes to figure it ouy. It should be 2^4.

Re:24, or 16

And those who misunderstand a security feature and those who try to read the effing manuals before writing a panic filled, power of two challenged news article about the feature.

Re:24, or 16

[Kichigai+Mentat]

It was a tag that would superscript text for you.

Re:24, or 16

So that's it! I must be getting slow, because I just spent the last 5 minutes scanning the comments to see if anyone could explain where they pulled 24 from.

So it's slower, then.

When a workaround for this security measure is discovered, I will have slower hardware that's ineffective at security.

Explain this to me

2^4 is 16, what does "Four bits of color means there are 24, or 16," mean?

Re:Explain this to me

[Junta]

When they copy/paste snippet of article that has 4 as superscript, but present it as plain text, and they don't bother editing at all because that would be work.

Re:Explain this to me

[ITRambo]

It might mean that the original poster can't count past 16. So, it's okay to equate 24 with 16. Or, something. It is kinda dumb.

Re:Explain this to me

When they copy/paste snippet of article that has 4 as superscript, but present it as plain text, and they don't bother editing at all because that would be work.

'They' is presumably the submitter.

The 'edito'r here, Soulskill, is clearly a moron. If we didn't already know it.

Re:Explain this to me

[war4peace]

2[superscript]4[/superscript].
2^4. Reformatting is for wussies anyway.

Re: Explain this to me

>The 'edito'r here, Soulskill, is clearly a moron.

yeah, he's sold

Re:Always entertaining when salesmen try to talk t

But... but.... colors are going to change the world! You'll see! *runs off laughing*

Page coloring (for caching)... apk

It's possible they meant the term in my subject https://en.wikipedia.org/wiki/...

(OR something that operates a LOT like it here...)

APK

P.S.=> I didn't "RTFA" but for those of you that did? Feel FREE to correct me IF it doesn't apply here (otherwise enjoy something possibly NEW to you all then, or not)... apk

Re: Page coloring (for caching)... apk

Stop with the fucking "P.S." and sign your name at the bottom like everyone else does.

If you have "P.S." in every fucking post, go back to school, specifically grade 6.

Re:Always entertaining when salesmen try to talk t

Even if Oracle is an evil organization run by salescritters, I fail to see how this computing metaphor is inappropriate. Good metaphor is encouraged because it takes advantage of existing language and simplifies the tech narrative by overloading the language features, provided it should not mislead the audience. We don't raise a colored flag when we think about the 4-color theorem, graph coloring problems, red-black trees, or quantum color dynamics, etc. ;)

Re:Always entertaining when salesmen try to talk t

[fuzzyfuzzyfungus]

I doubt it; but there is a slight possibility that this is actually a delightfully nerdy reference to Paranoia's color-based 'classification' system that some techie deep within the bowels of Oracle managed to sneak past the armies of lawyers, salesmen, and licensing enforcement thugs.

What is Solaris good for?

[Flavianoep]

I tried using OpenSolaris and OpenIndiana at home, but it seemed it was not the intended use. Can anyone explain what do people and business do with Solaris?

Re:What is Solaris good for?

[unixisc]

Once upon a time, it was the default OS for Unix workstations from Sun Microsystems, long before Oracle bought it. Like if you were a chip designer using CAD tools like Verilog or VHDL, your tools were typically available on Solaris, running on a Sun Workstation w/ 128MB of RAM. Or if you were using SPARC based servers for your Oracle database, Solaris was what you used. There used to be a wide range of SPARC CPUs available for a wide range of applications - from lightweight workstations to supercomputers. The CPU was made by a few CPU vendors - Fujitsu, Ross Technologies, Cypress and Sun itself. There were SPARC based workstations from Integrix and Tatung, in addition to Sun. Unfortunately, at the time, Linux and the BSDs didn't exist on them, so there wasn't exactly the opportunity of some of these companies to make inexpensive but good Unixstations independent of Sun (and later Oracle).

Today, its intended use are those legacy usages of businesses that built elaborate systems over Suns overtime, and find it very difficult or expensive to migrate to anything else. Oracle pretty much has them by the cajunas and can charge them as many arms and legs as they feel like.

Re:What is Solaris good for?

[lister+king+of+smeg]

I tried using OpenSolaris and OpenIndiana at home, but it seemed it was not the intended use. Can anyone explain what do people and business do with Solaris?

Pay Oracle lots and lots of money to say they have Oracle and drive their IT guys insane from all I have seen.

Re:What is Solaris good for?

[armanox]

I ran OpenSolaris as a desktop during its day, and I run Solaris on servers. It's everything that Linux wants to be, to be quite honest. The default filesystem (ZFS) has a lot of very nice features (ZFS on a desktop is like having Apple's Time Machine or Windows Shadow copies for file recovery). SMF (the service manager) is a lot of what systemd should have been. And then there is the licensing and support. CDDL allows a lot of things to be included that GPL operating systems can't - I remember when I ran Solaris 10 on my Inspiron 8000 years ago being amazed at what worked out of the box - flash player, nvidia drivers, mp3 codecs all just worked.

Re:What is Solaris good for?

[interval1066]

Its all true, I was there. Sun was the mightiest company in the land once, the whole internet ran on Solaris machines. Then Linus Torvalds came with his x86 based unix-like thingie, and once mighty Sun toppled like a house of chips.

Re:What is Solaris good for?

There's a fair number of Solaris-based telecom applications (SIP AS, etc).

Re:What is Solaris good for?

Plus, you get BSD-like printer commands (left over from SunOS) in an ATT-Unix Solaris version

What could be more useful than that?

Re:What is Solaris good for?

I ran OpenSolaris as a desktop during its day, and I run Solaris on servers. It's everything that Linux wants to be

meaning the package manager and included build system is an unmitigated disaster instead of a partial disaster?

CDDL allows a lot of things to be included that GPL operating systems can't

not sure what you're talking about. Do you mean it "allowed" Sun to be more comfortable releasing generously? There has never been any license problem with "mere aggregation," which is what an os packager is doing.

There _should_ be a problem with GPL compatibility inside the kernel, but thanks to Linus's generously stretched "interpretation" of the GPL (that loading modules is equivalent to exec, not equivalent to ld), non-GPL and even proprietary stuff gets linked into the kernel all the time, too.

I can't think of what's included in Solaris but not in Linux because Solaris is CDDL instead of GPL. ZFS and DTrace, on the other hand, were hard to move from Solaris to Linux because Sun had to have their own NIH license that they didn't write to be GPL-compatible. They could have at least written it to be GPLv3 compatible, like BSD, but they did not. CDDL is a silly thing to brag about.

Solaris itself seems pretty good, though. aside from the disease of binary config formats and the comical restrictions about partitioning a fucking disk, I think it's cleaner than Linux. I also agree with you that SMF makes the best case for systemd, and the fact that few sysadmins hate SMF but many hate systemd is the best case against systemd since SMF does everything systemd tribe claims is so desperately needed. And with "zones" they really put Linux "distro maintainers" in their place. Linux has LXC, which is sufficient to create zones on Linux given only the work of distro makers, but nobody's done it.

Re:What is Solaris good for?

[swillden]

cajunas

FYI, the word is "cojones".

Re:What is Solaris good for?

[Tharkkun]

Its all true, I was there. Sun was the mightiest company in the land once, the whole internet ran on Solaris machines. Then Linus Torvalds came with his x86 based unix-like thingie, and once mighty Sun toppled like a house of chips.

It didn't help that Sun was highly mis-managed, wasteful with spending and gave away so much for free. We were given $150k worth of servers for a pilot which were on loaner. When we called 3 years later, no one even knew we were loaned the equipment. Then Oracle purchased us and finally purchased Sun. So we tossed the equipment.

Re:What is Solaris good for?

[KGIII]

Sun's hardware was awesome. Their support, while expensive, was also awesome! Their workstations were also awesome but pricey. Also, not supported nearly as well. However, lemme just say, "Fuck Oracle."

With the various redundancies built into the Sun servers - we'd probably have had near perfect uptime had I not been the one in the server room and with the admin password. Never mind what I can do to a database. :/ I was, eventually, kicked out of my own server room - it was no longer my domain. I listened, mostly. It had simply become to complex and needy for me to be able to maintain it as the company grew. It'd have been pretty silly of me to hire people and then not listen to them.

I have no idea how Sun is now but I hope they still make good hardware, at least. I do have some experience with Oracle and I was not impressed. By the late 1990s we worked with data sets as large as a TB (or really close). We gave Oracle a shot but only as a trial and not on a live system. After about three months they still couldn't figure out how to make it work properly - I don't know exactly what the issue was, I hate databases and db admin with a passion. They tried to bill us even though we'd declined their services and the consulting was them actually sending in sales reps who didn't make it work. Legal was involved.

I understand their quality has improved but their price has gone through the roof and they're even sleazier with things like demos and the likes now - as well as adding on shelfware? I'm not sure if that's correct or not. 'Tis a shame to see Sun there but my finger is not exactly on the pulse and I was never an expert so I don't really know how that turned out.

But, there was a time... *sighs* I kind of miss it. Then I think about it for a little bit. Hell, Sun helped us write custom drivers for an in-shop crafted networked plotter back in the day. (The plotter wasn't made by us, we made the hub that had the cache, handled queuing, and hooked it to the network as such wasn't actually available at the time. At least not in the size we needed - if at all. It was a black box of doom - do not touch!)

Re:What is Solaris good for?

He means "female cojones."

Wat?

Re: What is Solaris good for?

That was the female version.

Re: What is Solaris good for?

[swillden]

That was the female version.

That would be cojonas, assuming such a thing even made sense.

Re:What is Solaris good for?

Both Oracle and Fujitsu still make SPARC, and you can still license it from SPARC.org.

As for Solaris: there are some nice 16- and 32-socket (SPARC) systems, with each socket having 1 TB of RAM, that it runs on if your workload cannot be distributed. Some nice features are zones, ZFS, and Dtrace (which you can on FreeBSD too, if that matters). SPARC also has on-CPU AES encryption at about 2-4 times the data rate that Intel CPUs have.

Re:What is Solaris good for?

You're a cunt. Go away from Slashdot. Please.

Re:What is Solaris good for?

[unixisc]

Oracle? I thought they stopped, and just buy it from Fujitsu

Re:What is Solaris good for?

[KGIII]

I didn't realize that Larry visited /..

Re:What is Solaris good for?

[hr+raattgift]

OpenSolaris is old and discontinued. OpenIndiana is a CDDL fork of OpenSolaris, rebased onto what's now called Illumos (http://illumos.org/), and is one of several Illumos "distros".

OpenIndiana was meant to be an answer to desktop Linux. It did not do especially well in terms of uptake, for reasons related to Linux's desktop results. However, there are a variety of other distros which are more server-oriented, and they are fairly popular.

They include for example SmartOS (used by http://joyent.com/ for multitenant hosting and for their own software development), OmniOS (used for mainly single-tenant hosting, and for software development http://omniti.com/), Nexenta (used for building large storage systems), and Delphix (a data storage service).

They all rely on the debuggability of Illumos (mdb, dtrace), virtualization (zones, now including Linux branded zones, crossbow, kvm), services (NFS and iSCSI in particular, also various others like SMB), OpenZFS, and a variety of other useful features, such as even under light use making enormous use of threading for parallelism and concurrency (and the threading systems scale well; OpenZFS alone typically uses a couple thousand threads, hundreds of thousands of mutexes, and many condvars, and all will go higher with load; other kernel subsystems can be similar).

It's fairly common for computer services departments in universities and laboratories and so forth to use e.g. an OmniOS server in front of a large storage pool, offering up iSCSI, NFS and other shares to clients, or alternative SmartOS in front of a large storage pool, offering up lightweight VMs to clients.

Oracle's Solaris has diverged from Illumos (and vice-versa). The key features are similar, but Oracle has been targeting much higher-end applications -- much larger and busier storage pools, especially ones which are very heavily random-acess (big Oracle databases are an application). Like Illumos, it can run very well on hardware with huge numbers of cores (including hyperthread-like cores). Unlike Illumos, it's not developed in the open (and is not open source), but it is well-supported enough that expensive contracts get you fixes and sometimes features quickly. Illumos has been slower until fairly recently, for reasons including the lack of ability to do a fully self-hosted build (it relied on nonstandard build tools), an idiosyncratic source code repository, both of which have now been changed in the past few weeks.

Only problem w/ SPARC today...

[unixisc]

... is that it's essentially an Oracle only platform (not sure what Fujitsu does w/ it in Japan). So if you want to be locked into Oracle and pay the same sort of cash that you would for an Itanic building, this is the way to go.

Otherwise, who else is there who's building boxes based on these that could run something that's not from Oracle, and therefore, doesn't involve paying them huge ransoms? As it is, Linux has almost completely left that platform, and I'm not sure of what support the BSDs have left - aside from OpenBSD. Speaking of which, this CPU, given all its security features, could be a good match for OpenBSD, which could explore interesting ways of using the features in it that are actually useful.

Re:Only problem w/ SPARC today...

Obviously Oracle runs Linux in their cloud servers, likely SPARC included. BSDs have had a good support for the various older models until this day. It would be interesting indeed if the company known for its mad skills with money purse strangling would donate some new servers to the projects.

Re:Only problem w/ SPARC today...

[Tharkkun]

... is that it's essentially an Oracle only platform (not sure what Fujitsu does w/ it in Japan). So if you want to be locked into Oracle and pay the same sort of cash that you would for an Itanic building, this is the way to go.

Otherwise, who else is there who's building boxes based on these that could run something that's not from Oracle, and therefore, doesn't involve paying them huge ransoms? As it is, Linux has almost completely left that platform, and I'm not sure of what support the BSDs have left - aside from OpenBSD. Speaking of which, this CPU, given all its security features, could be a good match for OpenBSD, which could explore interesting ways of using the features in it that are actually useful.

This tech is also being moved to their Cloud offering. So they can provide secure, powerful configurations at a fraction of the cost. They own the cpu, the os and the storage now.

but it will cost

$100,000 per clock cycle per year because its Oracle.

Re:but it will cost

[unixisc]

Or if it is a multi-core CPU, Oracle will sell licenses based on the #cores, and since that's something customers can't change, Oracle can easily charge 8x, 32x the pricing for a single core.

Re:but it will cost

... unless you use (an approved) hard partitioning.

Unix finally gets in 2015, a pale imitation of...

[Nutria]

what Burroughs was doing 45 years ago.

no, I didn't read TFA

probably meant 4! not 2^4 .
or 4 x 6.

SPARC? SPARC?

[GGardner]

Who is buying new SPARC machines in 2015?

Re:SPARC? SPARC?

[unixisc]

Fujitsu customers in Japan?

Re:SPARC? SPARC?

Still tons of legacy applications out there. The good thing is that with zones and LDOMs, you can consolidate a ton of SPARC boxes onto one, and almost always, the applications won't really care, assuming the box has enough I/O, disk, and RAM to support it. This way, you can have that one SPARC box, and slowly move everything to x86 when possible.

Plus, for security, SPARC/Solaris still means business. Solaris 11 doesn't even have root by default; it is a role. It also is good to be on a different architecture than everyone else for the same reason why potatoes should be other than the Lumper come a rot epidemic.

Re:Unix finally gets in 2015, a pale imitation of.

A mainframe legacy. Storage protect keys was what IBM called it. Assigned to programs and program storage by the supervisor. Any memory access by the program required the keys to match. A mismatch caused a exception interrupt to the supervisor.

You need this kind of thing for VM security

Xeons are getting all the new features that used to be mainframe only yesterday but the security isn't quite there yet. Turns out with some clever hacking you're able to exploit caching behavior on Xeon cpus and steal information from other VMs running on the same socket.

These guys wrote a paper about it.

https://eprint.iacr.org/2015/898.pdf

They were able to steal encryption keys from another VM running on the same host system on real live AWS instances. Lots of other interesting stuff in there regarding host system identification based on information leaked from the host to the VMs.

Re:You need this kind of thing for VM security

[sexconker]

Xeons are getting all the new features that used to be mainframe only yesterday

Wake me when Xeon systems PCs support hot swapping CPU and RAM.

Mmmm

[wonkey_monkey]

something bakes something something chips

I skipped breakfast this morning.

Is oracle even relevant anymore??

Oracle is struggling to adapt to new times using the old model...

Oh, this makes me so happy... I think I may live to see Oracle be finished...

Re:Is oracle even relevant anymore??

[interval1066]

Good luck with that.

Trickle-down ZFS technology

[QuietLagoon]

It looks like Oracle are taking that they bought with Sun's ZFS and applying it to memory hardware.

Re:Unix finally gets in 2015, a pale imitation of.

[bws111]

45 years? Longer than that. Storage protection keys were introduced on the IBM 360/67, in August 1965.

Not useless

[swillden]

This isn't a panacea, but neither is it useless. It's much like current versions of ASLR (Address Space Layout Randomization), which attempt to make it hard for attackers to guess where important bits of data/code are located in memory by randomizing where stuff is put in memory. The amount of randomization that current ASLR implementations provide is somewhat limited, so it only achieves a few bits of randomization, meaning that the attacker may still be able to guess the correct location with some trial and error.

But layering enough of these sorts of obstacles on really does mean that in many cases an exploit chain that would be easy becomes much more difficult, or even impossible, and they don't impact legitimate code. In this case the color bits do consume some of the virtual address space, but we're talking about 64-bit pointers, which have space to spare.

Re:SPARC? SPARC?

[interval1066]

That's what IBM said about AIX, then they became a "services" company.

It's a graph coloring problem.

[Brannon]

Did you miss the part where they have an algorithm that tries not to assign the same colors to adjacent blocks of memory?

Re:It's a graph coloring problem.

Exactly. Use of the term/metaphor "color" in algorithms and data structures is not new.

For example, Red-Black Trees:
https://en.wikipedia.org/wiki/...

Re:It's a graph coloring problem.

[postbigbang]

Yes. But this is NUMA with more randomization across memory boundaries, and the 32 scores that are in each socket. Depending on how an app is threaded, the number of stack overflow jumps that are possible become factorial, not just multiplicative.

Not 100% safe, but attempts to push the stack through overflow, prediction, or deception, become much easier to both detect, and also to shutdown. It's pretty novel, and more novel than a superficial examination might bear. This said, it's going to be an uphill battle to fight Hurd's ex employer and Intel sycophants HP, along with Dell, and other commodity server makers.

Re:Always entertaining when salesmen try to talk t

[swillden]

Colors? I bet he counts binary as "one potato, two potato, four potato".

It's very unlikely that the decision to call the categories "colors" originated with the sales/PR people. Designers need names for things, and calling things like this "colors" has a long history. Graph coloring, red-black trees, cache coloring... "color" is a nice notion for labels on chunks of memory or data where the color is an attribute that has no meaning to the underlying structure but is layered on top for bookkeeping purposes. Among other benefits, it makes for nice whiteboard diagrams, because you can actually color the nodes in the diagram.

"Baking in" security with only 16 categories?

[jeffb+(2.718)]

Sound a little... (puts on sunglasses)... half-baked.

Bits should be attached to each memory location

I have been in hardware design on and off since the days of Intel's 8080.

It always seemed to me that attaching type bits to each memory location could be very useful. This was not possible in the old memory constricted days. However, now memory is very abundant and the additional overhead should be worth the added security. To implement a scheme like this would require a serious rethink of the operation of the memory management system.

Every addressable memory byte would be assigned a type (via extra bits (or perhaps a more clever mechanism by modern memory management systems)). Important memory block types would include:

Executable space. This would indicate memory locations that contains executable code. It is almost always write protected. It can only be written to by a few special privileged instructions. Any attempt to read from (or write to) this memory as a data block, stack block or buffer block generates an exception at the hardware level.

Stack space: Push/pop and call/return type instructions could only happen in memory the is tagged as stack space. Regular data read/write operations are permitted. A stack overflow (push/pop or call/return) into or from memory not tagged as stack space generates an exception at the hardware level. Also, any attempt to execute code from the stack space generates an exception at the hardware level.

Buffer space: A limited, privileged set of instructions would permit moving data between the buffer and data memory or (with privilege) between the buffer and executable space. Obviously, buffer space cannot be used as a stack or executable space. Any attempt to do so generates an exception at the hardware level.

Data space: Normal program data storage. Like buffer space, data space cannot be used as a stack or executable space. Any attempt to do so generates an exception at the hardware level.

Unallocated space: This is memory that has been been issued a type by the memory manager. Any attempt by any process to access this space generates an exception at the hardware level.

This is just an idea that has been rattling around in my head for some time. Thanks for listening.

Re:Bits should be attached to each memory location

I have been in hardware design on and off since the days of Intel's 8080.

It always seemed to me that attaching type bits to each memory location could be very useful. This was not possible in the old memory constricted days. However, now memory is very abundant and the additional overhead should be worth the added security. To implement a scheme like this would require a serious rethink of the operation of the memory management system.

Every addressable memory byte would be assigned a type (via extra bits (or perhaps a more clever mechanism by modern memory management systems)). Important memory block types would include:

Executable space. This would indicate memory locations that contains executable code. It is almost always write protected. It can only be written to by a few special privileged instructions. Any attempt to read from (or write to) this memory as a data block, stack block or buffer block generates an exception at the hardware level.

Stack space: Push/pop and call/return type instructions could only happen in memory the is tagged as stack space. Regular data read/write operations are permitted. A stack overflow (push/pop or call/return) into or from memory not tagged as stack space generates an exception at the hardware level. Also, any attempt to execute code from the stack space generates an exception at the hardware level.

Buffer space: A limited, privileged set of instructions would permit moving data between the buffer and data memory or (with privilege) between the buffer and executable space. Obviously, buffer space cannot be used as a stack or executable space. Any attempt to do so generates an exception at the hardware level.

Data space: Normal program data storage. Like buffer space, data space cannot be used as a stack or executable space. Any attempt to do so generates an exception at the hardware level.

Unallocated space: This is memory that has been been issued a type by the memory manager. Any attempt by any process to access this space generates an exception at the hardware level.

This is just an idea that has been rattling around in my head for some time. Thanks for listening.

It's very out of fashion to mention it; but, didn't [Open|VAX/]VMS do this from the get-go in ... uh, 1979?

KESU .. Kernel, Executive, Supervisor, User.

Most user-compiled code ran in User space. It could not access memory in higher modes (Kernel, Executive, Supervisor).

The command line interpreter ran in Supervisor mode, and could not access memory in Kernel or Executive mode. It could access memory marked as User mode.

Similarly, Executive mode could access Supervisor and User mode memory, but not Kernel. The Record Management System (RMS, not to be confused with some free software guy) ran in Exec mode. Can't remember what else ran in Exec mode; maybe the batch queue system?

And then at the top of the tree you had Kernel mode. It could go anywhere and do anything, but a fault in Kernel mode led to a system crash to protect system integrity. IRQL_NOT_LESS_OR_EQUAL? Comes from VMS; but then, the same guy designed both operating systems ;)

Access to these various levels was governed by privileges. Not having administered a VMS system for several years (and only having had to run stuff which wanted Kernel mode as a privilege, but not the lower levels ...) I do remember accounts at least had the CMEXEC (change mode to executive) and CMKRNL (change mode to Kernel) privileges; I cannot recall if there was a CMSUPER privilege, but I don't think there was. All users had CMSUPER privilege (so to speak) by the fact the CLI was Supervisor mode only and once invoked would prevent any child process gaining supervisor access. If I recall correctly. It was a while ago ;)

So, instead of 4 explicitly defined rings of protection which are in explicit 'step ups' which cannot be circumvented, you have 16, which by careful design (or misdesign) could be cycled through. Hmm.

Unless it is nested, like [Open|VAX/]VMS did ...

Re:Always entertaining when salesmen try to talk t

[MobSwatter]

NSA haxors it in 4ms, code gets into wild, end of story. I think 'the man' would rather have us all running around naked with implanted remote activated cyanide charged RFID chips and Illuminati tattoos, and every woman well beyond the 5 year 50,000 mile warranty.

Re:Always entertaining when salesmen try to talk t

The term "color" has been used in algorithm descriptions for decades. Spotted the non-programmer!

"there are 24, or 16, possible colors"

Wut?

Hey Soulskill, a power of 2 isn't what you get when you stick your foot in the toilet then lick your finger and place it into an open light socket.

Re:"there are 24, or 16, possible colors"

[0123456]

I presume that was meant to be '2 to the power of 4, or 16', not '24 or 16'.

Re:Always entertaining when salesmen try to talk t

[Big+Hairy+Ian]

I was just impressed with 4bits = 24 what is this quantum?

Re:Unix finally gets in 2015, a pale imitation of.

What they are doing is equivalent to what userspace library Electric Fence does (which is to leave every alternate block of virtual memory unmapped so that running off the edge of a block makes a trap). The problem with Electric Fence is that you can benefit only by putting 1 malloc per 8kByte SPARC page, which wastes _huge_ amounts of memory, so electric fence is used only for debugging, and you have to run the program twice to find bugs---once with mallocs at the top of pages, once at the bottom---because overruns may be small. Since their colours apply to 64-byte blocks, I think it's more useful. I wish this feature were available on commodity machines.

Re:Always entertaining when salesmen try to talk t

[swillden]

NSA haxors it in 4ms, code gets into wild, end of story.

Nope. This kind of exploit mitigation that has no single hack. It's something that every exploit author has to work around, and exactly how to do that will depend on the nature of the exploit. In particular, this promises to be devastating to ROP attacks, seriously reducing the number of gadgets available and how they can be combined. It's doesn't make exploits impossible, but it makes many of them much harder, and some of them impossible.

Re:Always entertaining when salesmen try to talk t

[squiggleslash]

I'm going to make a guess it was 2⁴ but the superscriptiness got lost in a cut and paste. The sentence works if you assume that.

Re:Always entertaining when salesmen try to talk t

[PhrostyMcByte]

It's not unprecedented. See for instance the "red black tree".

Hijacked pointer and memory access ..

[nickweller]

Is it possible to design a Memory Management Unit that can prevent one process walking all over another processes memory?

Oracle: licensing fees up 16 times

[swschrad]

which will be the result of the license of this internal processor segmentation of memory.

I stopped reading after "Oracle"

[Bender+Unit+22]

Their licensing suck, try to build your own cloud with Oracle products in it, you can't it becomes too expensive, and impossible with vmWare 6, but you can buy access to THEIR cloud for much less. Someone should take them to court for it.
Fuck Oracle.

Re:I stopped reading after "Oracle"

I have to agree with this. "Hey, let's make a killing by requiring those who virtualise Oracle to pay for *every single CPU Oracle might run on".

Fuck you Larry Ellison, and the horse you rode into town on. This is cuntishness of the highest order. Way to go with keeping your customer base happy. Still I suppose all that money for prancing about like a Samurai and poodling about in boats has to come from somewhere. Jesus loves you ... but I think you're a cunt.

Re:Always entertaining when salesmen try to talk t

[Tharkkun]

Colors? I bet he counts binary as "one potato, two potato, four potato".

It's very unlikely that the decision to call the categories "colors" originated with the sales/PR people. Designers need names for things, and calling things like this "colors" has a long history. Graph coloring, red-black trees, cache coloring... "color" is a nice notion for labels on chunks of memory or data where the color is an attribute that has no meaning to the underlying structure but is layered on top for bookkeeping purposes. Among other benefits, it makes for nice whiteboard diagrams, because you can actually color the nodes in the diagram.

Colors is also easier to understand for those purchasing the tech who aren't necessarily techies.

Re:Always entertaining when salesmen try to talk t

[swillden]

Colors? I bet he counts binary as "one potato, two potato, four potato".

It's very unlikely that the decision to call the categories "colors" originated with the sales/PR people. Designers need names for things, and calling things like this "colors" has a long history. Graph coloring, red-black trees, cache coloring... "color" is a nice notion for labels on chunks of memory or data where the color is an attribute that has no meaning to the underlying structure but is layered on top for bookkeeping purposes. Among other benefits, it makes for nice whiteboard diagrams, because you can actually color the nodes in the diagram.

Colors is also easier to understand for those purchasing the tech who aren't necessarily techies.

Not in this case. Pointer labeling and its anti-exploit value is still going to be opaque no matter what you call it, and you could apply any common word as the description and the non-technical would be fine using that as the hook. Oracle could be touting their new "porcupine" security technology, it would work as well from a sales perspective. Probably better.

Re:Always entertaining when salesmen try to talk t

I love it when the retards come out on /.

Re:Always entertaining when salesmen try to talk t

16 shades of grey

Re:Always entertaining when salesmen try to talk t

I'm going to make a guess it was 2⁴ but the superscriptiness got lost in a cut and paste. The sentence works if you assume that.

Looking at the source, you're exactly right.

Re:Always entertaining when salesmen try to talk t

[arglebargle_xiv]

And Oracle, of all companies, is the one to be providing this "security" solution. Given their track record, I wouldn't trust Oracle to secure an honesty box...

Re:Unix finally gets in 2015, a pale imitation of.

It's NUMA. Go back to your 4th grade class. Recess is over.

Re: Always entertaining when salesmen try to talk

Strong ASLR (OpenBSD, GRSecurity patched Linux kernel & ELF loader) are already devastating. Basically ROP attacks on such systems can require hundreds or thousands of attempts. But for servers this usually isn't a big deal because the software restarts itself. And you can usually finish the attack before anyone realizes what's happening.

Solaris probably can't implement strong ASLR (many bits of entropy, non-lazy binding so you can't just read the GOT table, etc) because of backward compatability issues.

I'll do as I please you imbecile... apk

See subject: Do you own /.? No. Do I obey you?? No. Are you worth the air you breathe & water + food you eat??? Hell no, lol!

* :)

(Go away now, PUNY troll - "shoo", lmao!)

APK

P.S.=> It must suck to be you - a total WASTE of life that THINKS he can give orders & others will obey them - that's what YOU want? Guess what - how's it FEEL to want something you'll NEVER get???... apk