Ellison: New Oracle Microprocessors Can Stop Viruses In Their Tracks, Would Have 'Just Shut Them Down' Real Time
Larry Ellison, Oracle's founder, chairman and chief technology officer, introduced Tuesday a microprocessor that implements software security on the chip -- one he said would have caught in real-time the most malicious viruses of late had it been available at the time.
At the Oracle OpenWorld conference in San Francisco, Ellison said the M7 Silicon Secured Memory (SSM) microprocessor designed by Oracle is the first chip to ever validate software, in real time, allowing it to immediately catch malicious code.
The M7 is made possible by a technology that's "deceptively simple," Ellison said, but it delivers a state-of-the-art breakthrough in securing applications, something sorely needed in today's market.
[Related: Oracle CTO Ellison: 'We No Longer Pay Any Attention' To IBM, SAP]
"The interesting thing about security, we need much better security, we need next-generation security," Ellison told OpenWorld attendees.
To introduce the chip, Ellison discussed the current shortcomings in the battle against cyberattackers, and two rules of thumb that encouraged the software giant to push security down to the level of silicon.
"We have to rethink how we deliver technology, especially as vast amounts of data are moving to the cloud," Ellison said.
The first rule of thumb is that database security is better than application security. That way, "every application that uses the database inherits the encryption capabilities," he said.
The more general statement of that rule is that security features should always be pushed as low in the stack as possible -- down from application to database, to operating system to virtual machine, to physical server to silicon processor.
The second rule of thumb is that security features should always be on.
"That means no on-and-off button. No choice," Ellison said. "There should be no way to turn off encryption. The only way you should be able to operate is with encryption on."
The very idea of having an encryption switch is antiquated -- a relic of a time when there was a hardware performance penalty for securing data.
Security experts are losing too many cyberbattles, whether they're confrontations between nations, or hackers against ethical technologists. What passes as state-of-the-art security today is not doing the job, he said. Tens of individual hacks on retailers have resulted in tens of millions of credit card numbers stolen.
Everything from credit cards to health records to 20 million personnel records in the U.S. government that, among other implications, forced the CIA to pull its agents from foreign embassies, have all been compromised.
For a company whose first customer was the CIA, second was the NSA, and third was military defense security, "it's been our goal for a long time to deliver a product that's highly secure," Ellison said. "But all of the things we've already done, it's not enough."
The M7 will complete that job by moving software features into the silicon, implementing always-on memory-intrusion detection that's constantly on the lookout for violations like Heartbleed or Venom, he said.
Ellison claimed that if the chips had been around at the time of those attacks, it would have discovered and stopped them -- "just shut them down in real time." M7 can catch worms and viruses on the first day they attack your data center, he said.
The technology works by assigning keys in software to 8-megabyte sectors of memory. Every time a program accesses memory, the processor checks its key -- which Oracle designates by a color scheme -- against what piece of memory the same program had already allocated.
"We make sure the pointer key matches the memory lock. That's all done by the hardware. It's that simple," Ellison said.
And if a rogue program tries to access memory belonging to another, the hardware immediately detects the mismatch and raises a signal.
The technology can safeguard a cloud data center even if it's only running on a small fraction of servers, Ellison said. When an assault begins, it just needs to hit one M7 SSM to alert administrators they're under attack.
Oracle Linux can even patch the bug with zero downtime, he said.
Ellison also used his keynote as an opportunity to make the claim that Oracle's dedicated compute (single tenant infrastructure) costs half the price Amazon Web Services charges for its EC2 multi-tenant compute service.
Oracle's general policy is to match Amazon on pricing infrastructure, the CTO said, but occasionally, when technology allows, "we will be aggressive and beat their prices."
That's what Oracle did with its archival storage, which Ellison said is priced at a 10th of the cost of Amazon's cold storage solution.
"Again, we think we have a technology advantage," Ellison said, which allows for the cost savings.
Finally, Ellison revealed the latest of Oracle's Engineered Systems -- the aptly named Oracle Private Cloud Machine for PaaS & IaaS.
"You know exactly what it does if you know the name," Ellison said. "We have half the reference manual in the name itself."
Customers want their public cloud environments to be as compatible with their private cloud data centers as possible, he said.
The new machine is "like we took a piece out of the cloud and lifted it up and put in your data center," Ellison said. "It's identical to what we're running in our data center" with the exact same performance, same security and 100 percent compatibility.
As the IT world enters a long period of co-existence between on-premise and cloud assets, such a system will make it easier than ever to move data and workloads back and forth, even when a database or application is running.
"This is one example, but you'll see more of our strategy which is hardware-software engineered to work together, on-prem and in the cloud," Ellison said.
PUBLISHED OCT. 27, 2015