the most significant value to customers of Oracle’s recently announced SPARC M7 chip design is the enhanced security it provides.
only have to browse the daily news headlines to understand just how important
security is to Oracle’s enterprise customers today. Names like Target, Home Depot, Wal-Mart, JP Morgan Chase,
Apple and many more immediately come to mind. Top-level executives are losing their jobs over this. To quote a March 6, 2015 Fortune
Magazine article on “5 Huge Cyber-security Breaches”,
“Hackers have been
slipping through corporate computer defenses like they’re Swiss cheese.”
the Hot Chips Conference in August of 2014 Oracle unveiled the next generation SPARC M7 processor, a revolutionary
change in its microprocessor design, highlighting an architecture
advancement called “Software in Silicon.” SPARC engineers collaborated with Oracle’s
software engineers to hardwire specific software techniques directly onto
the SPARC M7 chip. And don’t think
this happened over night -- this has
been ongoing work between hardware and software teams for a good portion of the 5 years since Oracle purchased Sun
Microsystems, along with the rights to the SPARC microprocessor.
his keynote speech at Oracle OpenWorld 2014, Larry Ellison referred to the M7’s
security feature as
“the most important piece of engineering we’ve done in
security in a very, very long time.”
back to the Swiss cheese --
One very important security innovation inherent in
this new SPARC M7 microprocessor design is “application data integrity,” or
ADI. ADI makes sure that a memory area is accessed only for the purpose for which it was allocated. Memory allocation issues are often
the source of cyber-security breaches. ADI can prevent any read or write of data beyond the breadth of the data. And what is revolutionary
is that it does it in hardware – actually in the silicon of the forthcoming
SPARC M7 processor.
that is just the tip of the iceberg.
ADI does a lot more to stop malicious attacks of valuable corporate
data. For example, stopping a
security bug like Heartbleed, which is a severe memory handling vulnerability
in the OpenSSL library. Heartbleed
can trick the server into sending more memory than a given user is authorized
to access, with potential user names, passwords and security key information
that should be protected. When the
ADI feature is enabled, it can protect against the Heartbleed bug by detecting
an invalid memory access on the server.
Exactly how this works is clearly demonstrated in this short
demo of this feature in action. Check it out -- its pretty cool!
you are a developer and you want to test this stuff out, Oracle has announced a
new Software in Silicon Cloud where you can do that! This cloud is a secure environment with ready-to-run virtual
machine environments. In addition, it includes Oracle Solaris Studio 12.4, which
provides a tool set that detects numerous types of memory corruption and can aid
developers in quickly improving code reliability. In fact, an upcoming Studio 12.4 update uses the Software in Silicon ADI feature to help the code analyzer work at near hardware
speeds to allow developers to quickly find and fix memory
errors with minimal overhead. Check out Raj Prakash’s blog [Move Over Purify and Valgrind, There is a New Kid in Town], for some staggering numbers on how it compares to other memory access checkers.
are some further links to check out --- note that we have a live webinar on this March 18th: