By Mike Mulkey-Oracle on Mar 07, 2015
Perhaps the most significant value to customers of Oracle’s recently announced SPARC M7 chip design is the enhanced security it provides.
You only have to browse the daily news headlines to understand just how important security is to Oracle’s enterprise customers today. Names like Target, Home Depot, Wal-Mart, JP Morgan Chase, Apple and many more immediately come to mind. Top-level executives are losing their jobs over this. To quote a March 6, 2015 Fortune Magazine article on “5 Huge Cyber-security Breaches”,
“Hackers have been slipping through corporate computer defenses like they’re Swiss cheese.”
At the Hot Chips Conference in August of 2014 Oracle unveiled the next generation SPARC M7 processor, a revolutionary change in its microprocessor design, highlighting an architecture advancement called “Software in Silicon.” SPARC engineers collaborated with Oracle’s software engineers to hardwire specific software techniques directly onto the SPARC M7 chip. And don’t think this happened over night -- this has been ongoing work between hardware and software teams for a good portion of the 5 years since Oracle purchased Sun Microsystems, along with the rights to the SPARC microprocessor.
In his keynote speech at Oracle OpenWorld 2014, Larry Ellison referred to the M7’s security feature as
So back to the Swiss cheese --
One very important security innovation inherent in this new SPARC M7 microprocessor design is “application data integrity,” or ADI. ADI makes sure that a memory area is accessed only for the purpose for which it was allocated. Memory allocation issues are often the source of cyber-security breaches. ADI can prevent any read or write of data beyond the breadth of the data. And what is revolutionary is that it does it in hardware – actually in the silicon of the forthcoming SPARC M7 processor.
But that is just the tip of the iceberg. ADI does a lot more to stop malicious attacks of valuable corporate data. For example, stopping a security bug like Heartbleed, which is a severe memory handling vulnerability in the OpenSSL library. Heartbleed can trick the server into sending more memory than a given user is authorized to access, with potential user names, passwords and security key information that should be protected. When the ADI feature is enabled, it can protect against the Heartbleed bug by detecting an invalid memory access on the server. Exactly how this works is clearly demonstrated in this short demo of this feature in action. Check it out -- its pretty cool!
you are a developer and you want to test this stuff out, Oracle has announced a
new Software in Silicon Cloud where you can do that! This cloud is a secure environment with ready-to-run virtual
machine environments. In addition, it includes Oracle Solaris Studio 12.4, which
provides a tool set that detects numerous types of memory corruption and can aid
developers in quickly improving code reliability. In fact, an upcoming Studio 12.4 update uses the Software in Silicon ADI feature to help the code analyzer work at near hardware
speeds to allow developers to quickly find and fix memory
errors with minimal overhead. Check out Raj Prakash’s blog [Move Over Purify and Valgrind, There is a New Kid in Town], for some staggering numbers on how it compares to other memory access checkers.
Here are some further links to check out --- note that we have a live webinar on this March 18th:
- LIVE Webinar on Software in Silicon Cloud (March 18th @ 11:00am PDT)
- Software in Silicon Cloud for Developers (Video) - Security Features
- Youtube videos on Software in Silicon