Abstract: Disclosed are methods, systems, devices, media, circuits, and other implementations, including a method that includes generating for a code block of a process executing on a controller-based device one or more code block copies defined in a virtual address space of the controller-based device, with the code block of the process being stored in a particular segment of a physical address space of the controller-based device, and with the code block configured to separately map to each of the one or more of the code block copies in the virtual address space. The method further includes processing at least a portion of one of the one or more code block copies defined in the virtual address space when the corresponding code block of the process is to be processed.

Abstract: Disclosed are devices, systems, apparatus, methods, products, and other implementations, including a method that includes determining whether an operation to access a memory location containing executable code comprises a general-purpose memory access operation, and changing content of the memory location in response to a determination that the operation to access the memory location containing the executable code comprises the general-purpose memory access operation to the memory location.

Abstract: Disclosed are methods, systems, devices, circuits. and other implementations, including a method for error identification and correction that includes obtaining from a memory device coded input data, the coded input data previously encoded by multiplying a source data element by a pre-determined multiplier, and stored in the memory device, and performing a decoding operation on the coded input data obtained from the memory device, with the decoding operation including at least a modulo operation, to derive a resultant decoded data element and a remainder portion. The method further includes determining whether the coded input data includes a corrupted portion based on a value of the remainder portion.

Abstract: Disclosed are devices, systems, apparatus, circuits, methods, products, and other implementations, including a method that includes obtaining, during execution of a process associated with a particular privilege level, data content from a memory location, and determining by a hardware-based detection circuit whether the data content matches at least one of one or more token values, with the one or more token values stored in one or more pre-determined memory locations, and with access of any of the pre-determined one or more memory locations indicating a potential anomalous condition. The method further includes triggering, in response to a determination that the data content matches the at least one of the one or more token values, another process with a higher or same privilege level as the particular privilege level associated with the process, to handle occurrence of a potential system violation condition.

Abstract: Disclosed are devices, systems, apparatus, methods, products, and other implementations, including a method that includes determining whether an operation to access a memory location containing executable code comprises a general-purpose memory access operation, and changing content of the memory location in response to a determination that the operation to access the memory location containing the executable code comprises the general-purpose memory access operation to the memory location.

Abstract: Disclosed are methods, systems, devices, media, circuits, and other implementations, including a method that includes generating for a code block of a process executing on a controller-based device one or more code block copies defined in a virtual address space of the controller-based device, with the code block of the process being stored in a particular segment of a physical address space of the controller-based device, and with the code block configured to separately map to each of the one or more of the code block copies in the virtual address space. The method further includes processing at least a portion of one of the one or more code block copies defined in the virtual address space when the corresponding code block of the process is to be processed.

Abstract: Disclosed are devices, systems, apparatus, methods, products, and other implementations, including a method that includes determining whether an operation to access a memory location containing executable code comprises a general-purpose memory access operation, and changing content of the memory location in response to a determination that the operation to access the memory location containing the executable code comprises the general-purpose memory access operation to the memory location.

Abstract: Disclosed are devices, methods, systems, media, and other implementations that include a method comprising accessing during execution of a process a memory element, determining whether data stored in the accessed memory element includes security data representative of locations that, if accessed, indicate a potential system violation condition, determining, in response to a determination that the accessed memory element includes the security data, whether execution of the process involves access of one or more memory locations in the accessed memory element containing the security data, and performing one or more remedial actions in response to a determination that the one or more memory locations in the memory element containing the security data are being accessed.

Abstract: Disclosed are devices, systems, apparatus, methods, products, media and other implementations, including a method that includes triggering a beacon circuit combined with a hardware-based protection module, included within a hardware device, the hardware-based protection module configured to provide protection against malicious implementations within the hardware device, with the beacon circuit being configured to provide a beacon output when triggered. The method further includes determining based on the beacon output provided by the triggered beacon circuit whether the hardware device includes at least one malicious implementation.

Abstract: Disclosed are devices, systems, apparatus, circuits, methods, products, and other implementations, including a method that includes obtaining, during execution of a process associated with a particular privilege level, data content from a memory location, and determining by a hardware-based detection circuit whether the data content matches at least one of one or more token values, with the one or more token values stored in one or more pre-determined memory locations, and with access of any of the pre-determined one or more memory locations indicating a potential anomalous condition. The method further includes triggering, in response to a determination that the data content matches the at least one of the one or more token values, another process with a higher or same privilege level as the particular privilege level associated with the process, to handle occurrence of a potential system violation condition.

Abstract: Disclosed are devices, systems, apparatus, methods, products, media, and other implementations, including a method that includes generating for a code segment of a first process an instruction dependency graph representative of behavior of the first process, obtaining respective one or more instruction dependency graphs representative of behaviors of code segments for one or more other processes, and determining, based on the first instruction dependency graph for the first process and the respective one or more instruction dependency graphs for the one or more other processes, a level of similarity between the first process and at least one of the one or more other processes.

Abstract: Disclosed are devices, systems, apparatus, methods, products, and other implementations, including a method that includes causing at least one reset for one or more components of a cyber-physical system, the cyber-physical system including a mechanical apparatus with at least one of a mechanical input or a mechanical output, and at least one controller to control operations of at least one of the mechanical apparatus and inhibit computing-based attacks on the cyber-physical system. The method further includes determining, upon resumption of operation of the cyber-physical system following the at least one reset, a post-reset state of the one or more components of the cyber-physical system based, at least in part, on mechanical attributes of the mechanical apparatus following the at least one reset resulting from inertia of the mechanical apparatus during the at least one reset.

Abstract: Disclosed are devices, systems, apparatus, methods, products, media and other implementations, including a method that includes triggering a beacon circuit combined with a hardware-based protection module, included within a hardware device, the hardware-based protection module configured to provide protection against malicious implementations within the hardware device, with the beacon circuit being configured to provide a beacon output when triggered. The method further includes determining based on the beacon output provided by the triggered beacon circuit whether the hardware device includes at least one malicious implementation.

Abstract: Disclosed are devices, systems, apparatus, methods, products, and other implementations, including a method that includes receiving a block of information from non-processor memory at an interface between the non-processor memory and processor memory comprising two or more processor memory levels, determining whether the block of information received from the non-processor memory at the interface corresponds to encrypted instruction code, and decrypting the block of information at the interface between the non-processor memory and the processor memory for storage in one of the two or more levels of the processor memory in response to a determination that the received block of information corresponds to the encrypted instruction code. The block of information is stored at the one of the two or more levels of the processor memory without being decrypted when the received block of information is determined to correspond to data.

Abstract: Disclosed are devices, systems, apparatus, methods, products, media and other implementations, including a method that includes obtaining hardware-based micro-architectural data, including hardware-based micro-architectural counter data, for a hardware device executing one or more processes, and determining based, at least in part, on the hardware-based micro-architectural data whether at least one of the one or more processes executing on the hardware device corresponds to a malicious process. In some embodiments, determining based on the hardware-based micro-architectural data whether the at least one of the one or more processes corresponds to a malicious process may include applying one or more machine-learning procedures to the hardware-based micro-architectural data to determine whether the at least one of the one or more processes corresponds to the malicious process.

Abstract: Disclosed are devices, systems, apparatus, methods, products, media and other implementations, including a method that includes obtaining current hardware performance data, including hardware performance counter data, for a hardware device executing a first process associated with pre-recorded hardware performance data representative of the first process' normal behavior, and determining whether a malicious process is affecting performance of the first process based on a determination of an extent of deviation of the obtained current hardware performance data corresponding to the first process from the pre-recorded hardware performance data representative of the normal behavior of the first process.

Abstract: Disclosed are devices, systems, apparatus, methods, products, and other implementations, including a method that includes determining whether an operation to access a memory location containing executable code comprises a general-purpose memory access operation, and changing content of the memory location in response to a determination that the operation to access the memory location containing the executable code comprises the general-purpose memory access operation to the memory location.

Abstract: Disclosed are devices, systems, apparatus, methods, products, media and other implementations, including a method that includes triggering a beacon circuit combined with a hardware-based protection module, included within a hardware device, the hardware-based protection module configured to provide protection against malicious implementations within the hardware device, with the beacon circuit being configured to provide a beacon output when triggered. The method further includes determining based on the beacon output provided by the triggered beacon circuit whether the hardware device includes at least one malicious implementation.

Abstract: Disclosed are devices, systems, apparatus, methods, products, media and other implementations, including a method that includes obtaining hardware-based micro-architectural data, including hardware-based micro-architectural counter data, for a hardware device executing one or more processes, and determining based, at least in part, on the hardware-based micro-architectural data whether at least one of the one or more processes executing on the hardware device corresponds to a malicious process. In some embodiments, determining based on the hardware-based micro-architectural data whether the at least one of the one or more processes corresponds to a malicious process may include applying one or more machine-learning procedures to the hardware-based micro-architectural data to determine whether the at least one of the one or more processes corresponds to the malicious process.

Abstract: Disclosed are devices, systems, apparatus, methods, products, media and other implementations, including a method that includes obtaining current hardware performance data, including hardware performance counter data, for a hardware device executing a first process associated with pre-recorded hardware performance data representative of the first process' normal behavior, and determining whether a malicious process is affecting performance of the first process based on a determination of an extent of deviation of the obtained current hardware performance data corresponding to the first process from the pre-recorded hardware performance data representative of the normal behavior of the first process.