Saturday Mar 07, 2015

Stopping Security Breaches with a Revolution in Chip Design

Perhaps the most significant value to customers of Oracle’s recently announced SPARC M7 chip  design is the enhanced security it provides.

You only have to browse the daily news headlines to understand just how important security is to Oracle’s enterprise customers today.  Names like Target, Home Depot, Wal-Mart, JP Morgan Chase, Apple and many more immediately come to mind.  Top-level executives are losing their jobs over this.   To quote a March 6, 2015 Fortune Magazine article on “5 Huge Cyber-security Breaches”,

“Hackers have been slipping through corporate computer defenses like they’re Swiss cheese.”

At the Hot Chips Conference in August of 2014 Oracle unveiled the next generation SPARC M7 processor,  a revolutionary change in its microprocessor design, highlighting an architecture advancement called “Software in Silicon.”   SPARC engineers collaborated with Oracle’s software engineers to hardwire specific software techniques directly onto the SPARC M7 chip.  And don’t think this happened over night -- this has been ongoing work between hardware and software teams for a good portion of the 5 years since Oracle purchased Sun Microsystems, along with the rights to the SPARC microprocessor.

In his keynote speech at Oracle OpenWorld 2014, Larry Ellison referred to the M7’s security feature as

the most important piece of engineering we’ve done in security in a very, very long time.” 

So back to the Swiss cheese --

One very important security innovation inherent in this new SPARC M7 microprocessor design is “application data integrity,” or ADI.  ADI makes sure that a memory area is accessed only for the purpose for which it was allocated.  Memory allocation issues are often the source of cyber-security breaches.  ADI can prevent any read or write of data beyond the breadth of the data.  And what is revolutionary is that it does it in hardware – actually in the silicon of the forthcoming SPARC M7 processor.

But that is just the tip of the iceberg.  ADI does a lot more to stop malicious attacks of valuable corporate data.  For example, stopping a security bug like Heartbleed, which is a severe memory handling vulnerability in the OpenSSL library.  Heartbleed can trick the server into sending more memory than a given user is authorized to access, with potential user names, passwords and security key information that should be protected.  When the ADI feature is enabled, it can protect against the Heartbleed bug by detecting an invalid memory access on the server.  Exactly how this works is clearly demonstrated in this short demo of this feature in action.  Check it out -- its pretty cool!

If you are a developer and you want to test this stuff out, Oracle has announced a new Software in Silicon Cloud where you can do that!  This cloud is a secure environment with ready-to-run virtual machine environments. In addition, it includes Oracle Solaris Studio 12.4, which provides a tool set that detects numerous types of memory corruption and can aid developers in quickly improving code reliability.  In fact, an upcoming Studio 12.4 update uses the Software in Silicon ADI feature to help the code analyzer work at near hardware speeds to allow developers to quickly find and fix memory errors with minimal overhead.  Check out Raj Prakash’s blog [Move Over Purify and Valgrind, There is a New Kid in Town], for some staggering numbers on how it compares to other memory access checkers.

Here are some further links to check out  --- note that we have a live webinar on this March 18th:


Monday May 26, 2014

Security Access Control With Solaris Virtualization

Numerous Solaris customers consolidate multiple applications or servers on a single platform. The resulting configuration consists of many environments hosted on a single infrastructure and security constraints sometimes exist between these environments. Recently, a customer consolidated many virtual machines belonging to both their Intranet and Extranet on a pair of SPARC Solaris servers interconnected through Infiniband. Virtual Machines were mapped to Solaris Zones and one security constraint was to prevent SSH connections between the Intranet and the Extranet. This case study gives us the opportunity to understand how the Oracle Solaris Network Virtualization Technology —a.k.a. Project Crossbow— can be used to control outbound traffic from Solaris Zones.

[Read More]

Tuesday Mar 09, 2010

Kinamik Data Integrity secures Solaris audit trails

Kinamik Data Integrity is a software company focused on data integrity, whose mission is to provide an easy answer to a tough question: how do I know the digital records I am looking at are correct?

Kinamik develops the Secure Audit Vault software solution that centralizes and preserves sensitive data; by applying a digital fingerprint to the secured records, it makes them tamper-evident and provides proof that the sealed data has not been manipulated from the moment of its creation. In a context of increasingly stringent compliance requirements, the Kinamik Secure Audit Vault helps organizations in regaining the trustworthiness of their data. The Kinamik innovative R&D has been recognized by several awards including the 2007 Red Herring Top 100 Europe.

Already a partner of Sun and Oracle --Kinamik is a member of the Sun Partner Advantage, Sun Startup Essentials and Oracle Partner Network programs--, Kinamik joined the OpenSolaris community in 2009 and contributed to Sun´s development efforts on the audit_remote plugin by collaborating in the testing processes and providing bug reports to Sun's team.

This plugin enables the secure transmission of audit trails to a remote storage, which would prevent an intruder who compromised a system from being able to delete the audit trail of that system. Kinamik developed the receiver part that allows the audit trails to be secured and stored in real time…

[Read More]
About

How open innovation and technology adoption translates to business value, with stories from our developer support work at Oracle's ISV Engineering.

Subscribe

Search

Categories
Archives
« July 2015
SunMonTueWedThuFriSat
   
1
2
3
4
5
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
       
Today
Feeds