Abstract: A multi-processor computer system is provided for managing physical memory domains. The system includes at least one processor having an address interface for sending a memory access message, which includes an address in physical memory and a domain identification (ID). The system also includes a physical memory portioned into a plurality of domains, where each domain includes a plurality of physical addresses. A domain mapping unit (DMU) has an interface to accept the memory access message from the processor. The DMU uses the domain ID to access a permission list, cross-reference the domain ID to a domain including addresses in physical memory, and grant the processor access to the address in response to the address being located in the domain.

Abstract: Various systems and methods can discover asymmetric logical unit (LUN) access (ALUA) preferences and/or state transitions and use those preferences and/or state transitions to control how a host accesses a LUN in an ALUA array. One such method involves detecting a preferred controller for a LUN and then detecting that a current owner controller of the LUN is not the preferred controller. In response, the method can initiate an ownership change from the current owner controller to the preferred controller. Another method involves detecting an initial state of a first controller with respect to a LUN. The method then detects a subsequent state of the first controller with respect to the LUN subsequent to detecting the initial state. The method can then cause a computing device to access the LUN via a second controller, in response to the subsequent state not being the active optimized state.

Abstract: A method and apparatus for synchronizing input/output commands is provided. An incoming command mask representing an incoming input/output command associated with a memory region is created. In response to a determination that a pending input/output command associated with the memory region is pending, a bitwise inversion operation is performed on the incoming command mask to form a modified incoming command mask. A bitwise AND operation is performed on the modified incoming command mask and the pending command mask to form a pending command locking mask associated with the pending input/output command. A bitwise OR operation is performed between an existing memory lock for a same type of commands and incoming command bit mask to form a new memory region lock.

Abstract: A data protection device includes a basic input output system chip and a main control chip. The basic input output system chip stores basic input output system program and includes a write protection pin and a plurality of status registers. The main control chip includes a plurality of general purpose input output pins. One general purpose input output pin is electrically connected to the write protection pin of the basic input output system chip, the voltage level of the general purpose input output pin is controlled by performing different command programs of the basic input output system program, and the status registers and the basic input output system chip are selectable to be in a write protection mode or a writable mode under the control of the voltage level of the write protection pin of the basic input output system chip.

Abstract: A system and method are provided for managing cache memory in a computer system. A cache controller portions a cache memory into a plurality of partitions, where each partition includes a plurality of physical cache addresses. Then, the method accepts a memory access message from the processor. The memory access message includes an address in physical memory and a domain identification (ID). A determination is made if the address in physical memory is cacheable. If cacheable, the domain ID is cross-referenced to a cache partition identified by partition bits. An index is derived from the physical memory address, and a partition index is created by combining the partition bits with the index. A processor is granted access (read or write) to an address in cache defined by partition index.

Abstract: A method for preventing subversion of address space layout randomization (ASLR) in a computing device is described. An unverified module attempting to load into an address space of memory of the computing device is intercepted. Attributes associated with the unverified module are analyzed. A determination is made, based on the analyzed attributes, whether a probability exists that the unverified module will be loaded into a number of address spaces that exceeds a threshold. The unverified module is prevented from loading into the address space if the probability exists that the unverified module will be loaded into a number of address spaces that exceeds the threshold.

Abstract: The storage section of the multifunction peripheral stores location information containing a storage location of software which transmits a control command whose execution is permissible. The execution permission judging section of the multifunction peripheral includes (I) a storage location detecting section which detects a storage location of software which has participated in a transmission of a received control command and (II) a command permitting/prohibiting section which (i) prohibits execution of the received control command when a storage location indicated by the location information is not detected by the storage location detecting section but (ii) permits execution of the received control command when the storage location is detected by the storage location detecting section.

Abstract: Various embodiments of systems and methods for variable length data protected by Seqlock are described herein. Seqlock is a special locking mechanism used in data structures for multithreaded applications that can be read very quickly, when there are no changes being made, at the cost of needing to repeat a read operation when writing has occurred. A Seqlock, in normal use, can only protect a fixed-size data structure with no pointers. This is because the writing thread may invalidate a pointer after a reading thread has followed it. The embodiments specify an algorithm where a Seqlock-protected pointer, once written, is never invalidated. This removes the “no pointers” restriction, allowing the Seqlock to protect a simple singly-linked list, which can be safely increased in size while being read by other threads. The innovation includes the use of the write-once head and next pointers, and the always valid end iterator.

Abstract: A memory managing apparatus manages a memory shared by processors. The apparatus includes an allocator, an updater and a releaser. The allocator secures a memory area in the memory allocated to each processor based on a request of each processor and registers reference counters corresponding one-to-one to the processors. The updater adds 1 to a value of the reference counter corresponding to the processor managing the memory area when the memory area is allocated to each processor and subtracts 1 from the value of the reference counter corresponding to the processor managing the memory area when the memory area is released from the processor to which the memory area is allocated. The releaser releases the memory area from the processor to which the memory area is allocated when a sum of the values of the reference counters in the memory area updated by the updater is 0.

Abstract: A working method for information security device with CF interface and working system thereof are disclosed in the invention.

Abstract: An apparatus includes a nonvolatile memory, an interface that at least receives an erase command of the nonvolatile memory, a first controller that controls the nonvolatile memory to execute data erasing on the basis of the erase command output from the interface, an external input unit which is installed independently of the interface, a second controller that controls the nonvolatile memory to execute data erasing on the basis of an erase instruction signal output from the external input unit, and a change-over circuit that switches between connection of the first controller with the nonvolatile memory and connection of the second controller with the nonvolatile memory, wherein the second controller controls the nonvolatile memory to execute data erasing on the basis of the erase instruction when the connection of the second controller with the nonvolatile memory is established by the change-over circuit.

Abstract: A method and device for loading and executing a plurality of instructions in an avionics system including a processor including at least two cores and a memory controller, each of the cores including a private memory. The plurality of instructions is loaded and executed by execution slots such that, during a first execution slot, a first core has access to the memory controller for transmitting at least one piece of data stored in the private memory thereof and for receiving and storing at least one datum and an instruction from the plurality of instructions in the private memory thereof, while the second core does not have access to the memory controller and executes at least one instruction previously stored in the private memory thereof and such that, during a second execution slot, the roles of the two cores are reversed.

Abstract: A computing device comprises: a memory; a processor; an interpreter; and a Memory Management Unit. The interpreter is for controlling the processor to execute a program comprising at least one first instruction in a format that is not native to the processor and at least one second instruction in machine code that is native to the processor. The Memory Management Unit is adapted to control access by the processor to the memory and possibly also to peripherals when the at least one second instruction is executed.

Abstract: A method and apparatus for controlling traffic of multiprocessor system or multi-core system is provided. The traffic control apparatus of a multiprocessor system according to the present invention includes a request handler for processing a traffic request of a first processor, and a Quality of Service (QoS) manager for receiving a QoS guaranty start instruction for a second processor from the multiprocessor system, and for transmitting, when traffic of the second processor is detected, a traffic adjustment signal to the request handler. The request handler adjusts the traffic of the first processor according to the received traffic adjustment signal. The traffic control method and apparatus of the present invention is capable of adjusting the required bandwidths of individual technologies and guaranteeing the real-timeness in the multiprocessor system or multi-core system.

Abstract: This invention provides a request controlling apparatus, processor and method. The request controlling apparatus is connected to a request storage unit and includes: a queue unit storing flag recording region configured to record a storing flag corresponding to a queue unit in the request storage unit, a comparing means configured to judge whether a incoming first queue unit corresponds to a same message as an already existing queue unit, where the already existing queue unit is in the request storage unit and a flag setting means is configured to set the storing flag corresponding to the already existing queue unit in the queue unit storing flag recording region, to indicate that a message state related to the already existing queue unit will not be stored if the first queue unit corresponds to the same message as in the already existing queue unit.

Abstract: A data processing system 2 including processing circuitry 4 operating in either a first mode or a second mode. Page table data 30 including access control bits 40, 42, is used to control permissions for memory access to memory pages. In the first mode, the access control bits include at least one instance of a redundant encoding. In the second mode, the redundant encoding is removed to provide more efficient use of the access control bit encoding space.

Abstract: A system that uses segmentation to safely execute native code. This system includes a processing element that executes the native code and a memory which stores code and data for the processing element. The processing element includes a segmentation mechanism which limits the native code executing on the processing element to accessing a specified segment of memory. The processing element also includes an instruction-processing unit, which is configured to execute a user-level instruction that causes the segmentation mechanism to limit memory accesses by the native code to the specified segment of the memory.

Abstract: In one embodiment, the present invention includes a method for determining whether an address map of a system includes support for a read only region of system memory, and if so configuring the region and storing protected data in the region. This data, at least some of which can be readable in both trusted and untrusted modes, can be accessed from the read only region during execution of untrusted code. Other embodiments are described and claimed.

Abstract: In one embodiment, a peripheral controller coupled to a processor can include a storage controller. This storage controller can control access to a non-volatile storage coupled to the peripheral controller. The storage may include both secure and open partitions, and the storage controller can enable access to the secure partition only when the processor is in a secure mode. In turn, during unsecure operation such as third party code execution, visibility of the secure partition can be prevented. Other embodiments are described and claimed.

Abstract: A method for protecting at least first data of a non-volatile memory from which the extraction of this first data is triggered by the reading or the writing, by a processor from or into the memory, of second data independent from the first data, said first data being provided to a circuit which the processor cannot access.

Abstract: A memory device includes an on-board processing system that facilitates the ability of the memory device to interface with a plurality of processors operating in a parallel processing manner. The processing system includes circuitry that performs processing functions on data stored in the memory device in an indivisible manner. More particularly, the system reads data from a bank of memory cells or cache memory, performs a logic function on the data to produce results data, and writes the results data back to the bank or the cache memory. The logic function may be a Boolean logic function or some other logic function.

Abstract: Bulk data transfers by directly accessing a persistent and secured area on the data storage device, e.g., a disk drive having a magnetic storage medium, without relying on the system operating system to execute its read/write operations. For a disk drive, the Protected Area Run Time Interface Extension (PARTIES) technology is applied to create and organize a secured sub-area within a secured storage area. The secured sub-area is a data buffer to and from which large data file transfers can be made with data authenticity and confidentiality. Since this new secured sub-area is not organized and protected by the operating system, it is inherently protected from attack by viruses or Trojan horse software whose effectiveness depends on their ability to maliciously direct the operating system. In addition, the read/write operations bypass command payload limits while reducing data and command validation costs.

Abstract: A method for providing hardware support for memory protection and virtual memory address translation for a virtual machine. The method includes executing a host machine application within a host machine context and executing a virtual machine application within a virtual machine context. A plurality of TLB (translation look aside buffer) entries for the virtual machine context and the host machine context are stored within a TLB. Memory protection bits for the plurality of TLB entries are logically combined to enforce memory protection on the virtual machine application.

Abstract: A multiprocessor computer system comprises a plurality of processors and a plurality of nodes, each node comprising one or more processors. A local memory in each of the plurality of nodes is coupled to the processors in each node, and a hardware firewall comprising a part of one or more of the nodes is operable to prevent a write from an unauthorized processor from writing to the local memory.

Abstract: A storage device for storing data includes a device configured to store data read or written by a host, a command storage unit configured to store commands transmitted by the host to acquire information relating to the device, a command acquisition unit configured to acquire commands issued to the device when the host requests access to the data stored in the device, and an access determination unit configured to permit the access, if the commands acquired by the command acquisition unit have been stored in the command storage unit.

Abstract: A data processing apparatus uses a characteristic where an OS or an application program divides a file in units of cluster and writes information when information is written in an HDD and changes (redirect) a writing place in the units of cluster, thereby classifying and storing confidential information with a small consumption amount of the HDD. Therefore, the present invention provides a data processing apparatus that can classify and store confidential information and normal information with a small consumption amount of the HDD.

Abstract: A software transactional memory (STM) system allows the composition of traditional lock based synchronization with transactions in STM code. The STM system acquires each traditional lock the first time that a corresponding traditional lock acquire is encountered inside a transaction and defers all traditional lock releases until a top level transaction in a transaction nest commits or aborts. The STM system maintains state information associated with traditional lock operations in transactions and uses the state information to eliminate deferred traditional lock operations that are redundant. The STM system integrates with systems that implement garbage collection.

Abstract: A processing device executing an application receives a user command to update a specified writeable property of the application. The processing device determines whether the specified writeable property has metadata that distinguishes the specified writeable property as a user updateable property. In one embodiment, this is determined by using a reflection mechanism to examine metadata of the specified writeable property. In another embodiment, this is determined by examining a dynamic changeable properties list that was created and populated at runtime of the application. If the specified writeable property has the metadata that distinguishes the specified writeable property as a user updateable property, the processing device updates the specified writeable property in accordance with the user command.

Abstract: A method for unidirectional communication between tasks includes providing a first task having access to an amount of virtual memory, blocking a communication channel portion of said first task's virtual memory, such that the first task cannot access said portion, providing a second task, having access to an amount of virtual memory equivalent to the first task's virtual memory, wherein a communication channel portion of the second task's virtual memory corresponding to the blocked portion of the first task's virtual memory is marked as writable, transferring the communication channel memory of the second task to the first task, and unblocking the communication channel memory of the first task.

Abstract: A method for securing electronic device processes against attacks (e.g. side channel attacks) during the processing of sensitive and/or confidential data by a Central Processing Unit (CPU) to the volatile memory (e.g. RAM) of an electronic device such as, for example, a smart card, a PDA or a cellular phone is described herein. The method involves the storage of the confidential data to a dynamically and randomly assigned memory location, thereby rendering more difficult the analysis and subsequently the attacks (e.g. side channel attacks).

Abstract: A method and system are provided in which a broadband gateway may handle at least one physical layer connection to at least one corresponding network access service provider. The broadband gateway may receive content comprising an application through the at least one network access service provider and may store the content in a first portion of a memory. A software agent may be utilized to request the content and/or to store the received content in the first portion of the memory. The broadband gateway may execute the application after access by the application to a second portion of the memory is disabled. After the execution of the application is completed, access to the second portion of the memory may be enabled. In some instances, the application may be verified to determine whether it is secure for utilization and/or distribution. When verification fails, the application may be deleted.

Abstract: Example embodiments relate to initiation of storage device scans based on a record of existing scans of the storage device. In particular, example embodiments include a mechanism that maintains a record of existing scans of the storage device including an entry for each scan initiated by one of a plurality of scanning processes. In some embodiments, the record of existing scans may then be accessed in determining whether to initiate or permit initiation of a new scan.

Abstract: In-system programming to switch memory access from one area to another in memory cards is disclosed. A command to access a first area of a memory card is received. Access is switched from the first area of the memory card to a second area of the memory card if specified data follows the received command allowing for the memory access switch.

Abstract: A method is implemented in a computer infrastructure having computer executable code tangibly embodied on a computer readable storage medium having programming instructions. The programming instructions are operable to optimize data ramanence over hybrid disk clusters using various storage technologies. The programming instructions are operable to determine one or more data storage technologies accessible by a file system. The programming instructions are operable to determine secure delete rules for each of the one or more storage technologies accessible by the file system. The secure delete rules include a number of overwrites required for data to be securely deleted from each of the one or more storage technologies. The programming instructions are operable to provide the secure delete rules to the file system upon a request for deletion of data for each of the one or more storage technologies a specific amount of times germane to secure delete data from the one or more storage technologies.

Abstract: A memory system is disclosed. The memory system includes a memory device, a first control unit, and a second control unit. The memory device is utilized for storing data. The first control unit is coupled to the memory device for prohibiting a data writing process performed on the memory device during a writing protection period. The second control unit is coupled to the memory device for allowing the data writing process to be performed in the memory device according to a writing period after the writing protection period, wherein the writing period is related to the data writing process.

Abstract: Embodiments of the invention are generally directed to systems, methods, devices, and machine-readable mediums for implementing gesture-based signature authentication. In one embodiment, a method may involve generating a data protection policy from an un-trusted software environment to govern access to protected data stored in memory in the local computer system. Then the method maps the data protection policy to an enforceable system-level data protection policy managed by an Information Flow and Tracking Protection (IFTP) logic. Next, the method flags the first memory page containing the protected data. Finally, the method enforces the generated data protection policy for the first memory page containing the protected data using the IFTP logic and the enforceable system-level data protection policy.

Abstract: A system and method for locking and unlocking access to a shared memory for atomic operations provides immediate feedback indicating whether or not the lock was successful. Read data is returned to the requestor with the lock status. The lock status may be changed concurrently when locking during a read or unlocking during a write. Therefore, it is not necessary to check the lock status as a separate transaction prior to or during a read-modify-write operation. Additionally, a lock or unlock may be explicitly specified for each atomic memory operation. Therefore, lock operations are not performed for operations that do not modify the contents of a memory location.

Abstract: An improved integrated circuit is provided to facilitate communication between a microprocessor and a non-volatile memory. The integrated circuit comprises at least one lock status register, at least one control register and a memory controller. The lock status register comprises a plurality of lock status bits representing whether or not a corresponding unit of storage in the volatile memory has been locked. The control register stores configurable control information for the memory controller, including sizing information defining the size of the unit of storage. The memory controller is configured to receive a modification request to modify data in the non-volatile memory; determine a target unit of storage in the non-volatile memory based on a target memory address associated with the modification request; determine from the lock status register whether the target unit of storage has been locked; and implement the modification request only if the target unit storage has not been locked.

Abstract: Technology is described for malware investigation by analyzing computer memory in a computing device. The method can include performing static analysis on code for a software environment to form an extended type graph. A raw memory snapshot of the computer memory can be obtained at runtime. The raw memory snapshot may include the software environment executing on the computing device. Dynamic data structures can be found in the raw memory snapshot using the extended type graph to form an object graph. An authorized memory area can be defined having executable code, static data structures, and dynamic data structures. Implicit and explicit function pointers can be identified. The function pointers can be checked to validate that the function pointers reference a valid memory location in the authorized memory area and whether the computer memory is uncompromised.

Abstract: A memory device is provided including: a storage section configured to store a content with a time limit for use; an elapsed time counting section configured to count the time limit; a battery section configured to be supplied with power from an external device accessing the time-limited content so as to be charged with power for operating the elapsed time counting section; and a control section configured to include a function of determining an expected time period during which the battery section can sustain the elapsed time counting section operating to count the time limit.

Abstract: A method for providing hardware support for memory protection and virtual memory address translation for a virtual machine. The method includes executing a host machine application within a host machine context and executing a virtual machine application within a virtual machine context. A plurality of TLB (translation look aside buffer) entries for the virtual machine context and the host machine context are stored within a TLB. Memory protection bits for the plurality of TLB entries are logically combined to enforce memory protection on the virtual machine application.

Abstract: A register having a security function is provided. The register includes: a write security unit and a storage unit. The write security unit outputs a first control signal to control whether a write operation is permissible, in response to a write signal, an address signal, and a write permission signal. The storage unit writes and stores input data, in response to the first control signal. The write permission signal is received from an external source and indicates whether to protect the written data.

Abstract: A computer-readable storage medium stores a program for causing a processor to perform a process including: acquiring a first address that specifies a start address of a first area on the main memory where a target data to be cached is stored and range information that specifies a size of the first area on the main memory; converting the first address into a second address that specifies a start address of a second area on the local memory, the second area having a one-to-n correspondence (n=positive integer) to a part of a bit string of the first address; copying the target data stored in the first area specified by the first address and the range information onto the second area specified by the second address and the range information; and storing the second address to allow accessing the target data copied onto the local memory.

Abstract: Methods and systems for processing multi-stage programming (MSP) bits within one-time-programmable (OTP) memory are disclosed herein. Aspects of the method may comprise determining whether at least one MSP memory bit in the OTP memory is programmed and whether a register bit associated with said at least one MSP memory bit is asserted. If the register bit is deasserted and the MSP memory bit is unprogrammed, the MSP memory bit may be programmed. The register bit in the OTP memory may be associated with the MSP memory bit. The MSP memory bit may be programmed to logic zero or logic one. If the register bit associated with the MSP memory bit is asserted, programming of the MSP memory bit may be blocked. The register bit associated with the MSP memory bit may be reset and it may be determined whether the MSP memory bit is accessed.

Abstract: A system, method, and computer program product for handling shared cache lines to allow forward progress among processors in a multi-processor environment is provided. A counter and a threshold are provided a processor of the multi-processor environment, such that the counter is incremented for every exclusive cross interrogate (XI) reject that is followed by an instruction completion, and reset on an exclusive XI acknowledgement. If the XI reject counter reaches a preset threshold value, the processor's pipeline is drained by blocking instruction issue and prefetching attempts, creating a window for an exclusive XI from another processor to be honored, after which normal instruction processing is resumed. Configuring the preset threshold value as a programmable value allows for fine-tuning of system performance.

Abstract: A memory device comprises a memory array, a status register, a status-register write-protect bit and a security register. The memory array contains a number of memory blocks. The status register includes at least one protection bit indicative of a protection status of at least one corresponding block of the memory blocks. The status-register write-protect bit is coupled with the status register for preventing a state change of the at least one protection bit. The security register includes at least one register-protection bit for preventing the state change in one of the at least one protection bit of the status register and the status-register write-protect bit.

Abstract: According to one embodiment, there is provided a semiconductor memory system including a controller and a memory unit. The controller includes a generation unit, an association unit, a retaining unit, an encoding/decoding unit, and a determination unit. When the access request information is managed, the encoding/decoding unit performs, without generating an obfuscation information by the generation unit, an encoding processing or a decoding processing by using the obfuscation information retained in the retaining unit. And when the access request information is not managed, the encoding/decoding unit performs, after the generation unit generates obfuscation information based on the access request information, the encoding processing or the decoding processing.

Abstract: A semiconductor memory device includes a controller module as well as a universal interface module and a semiconductor memory medium module, which are connected electrically with the controller module respectively. The device also includes a one-time programmable memory, which stores a unique serial number. This one-time programmable memory is provided within the controller module or the semiconductor memory medium module. The number sequence of the unique serial number contained in each of the semiconductor memory device is different from that of another semiconductor memory device. While providing a mobile data storage function, this invention adopts a security technology to prevent from illegal data reading/writing. This increases significantly the difficulty in decrypting the data of a legal user, subsequently improving the security of the stored data of the user greatly. This invention also provides a method for realizing secure data storage with this semiconductor memory device.

Abstract: A method begins with a slice server receiving a request to access a virtual digital data storage vault. The method continues by determining whether the virtual digital data storage vault is a first virtual digital data storage vault or a second virtual digital data storage vault. The slice server supports a portion of each of the first and the second virtual digital data storage vaults. When the virtual digital data storage vault is the first or the second virtual digital data storage vault, the method continues by determining whether the request is valid. When the request is valid, the method continues by executing the request to generate a response.

Abstract: Apparatus for data processing 2 is provided with processing circuitry 8 which operates in one or more secure modes 40 and one or more non-secure modes 42. When operating in a non-secure mode, one or more regions of the memory are inaccessible. A memory management unit 24 is responsive to page table data to manage accesses to the memory which includes a secure memory 22 and a non-secure memory 6. Secure mode page table data 36, 38 is used when operating in one of the secure modes. A page table entry within the hierarchy of page tables of the secure mode page table data includes a table security field 68, 72 indicating whether or not a further page table pointed to by that page table entry is stored within the secure memory 22 or the non-secure memory 6. If any of the page tables associated with a memory access are stored within the non-secure memory 6, then the memory access is marked with a table attribute bit NST indicating that the memory access should be treated as non-secure.