Abstract: Embodiments of apparatuses, articles, methods, and systems for associating identifiers with memory locations for controlling memory accesses are generally described herein. Other embodiments may be described and claimed.

Abstract: In response to an attempt to execute an instruction to specify memory type, deciding if the instruction was attempted by a registered program.

Abstract: Registering a first program operable to access a first address of a first protected region of memory in a registry and in response to a second program making a request to access a second address of a second protected region of memory, deciding whether the second program is registered in the registry; if the second program is registered, translating the second address to a physical address; checking the validity of a control register associated with a page table and if the control register is valid, relaxing a restriction on access to a field in a page table associated with the second address.

Abstract: The present disclosure relates to providing a remediation scheme for a compromised system and, more specifically, to providing a memory filtration scheme using an isolated partition within a system.

Abstract: Provided are a method, system, program and device for maintaining shadow page tables in a sequestered memory region. A first processor executing an application invokes a second processor to create a shadow page table used for address translation for the application in a sequestered memory region non-alterable by processes controlled by an operating system executed by the first processor. The shadow page table references at least one page in an operating system memory region accessible to processes controlled by the operating system.

Abstract: Systems and methods are described herein to provide for host virtual memory reconstitution. Virtual memory reconstitution is the ability to translate the host device's virtual memory addresses to the host device's physical memory addresses. The virtual memory reconstitution methods are independent of the operating system running on the host device.

Abstract: Systems and methods are described herein to provide for host virtual memory reconstitution.

Abstract: A service processor monitors the state of a physical memory and a virtual memory support circuit of a host processor. A second memory, accessible only to the service processor, stores information to permit the service processor to detect changes to pages of the physical memory. Other similar apparatus, and methods to use such apparatus, are described and claimed.

Abstract: Systems and methods are described herein to provide for secure host resource management on a computing device. Other embodiments include apparatus and system for management of one or more host device drivers from an isolated execution environment. Further embodiments include methods for querying and receiving event data from manageable resources on a host device. Further embodiments include data structures for the reporting of event data from one or more host device drivers to one or more capability modules.

Abstract: Systems and methods are described herein to provide for remote triggering of page faults.

Abstract: Embodiments of apparatuses, articles, methods, and systems for intra-partitioning components within an execution environment are generally described herein. Other embodiments may be described and claimed.

Abstract: A programming interface for Secure Socket Layer (SSL) abstracts manipulation, e.g., configuration and management, of SSL tables based upon an SSL implementation model. The SSL tables can be provided in a forwarding plane. A programming interface for server load balancing (SLB) abstracts configuration and management of SLB tables.

Abstract: “Honest” is a nice word. Sadly, some people in this world are not honest. In an increasingly wired world, dishonest people have found myriad opportunities to illicitly acquire one's confidential data, to monitor or interfere with one's networking activities, e.g., to monitor what you are doing, downloading, accessing, etc., to eavesdrop on or hijack telephony control and voice data or other protocols on your network, etc. To address such risks, typically a secured communication protocol, e.g., TLS or SSL, is utilized to protect communication. Unfortunately, TLS, SSL, and many other security environments require the underlying communication protocol to be TCP/IP, while some protocols needing communication protection, such as VoIP, RTP, SNMP, etc. only operate on UDP and not TCP/IP. Thus, a network shim or other embodiments disclosed herein may be used to allow such UDP based application programs and protocols to use security environments requiring a TCP/IP type transport.

Abstract: Disclosed is a network processor configured to provide for dynamic service provisioning. A global connector defines a topology of packet processing functions that can be dynamically ordered to provide varying functionality. The global connector may be configured before or during the operation of the network processor. Such a system allows a network processor to provide additional functionality in a relatively easy manner, without necessitating changes to the packet processing functions themselves. Such dynamic service provisioning may include dynamic topology changes, which allows a network processor to reconfigure the structure or operation of multiple processing elements of the processor.

Abstract: A method to provide high availability in network elements using distributed architectures. The method employs multiple software components that are distributed across data/forwarding plane and control plane elements in a network element. The software components in the data/forwarding plane include active and standby components. Components in the control plane are provided to communicate with the components in the data/forwarding plane. A keep-alive messaging mechanism is used to monitor operation of the various elements in the network element. Upon detection of a failure to a hardware or software component, the data/forwarding plane and/or control plane elements are reconfigured, as applicable, to replace a failed active component with a corresponding standby component. This enables the network element to be reconfigured in a manner that is transparent to other network elements, and provided high availability for the network element.

Abstract: A network element comprises a control element (CE), a plurality of forwarding element (FEs) and an interconnect in communication with said CE and at least one of said FEs. Communication across the interconnect between the CE and the plurality of FEs is done in accordance with a protocol that includes a binding phase used to provide a data channel between the CE and a first one of the FEs. The binding phase is further used to provide a control channel between the CE and the first one of the FEs, the control channel used to transport control and configuration messages. The control channel is separate from the data channel. The protocol also includes a capability discovery phase, a configuration operation phase and an unbind phase executed between the CE and the FE.

Abstract: A method of distributing processing in a network device includes defining controller and worker control plane protocol modules. The method also includes developing corresponding entries in a communications library and implementing an infrastructure module, the communication library and the controller module on a control plane. The infrastructure module, the communication library and the worker modules are implemented on a forwarding plane.