Abstract: Described herein are articles, systems, and methods for using a storage controller to protect secure data blocks through the enforcement of a read only policy. In some embodiments, the articles use a combination of hardware protections and software protections (e.g., virtualization) to protect a system against attack from malware while such secure data is updated. Also described are systems and methods for securely updating data blocks secured in this fashion, and detecting and preventing the corruption of data stored on secondary storage media using a disk eventing mechanism.

Abstract: Techniques for a data storage device to locally implement security management functionality. In an embodiment, a security management process of the data storage device is to determine whether an access to non-volatile media of the data storage device is authorized. In certain embodiments, the data storage device is to restrict access to a secure region of the non-volatile storage media, the secure region to store information used and/or generated by a security management process of the data storage device.

Abstract: Described herein are articles, systems, and methods for using a storage controller to protect secure data blocks through the enforcement of a read only policy. In some embodiments, the articles use a combination of hardware protections and software protections (e.g., virtualization) to protect a system against attack from malware while such secure data is updated. Also described are systems and methods for securely updating data blocks secured in this fashion, and detecting and preventing the corruption of data stored on secondary storage media using a disk eventing mechanism.

Abstract: A high integrity storage manager protects critical system files by maintaining a list of protected disk blocks in hardware, such as in a memory of a microcontroller. The memory is inaccessible to software running on a host system comprising the microcontroller. This list of protected disk blocks is protected as “read only” by the hardware so that no write operation issued by software running on the host platform can overwrite a protected disk block. The high integrity storage manager intercepts write operations issued by applications via the operating system and file system running on the host processor and compares the disk blocks targeted by those write operations to the list of protected disk blocks. A write operation that would overwrite a disk block in the list of protected disk blocks is prevented from completion. Other embodiments are described and claimed.

Abstract: Techniques for a data storage device to locally implement security management functionality. In an embodiment, a security management process of the data storage device is to determine whether an access to non-volatile media of the data storage device is authorized. In certain embodiments, the data storage device is to restrict access to a secure region of the non-volatile storage media, the secure region to store information used and/or generated by a security management process of the data storage device.

Abstract: A high integrity storage manager protects critical system files by maintaining a list of protected disk blocks in hardware, such as in a memory of a microcontroller. The memory is inaccessible to software running on a host system comprising the microcontroller. This list of protected disk blocks is protected as “read only” by the hardware so that no write operation issued by software running on the host platform can overwrite a protected disk block. The high integrity storage manager intercepts write operations issued by applications via the operating system and file system running on the host processor and compares the disk blocks targeted by those write operations to the list of protected disk blocks. A write operation that would overwrite a disk block in the list of protected disk blocks is prevented from completion. Other embodiments are described and claimed.

Abstract: A system and method for providing fault tolerant applications that are independent of the underlying operating system and hardware system and without the need for application-specific customization. The work units of an application to be made fault tolerant are registered, procedures of the application are defined by a sequence of work units to be executed, and input events and responses are defined. An active FT engine and a standby FT engine are provided to control execution of an active copy of the application and execution of the standby copy of the application, respectively. The FT engines allows the active copy and the standby copy of the application to be synchronized with respect to their internal state information in a lock-step execution of the work units in sequence.