November 19, 2014

SPARC M7 - Security in Silicon

In my last Blog Post I talked about our next generation SPARC M7 processor. One of the very interesting feature on the M7 Processor is something we are calling Software In Silicon (SiS). The ultimate software optimization is putting the software feature directly into Silicon. To get an overview of SiS listen to Juan Loaiza our Sr. VP of technology speak about it at OOW 2014 In the next series of posts I plan on talking about the various SiS features in the M7 chip. In this post we will talk about Application Data Integrity - ADI

SPARC M7 - Security in Silicon

Today's hackers have been busy finding ways to exploit points of vulnerability in application. Every week we hear of some popular company losing data through Data Breach. Famous viruses like Heartbleed SSL virus have been making headline news. One of the more popular exploits uses buffer overflow. Application developers often do not check  sizes of function arguments. Hackers exploit this to over write or read past memory buffers. Many software based solutions have been proposed to help guard from these types of attacks. The problem with a software based solution is the very high overhead - often 80X - 100X times slower. No production environment can take this type of overhead.

The SPARC M7 chip completely changes the game, by implementing a hardware solution for this problem. It has an innovative feature called Application Data Integrity. It uses a few bits in the address to store a version number. The same version number is stored in memory (cache line) as well. The M7 chip checks if the version matches for every read (load) and write (store) to memory. This check is done in hardware with extremely low overhead. A demo of using ADI to stop the heatbleed virus explains how it works.

Here is a diagram that shows how ADI works.

Tools to help application developers and customers to secure their application using Security In Silicon are available today. The Oracle Solaris Studio 12.4 now has support for ADI. No need to change your code. No need to recompile your application. Just LD_PRELOAD a library before you run your application. Pretty simple to use and very very low overhead. For example SSL performance is reduced by less than 1% when you make it more secure using ADI on the SPARC M7 chip (This is my measurement based on openssl speed tests).

We are making it easy for developers and customers to test out Security In Silicon using the Software In Silicon Cloud. John Fowler Executive VP for Systems in Oracle announced the cloud at OpenWorld 2014. See this press release for the details.We are making M7 based machines available for Beta testers to try out these features today.

Just point your browser to https://swisdev.oracle.com and click on Sign-up.

Join the discussion

Comments ( 2 )
  • guest Thursday, November 20, 2014

    Another exciting feature of this chip is Query Acceleration. This would be excellent for production systems

  • guest Wednesday, December 3, 2014

    Excellent article and cool feature of the M7. Good that Oracle makes the M7 avaialble via could.

    FYI, the link https://swisdev.oracle.com points to https://swisdev.oracl.ecom and doesn't work

Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.