Oracle Bakes Security Into New Chips

An anonymous reader writes: Oracle's Larry Ellison gave a presentation yesterday at OpenWorld in which he detailed how the M7 chip's new Silicon Secured Memory system works. "On the M7, pointers and their memory blocks are stamped with a 4-bit 'color,' and accesses are verified to make sure the color in the highest bits of the pointer matches the color of the memory allocation. This works with virtual memory allocated from the heap rather from the stack, it appears. Solaris tries to avoid giving adjacent blocks the same color." El Reg notes that a 4-bit security stamp doesn't really offer that many distinct options. "Four bits of color means there are 24, or 16, possible colors a memory block can have. A hijacked pointer has a one-in-16 chance of having a matching color when it accesses any block of memory, allowing it to circumvent the SSM defense mechanism. ... It is even possible [a hacker] can alter the color bits in a pointer to match the color of a block she wishes to access, and thus avoid any crashes and detection. In short, SSM is a mitigation rather than bulletproof protection." Still, Ellison claims this would have shut down vulnerabilities like Heartbleed and Venom.

Re:Explain this to me

[Junta]

When they copy/paste snippet of article that has 4 as superscript, but present it as plain text, and they don't bother editing at all because that would be work.

Re:What is Solaris good for?

[unixisc]

Once upon a time, it was the default OS for Unix workstations from Sun Microsystems, long before Oracle bought it. Like if you were a chip designer using CAD tools like Verilog or VHDL, your tools were typically available on Solaris, running on a Sun Workstation w/ 128MB of RAM. Or if you were using SPARC based servers for your Oracle database, Solaris was what you used. There used to be a wide range of SPARC CPUs available for a wide range of applications - from lightweight workstations to supercomputers. The CPU was made by a few CPU vendors - Fujitsu, Ross Technologies, Cypress and Sun itself. There were SPARC based workstations from Integrix and Tatung, in addition to Sun. Unfortunately, at the time, Linux and the BSDs didn't exist on them, so there wasn't exactly the opportunity of some of these companies to make inexpensive but good Unixstations independent of Sun (and later Oracle).

Today, its intended use are those legacy usages of businesses that built elaborate systems over Suns overtime, and find it very difficult or expensive to migrate to anything else. Oracle pretty much has them by the cajunas and can charge them as many arms and legs as they feel like.

Re:Always entertaining when salesmen try to talk t

[swillden]

Colors? I bet he counts binary as "one potato, two potato, four potato".

It's very unlikely that the decision to call the categories "colors" originated with the sales/PR people. Designers need names for things, and calling things like this "colors" has a long history. Graph coloring, red-black trees, cache coloring... "color" is a nice notion for labels on chunks of memory or data where the color is an attribute that has no meaning to the underlying structure but is layered on top for bookkeeping purposes. Among other benefits, it makes for nice whiteboard diagrams, because you can actually color the nodes in the diagram.