Oracle Bakes Security Into New Chips

An anonymous reader writes: Oracle's Larry Ellison gave a presentation yesterday at OpenWorld in which he detailed how the M7 chip's new Silicon Secured Memory system works. "On the M7, pointers and their memory blocks are stamped with a 4-bit 'color,' and accesses are verified to make sure the color in the highest bits of the pointer matches the color of the memory allocation. This works with virtual memory allocated from the heap rather from the stack, it appears. Solaris tries to avoid giving adjacent blocks the same color." El Reg notes that a 4-bit security stamp doesn't really offer that many distinct options. "Four bits of color means there are 24, or 16, possible colors a memory block can have. A hijacked pointer has a one-in-16 chance of having a matching color when it accesses any block of memory, allowing it to circumvent the SSM defense mechanism. ... It is even possible [a hacker] can alter the color bits in a pointer to match the color of a block she wishes to access, and thus avoid any crashes and detection. In short, SSM is a mitigation rather than bulletproof protection." Still, Ellison claims this would have shut down vulnerabilities like Heartbleed and Venom.

Always entertaining when salesmen try to talk tech

[JoeyRox]

Colors? I bet he counts binary as "one potato, two potato, four potato".

She?

It is even possible [a hacker] can alter the color bits in a pointer to match the color of a block she wishes to access, and thus avoid any crashes and detection.

Go ahead, mod me down as a troll.

Re:She?

Good catch! Thank you for pointing this out! In this age of equality there's no reason the attacker in the Standard Security Scenario couldn't be a man named Eve and anyone addressing zir without first asking what ze identified as is a shitlord of the highest order pushing their cisgendered patriarchy on everyone else.

Score another win for social justice!

Re: She?

[lister+king+of+smeg]

Yes, she

She, the brown-skinned, multi-racial, handicapped pansexual wiccan furry who was born with a penis.

I think I went to school with him/her

Re: She?

[packrat0x]

Yes, she

She, the brown-skinned, multi-racial, handicapped pansexual wiccan furry who was born with a penis.

I think I went to school with him/her

... and those 2, 3, or 4 years were the best or worst years of your life.

Re:She?

[TemporalBeing]

It is even possible [a hacker] can alter the color bits in a pointer to match the color of a block they wish to access, and thus avoid any crashes and detection.

Go ahead, mod me down as a troll.

Even better - fully inclusive ;-)

24, or 16

[Barnoid]

Took me a moment to realize that there are 10 kinds of people in this world: those who know how to type powers of two, and those who don't.

Re:24, or 16

[armanox]

Hit me too. You'd think that a site like slashdot would catch that - but apparently the old <sup> tag no longer works.

Re:24, or 16

Took me a moment to realize that there are 10 kinds of people in this world: those who know how to type powers of two, and those who don't.

Wait, you mean that isn't base 6?

Re:24, or 16

[myrdos2]

Hah. I was wondering where they got 24.

Re:24, or 16

[Kichigai+Mentat]

It was a tag that would superscript text for you.

So it's slower, then.

When a workaround for this security measure is discovered, I will have slower hardware that's ineffective at security.

Re:Explain this to me

[Junta]

When they copy/paste snippet of article that has 4 as superscript, but present it as plain text, and they don't bother editing at all because that would be work.

Re:Always entertaining when salesmen try to talk t

Even if Oracle is an evil organization run by salescritters, I fail to see how this computing metaphor is inappropriate. Good metaphor is encouraged because it takes advantage of existing language and simplifies the tech narrative by overloading the language features, provided it should not mislead the audience. We don't raise a colored flag when we think about the 4-color theorem, graph coloring problems, red-black trees, or quantum color dynamics, etc. ;)

Re:Always entertaining when salesmen try to talk t

[fuzzyfuzzyfungus]

I doubt it; but there is a slight possibility that this is actually a delightfully nerdy reference to Paranoia's color-based 'classification' system that some techie deep within the bowels of Oracle managed to sneak past the armies of lawyers, salesmen, and licensing enforcement thugs.

What is Solaris good for?

[Flavianoep]

I tried using OpenSolaris and OpenIndiana at home, but it seemed it was not the intended use. Can anyone explain what do people and business do with Solaris?

Re:What is Solaris good for?

[unixisc]

Once upon a time, it was the default OS for Unix workstations from Sun Microsystems, long before Oracle bought it. Like if you were a chip designer using CAD tools like Verilog or VHDL, your tools were typically available on Solaris, running on a Sun Workstation w/ 128MB of RAM. Or if you were using SPARC based servers for your Oracle database, Solaris was what you used. There used to be a wide range of SPARC CPUs available for a wide range of applications - from lightweight workstations to supercomputers. The CPU was made by a few CPU vendors - Fujitsu, Ross Technologies, Cypress and Sun itself. There were SPARC based workstations from Integrix and Tatung, in addition to Sun. Unfortunately, at the time, Linux and the BSDs didn't exist on them, so there wasn't exactly the opportunity of some of these companies to make inexpensive but good Unixstations independent of Sun (and later Oracle).

Today, its intended use are those legacy usages of businesses that built elaborate systems over Suns overtime, and find it very difficult or expensive to migrate to anything else. Oracle pretty much has them by the cajunas and can charge them as many arms and legs as they feel like.

Re:What is Solaris good for?

[lister+king+of+smeg]

I tried using OpenSolaris and OpenIndiana at home, but it seemed it was not the intended use. Can anyone explain what do people and business do with Solaris?

Pay Oracle lots and lots of money to say they have Oracle and drive their IT guys insane from all I have seen.

Re:What is Solaris good for?

[armanox]

I ran OpenSolaris as a desktop during its day, and I run Solaris on servers. It's everything that Linux wants to be, to be quite honest. The default filesystem (ZFS) has a lot of very nice features (ZFS on a desktop is like having Apple's Time Machine or Windows Shadow copies for file recovery). SMF (the service manager) is a lot of what systemd should have been. And then there is the licensing and support. CDDL allows a lot of things to be included that GPL operating systems can't - I remember when I ran Solaris 10 on my Inspiron 8000 years ago being amazed at what worked out of the box - flash player, nvidia drivers, mp3 codecs all just worked.

Re:What is Solaris good for?

[interval1066]

Its all true, I was there. Sun was the mightiest company in the land once, the whole internet ran on Solaris machines. Then Linus Torvalds came with his x86 based unix-like thingie, and once mighty Sun toppled like a house of chips.

Re:What is Solaris good for?

I ran OpenSolaris as a desktop during its day, and I run Solaris on servers. It's everything that Linux wants to be

meaning the package manager and included build system is an unmitigated disaster instead of a partial disaster?

CDDL allows a lot of things to be included that GPL operating systems can't

not sure what you're talking about. Do you mean it "allowed" Sun to be more comfortable releasing generously? There has never been any license problem with "mere aggregation," which is what an os packager is doing.

There _should_ be a problem with GPL compatibility inside the kernel, but thanks to Linus's generously stretched "interpretation" of the GPL (that loading modules is equivalent to exec, not equivalent to ld), non-GPL and even proprietary stuff gets linked into the kernel all the time, too.

I can't think of what's included in Solaris but not in Linux because Solaris is CDDL instead of GPL. ZFS and DTrace, on the other hand, were hard to move from Solaris to Linux because Sun had to have their own NIH license that they didn't write to be GPL-compatible. They could have at least written it to be GPLv3 compatible, like BSD, but they did not. CDDL is a silly thing to brag about.

Solaris itself seems pretty good, though. aside from the disease of binary config formats and the comical restrictions about partitioning a fucking disk, I think it's cleaner than Linux. I also agree with you that SMF makes the best case for systemd, and the fact that few sysadmins hate SMF but many hate systemd is the best case against systemd since SMF does everything systemd tribe claims is so desperately needed. And with "zones" they really put Linux "distro maintainers" in their place. Linux has LXC, which is sufficient to create zones on Linux given only the work of distro makers, but nobody's done it.

Re:What is Solaris good for?

[swillden]

cajunas

FYI, the word is "cojones".

Re:What is Solaris good for?

[Tharkkun]

Its all true, I was there. Sun was the mightiest company in the land once, the whole internet ran on Solaris machines. Then Linus Torvalds came with his x86 based unix-like thingie, and once mighty Sun toppled like a house of chips.

It didn't help that Sun was highly mis-managed, wasteful with spending and gave away so much for free. We were given $150k worth of servers for a pilot which were on loaner. When we called 3 years later, no one even knew we were loaned the equipment. Then Oracle purchased us and finally purchased Sun. So we tossed the equipment.

Re:What is Solaris good for?

[KGIII]

Sun's hardware was awesome. Their support, while expensive, was also awesome! Their workstations were also awesome but pricey. Also, not supported nearly as well. However, lemme just say, "Fuck Oracle."

With the various redundancies built into the Sun servers - we'd probably have had near perfect uptime had I not been the one in the server room and with the admin password. Never mind what I can do to a database. :/ I was, eventually, kicked out of my own server room - it was no longer my domain. I listened, mostly. It had simply become to complex and needy for me to be able to maintain it as the company grew. It'd have been pretty silly of me to hire people and then not listen to them.

I have no idea how Sun is now but I hope they still make good hardware, at least. I do have some experience with Oracle and I was not impressed. By the late 1990s we worked with data sets as large as a TB (or really close). We gave Oracle a shot but only as a trial and not on a live system. After about three months they still couldn't figure out how to make it work properly - I don't know exactly what the issue was, I hate databases and db admin with a passion. They tried to bill us even though we'd declined their services and the consulting was them actually sending in sales reps who didn't make it work. Legal was involved.

I understand their quality has improved but their price has gone through the roof and they're even sleazier with things like demos and the likes now - as well as adding on shelfware? I'm not sure if that's correct or not. 'Tis a shame to see Sun there but my finger is not exactly on the pulse and I was never an expert so I don't really know how that turned out.

But, there was a time... *sighs* I kind of miss it. Then I think about it for a little bit. Hell, Sun helped us write custom drivers for an in-shop crafted networked plotter back in the day. (The plotter wasn't made by us, we made the hub that had the cache, handled queuing, and hooked it to the network as such wasn't actually available at the time. At least not in the size we needed - if at all. It was a black box of doom - do not touch!)

Re: What is Solaris good for?

[swillden]

That was the female version.

That would be cojonas, assuming such a thing even made sense.

Re:What is Solaris good for?

[unixisc]

Oracle? I thought they stopped, and just buy it from Fujitsu

Re:What is Solaris good for?

[KGIII]

I didn't realize that Larry visited /..

Re:What is Solaris good for?

[hr+raattgift]

OpenSolaris is old and discontinued. OpenIndiana is a CDDL fork of OpenSolaris, rebased onto what's now called Illumos (http://illumos.org/), and is one of several Illumos "distros".

OpenIndiana was meant to be an answer to desktop Linux. It did not do especially well in terms of uptake, for reasons related to Linux's desktop results. However, there are a variety of other distros which are more server-oriented, and they are fairly popular.

They include for example SmartOS (used by http://joyent.com/ for multitenant hosting and for their own software development), OmniOS (used for mainly single-tenant hosting, and for software development http://omniti.com/), Nexenta (used for building large storage systems), and Delphix (a data storage service).

They all rely on the debuggability of Illumos (mdb, dtrace), virtualization (zones, now including Linux branded zones, crossbow, kvm), services (NFS and iSCSI in particular, also various others like SMB), OpenZFS, and a variety of other useful features, such as even under light use making enormous use of threading for parallelism and concurrency (and the threading systems scale well; OpenZFS alone typically uses a couple thousand threads, hundreds of thousands of mutexes, and many condvars, and all will go higher with load; other kernel subsystems can be similar).

It's fairly common for computer services departments in universities and laboratories and so forth to use e.g. an OmniOS server in front of a large storage pool, offering up iSCSI, NFS and other shares to clients, or alternative SmartOS in front of a large storage pool, offering up lightweight VMs to clients.

Oracle's Solaris has diverged from Illumos (and vice-versa). The key features are similar, but Oracle has been targeting much higher-end applications -- much larger and busier storage pools, especially ones which are very heavily random-acess (big Oracle databases are an application). Like Illumos, it can run very well on hardware with huge numbers of cores (including hyperthread-like cores). Unlike Illumos, it's not developed in the open (and is not open source), but it is well-supported enough that expensive contracts get you fixes and sometimes features quickly. Illumos has been slower until fairly recently, for reasons including the lack of ability to do a fully self-hosted build (it relied on nonstandard build tools), an idiosyncratic source code repository, both of which have now been changed in the past few weeks.

Re:Explain this to me

[ITRambo]

It might mean that the original poster can't count past 16. So, it's okay to equate 24 with 16. Or, something. It is kinda dumb.

Only problem w/ SPARC today...

[unixisc]

... is that it's essentially an Oracle only platform (not sure what Fujitsu does w/ it in Japan). So if you want to be locked into Oracle and pay the same sort of cash that you would for an Itanic building, this is the way to go.

Otherwise, who else is there who's building boxes based on these that could run something that's not from Oracle, and therefore, doesn't involve paying them huge ransoms? As it is, Linux has almost completely left that platform, and I'm not sure of what support the BSDs have left - aside from OpenBSD. Speaking of which, this CPU, given all its security features, could be a good match for OpenBSD, which could explore interesting ways of using the features in it that are actually useful.

Re:Only problem w/ SPARC today...

[Tharkkun]

... is that it's essentially an Oracle only platform (not sure what Fujitsu does w/ it in Japan). So if you want to be locked into Oracle and pay the same sort of cash that you would for an Itanic building, this is the way to go.

Otherwise, who else is there who's building boxes based on these that could run something that's not from Oracle, and therefore, doesn't involve paying them huge ransoms? As it is, Linux has almost completely left that platform, and I'm not sure of what support the BSDs have left - aside from OpenBSD. Speaking of which, this CPU, given all its security features, could be a good match for OpenBSD, which could explore interesting ways of using the features in it that are actually useful.

This tech is also being moved to their Cloud offering. So they can provide secure, powerful configurations at a fraction of the cost. They own the cpu, the os and the storage now.

Unix finally gets in 2015, a pale imitation of...

[Nutria]

what Burroughs was doing 45 years ago.

SPARC? SPARC?

[GGardner]

Who is buying new SPARC machines in 2015?

Re:but it will cost

[unixisc]

Or if it is a multi-core CPU, Oracle will sell licenses based on the #cores, and since that's something customers can't change, Oracle can easily charge 8x, 32x the pricing for a single core.

Re:SPARC? SPARC?

[unixisc]

Fujitsu customers in Japan?

Mmmm

[wonkey_monkey]

something bakes something something chips

I skipped breakfast this morning.

Trickle-down ZFS technology

[QuietLagoon]

It looks like Oracle are taking that they bought with Sun's ZFS and applying it to memory hardware.

Re:Unix finally gets in 2015, a pale imitation of.

[bws111]

45 years? Longer than that. Storage protection keys were introduced on the IBM 360/67, in August 1965.

Not useless

[swillden]

This isn't a panacea, but neither is it useless. It's much like current versions of ASLR (Address Space Layout Randomization), which attempt to make it hard for attackers to guess where important bits of data/code are located in memory by randomizing where stuff is put in memory. The amount of randomization that current ASLR implementations provide is somewhat limited, so it only achieves a few bits of randomization, meaning that the attacker may still be able to guess the correct location with some trial and error.

But layering enough of these sorts of obstacles on really does mean that in many cases an exploit chain that would be easy becomes much more difficult, or even impossible, and they don't impact legitimate code. In this case the color bits do consume some of the virtual address space, but we're talking about 64-bit pointers, which have space to spare.

Re:SPARC? SPARC?

[interval1066]

That's what IBM said about AIX, then they became a "services" company.

Re:Is oracle even relevant anymore??

[interval1066]

Good luck with that.

It's a graph coloring problem.

[Brannon]

Did you miss the part where they have an algorithm that tries not to assign the same colors to adjacent blocks of memory?

Re:It's a graph coloring problem.

[postbigbang]

Yes. But this is NUMA with more randomization across memory boundaries, and the 32 scores that are in each socket. Depending on how an app is threaded, the number of stack overflow jumps that are possible become factorial, not just multiplicative.

Not 100% safe, but attempts to push the stack through overflow, prediction, or deception, become much easier to both detect, and also to shutdown. It's pretty novel, and more novel than a superficial examination might bear. This said, it's going to be an uphill battle to fight Hurd's ex employer and Intel sycophants HP, along with Dell, and other commodity server makers.

Re:Always entertaining when salesmen try to talk t

[swillden]

Colors? I bet he counts binary as "one potato, two potato, four potato".

It's very unlikely that the decision to call the categories "colors" originated with the sales/PR people. Designers need names for things, and calling things like this "colors" has a long history. Graph coloring, red-black trees, cache coloring... "color" is a nice notion for labels on chunks of memory or data where the color is an attribute that has no meaning to the underlying structure but is layered on top for bookkeeping purposes. Among other benefits, it makes for nice whiteboard diagrams, because you can actually color the nodes in the diagram.

"Baking in" security with only 16 categories?

[jeffb+(2.718)]

Sound a little... (puts on sunglasses)... half-baked.

Re:Always entertaining when salesmen try to talk t

[MobSwatter]

NSA haxors it in 4ms, code gets into wild, end of story. I think 'the man' would rather have us all running around naked with implanted remote activated cyanide charged RFID chips and Illuminati tattoos, and every woman well beyond the 5 year 50,000 mile warranty.

Re:Explain this to me

[war4peace]

2[superscript]4[/superscript].
2^4. Reformatting is for wussies anyway.

Re:Always entertaining when salesmen try to talk t

[Big+Hairy+Ian]

I was just impressed with 4bits = 24 what is this quantum?

Re:Always entertaining when salesmen try to talk t

[swillden]

NSA haxors it in 4ms, code gets into wild, end of story.

Nope. This kind of exploit mitigation that has no single hack. It's something that every exploit author has to work around, and exactly how to do that will depend on the nature of the exploit. In particular, this promises to be devastating to ROP attacks, seriously reducing the number of gadgets available and how they can be combined. It's doesn't make exploits impossible, but it makes many of them much harder, and some of them impossible.

Re:Always entertaining when salesmen try to talk t

[squiggleslash]

I'm going to make a guess it was 2⁴ but the superscriptiness got lost in a cut and paste. The sentence works if you assume that.

Re:"there are 24, or 16, possible colors"

[0123456]

I presume that was meant to be '2 to the power of 4, or 16', not '24 or 16'.

Re:Always entertaining when salesmen try to talk t

[PhrostyMcByte]

It's not unprecedented. See for instance the "red black tree".

Hijacked pointer and memory access ..

[nickweller]

Is it possible to design a Memory Management Unit that can prevent one process walking all over another processes memory?

Re:You need this kind of thing for VM security

[sexconker]

Xeons are getting all the new features that used to be mainframe only yesterday

Wake me when Xeon systems PCs support hot swapping CPU and RAM.

Oracle: licensing fees up 16 times

[swschrad]

which will be the result of the license of this internal processor segmentation of memory.

I stopped reading after "Oracle"

[Bender+Unit+22]

Their licensing suck, try to build your own cloud with Oracle products in it, you can't it becomes too expensive, and impossible with vmWare 6, but you can buy access to THEIR cloud for much less. Someone should take them to court for it.
Fuck Oracle.

Re:Always entertaining when salesmen try to talk t

[Tharkkun]

Colors? I bet he counts binary as "one potato, two potato, four potato".

It's very unlikely that the decision to call the categories "colors" originated with the sales/PR people. Designers need names for things, and calling things like this "colors" has a long history. Graph coloring, red-black trees, cache coloring... "color" is a nice notion for labels on chunks of memory or data where the color is an attribute that has no meaning to the underlying structure but is layered on top for bookkeeping purposes. Among other benefits, it makes for nice whiteboard diagrams, because you can actually color the nodes in the diagram.

Colors is also easier to understand for those purchasing the tech who aren't necessarily techies.

Re:Always entertaining when salesmen try to talk t

[swillden]

Colors? I bet he counts binary as "one potato, two potato, four potato".

It's very unlikely that the decision to call the categories "colors" originated with the sales/PR people. Designers need names for things, and calling things like this "colors" has a long history. Graph coloring, red-black trees, cache coloring... "color" is a nice notion for labels on chunks of memory or data where the color is an attribute that has no meaning to the underlying structure but is layered on top for bookkeeping purposes. Among other benefits, it makes for nice whiteboard diagrams, because you can actually color the nodes in the diagram.

Colors is also easier to understand for those purchasing the tech who aren't necessarily techies.

Not in this case. Pointer labeling and its anti-exploit value is still going to be opaque no matter what you call it, and you could apply any common word as the description and the non-technical would be fine using that as the hook. Oracle could be touting their new "porcupine" security technology, it would work as well from a sales perspective. Probably better.

Re:Always entertaining when salesmen try to talk t

[arglebargle_xiv]

And Oracle, of all companies, is the one to be providing this "security" solution. Given their track record, I wouldn't trust Oracle to secure an honesty box...