Stories
Slash Boxes
Comments

SoylentNews is people

Larry Thinks Oracle's M7 Chip is Hacker-Proof – But You May Have a 1-in-16 Chance of Cracking It

posted by cmn32480 on Thursday October 29 2015, @11:42PM   Printer-friendly
from the we-brought-you-java dept.

Phoenix666 writes:

Oracle insists it really is going to sell computers powered by Sparc M7 processors – the same chips it started talking about in 2014.

On Monday, Big Red breathlessly unveiled hardware powered by the beefy microprocessor, and on Tuesday, its supremo Larry Ellison lauded the 64-bit CPU's security defenses.

One of these defenses certainly caught our eye: the ability to tag regions of memory so software hijacked by hackers cannot read or write data it isn't supposed to. This should, we're told, render vulnerabilities such as Heartbleed useless to attackers – more on that in a moment.

[...] The M7 has a defense mechanism called Silicon Secured Memory (SSM) which seems incredibly similar to Oracle's Application Data Integrity (ADI) technology.

ADI works like this: when an application requests some new memory to use via malloc(), the operating system tags the block of memory with a version number, and gives the app a pointer to that memory. The pointer also contains the version number, which is stashed in the top four bits. (A 64-bit pointer doesn't use all 64 bits: the most significant bits are usually all 1s or 0s, and can be used to store metadata.)

Whenever a pointer is used to access a block of memory, the pointer's version number must match the memory block's version number, or an exception will be triggered. The version numbers are checked in real-time by the processor with a tiny overhead – an extra one percent of execution time, according to Oracle's benchmarks.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Larry Thinks Oracle's M7 Chip is Hacker-Proof – But You May Have a 1-in-16 Chance of Cracking It | Log In/Create an Account | Top | 46 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Friday October 30 2015, @12:31AM

    by Anonymous Coward on Friday October 30 2015, @12:31AM (#256291)

    >"That's like saying that adding an additional digit to a pin gives folks a 1 in 10 chance of cracking it."

    Not really - in this case, there are only 16 tags, while a 4-digit PIN has ten thousand possible values. So it is like saying that using a PIN leaves you with a 1 in 10000 chance of cracking it. In fact, it may be less of an impediment. If the user can change the tag with impunity, then it would take an average of eight times as many tries to get access to another process's memory, compared to not using this system.

  • (Score: 1) by Francis on Friday October 30 2015, @12:37AM

    by Francis (5544) on Friday October 30 2015, @12:37AM (#256293)

    Yes, but this is in addition to the other stuff. The attacker would have to know where the memory they want to overwrite ore access is and then they'd have to worry about predicting what the color of the region is and whether or not they can access it.

    It is an additional 1/16 reduction of chance of cracking it if there's no way of manipulating the tags to ensure that you get the flavor you're expecting. If you can do manipulate it to ensure you get the one you want, then the 1/16 is equally wrong for a different reason.

    • (Score: 2) by TheRaven on Friday October 30 2015, @09:45AM

      by TheRaven (270) on Friday October 30 2015, @09:45AM (#256398) Journal
      There are existing attacks that will give you the other bits. The usual threat model for this kind of thing is that an attacker can read all of memory and can write in a specific place.
      --
      sudo mod me up