Abstract: Techniques are disclosed for context-aware monitoring of the system memory to provide system integrity. An example methodology implementing the techniques includes determining a type of operating system (OS) that is loaded on system memory, examining contents of at least one system memory page, and assigning at least one tag to the at least one system memory page based on the determined type of OS and the examination of the contents of the at least one system memory page. The at least one tag indicates the characteristics of the contents of the at least one system memory page.

Abstract: An integrated circuit, comprising: a volatile memory module configured to store a cryptographic key; a capacitor array for providing power to the volatile memory module; and a power switching logic arranged to connect and disconnect the memory module from the capacitor array, the power switching logic being configured to operate in at least one of a first operating mode and a second operating mode, wherein, when the power switching logic operates in the first operating mode, the power switching logic is configured to disconnect the capacitor array from the volatile memory module in response to detecting a change of state of a break line, and, when the power switching logic operates in the second operating mode, the power switching logic is configured to disconnect the capacitor array from the volatile memory module in response to detecting that a voltage at a connection terminal of the integrated circuit exceeds a threshold.

Abstract: A method for use in a computing system, comprising: storing, in a random-access memory, a working copy of a data item, the working copy of the data item being stored in the random-access memory by a first processor; registering, with a second processor, a respective address in the random-access memory where the working copy of the data item is stored; and correcting, by the second processor, any modifications to the working copy of the data item that are made after the working copy of the data item is stored in the random-access memory, the modifications being corrected in parallel with the first processor executing software based on the working copy of the data item.

Abstract: A system for data protection includes a computing device comprising a processor, a Hardware Root of Trust (HRoT) module and a storage device. The HRoT device is configured to: validate integrity of the computing device; authenticate the computing device to communicate with the storage device; and take over control of storage device access and behaviour whenever suspicious or unauthorized data access from local or remote computing devices is detected. The HRoT device is further configured to, in response to detecting a security risk to at least one of the computing device and the storage device, block communication of the storage device.

Abstract: A method for use in a computing system, comprising: storing, in a random-access memory, a working copy of a data item, the working copy of the data item being stored in the random-access memory by a first processor; registering, with a second processor, a respective address in the random-access memory where the working copy of the data item is stored; and correcting, by the second processor, any modifications to the working copy of the data item that are made after the working copy of the data item is stored in the random-access memory, the modifications being corrected in parallel with the first processor executing software based on the working copy of the data item.

Abstract: Techniques are disclosed for context-aware monitoring of the system memory to provide system integrity. An example methodology implementing the techniques includes determining a type of operating system (OS) that is loaded on system memory, examining contents of at least one system memory page, and assigning at least one tag to the at least one system memory page based on the determined type of OS and the examination of the contents of the at least one system memory page. The at least one tag indicates the characteristics of the contents of the at least one system memory page.

Abstract: An integrated circuit, comprising: a volatile memory module configured to store a cryptographic key; a capacitor array for providing power to the volatile memory module; and a power switching logic arranged to connect and disconnect the memory module from the capacitor array, the power switching logic being configured to operate in at least one of a first operating mode and a second operating mode, wherein, when the power switching logic operates in the first operating mode, the power switching logic is configured to disconnect the capacitor array from the volatile memory module in response to detecting a change of state of a break line, and, when the power switching logic operates in the second operating mode, the power switching logic is configured to disconnect the capacitor array from the volatile memory module in response to detecting that a voltage at a connection terminal of the integrated circuit exceeds a threshold.

Abstract: The concepts, systems and methods described herein are directed towards a method running on a security device. The method is provided to including: executing a first secure boot code from a first memory by one of a plurality of cores of a processor, wherein the plurality of cores runs in a secure world; executing a first-stage boot loader (FSBL) from a second memory; executing a security monitoring application to validate the security device; in response to the security device being validated, switching some of the plurality of cores from the secure world to a normal world, wherein at least one of the plurality of cores remains in the secure world to communicate with the security monitoring application; executing a second-stage boot loader (SSBL); and monitoring, via the security monitoring application, status of the security device and communications between the security device and at least one external system.

Abstract: A system for data protection includes a computing device comprising a processor, a Hardware Root of Trust (HRoT) module and a storage device. The HRoT device is configured to: validate integrity of the computing device; authenticate the computing device to communicate with the storage device; and take over control of storage device access and behaviour whenever suspicious or unauthorized data access from local or remote computing devices is detected. The HRoT device is further configured to, in response to detecting a security risk to at least one of the computing device and the storage device, block communication of the storage device.

Abstract: The concepts, systems and methods described herein are directed towards a method running on a security device. The method is provided to including: executing a first secure boot code from a first memory by one of a plurality of cores of a processor, wherein the plurality of cores runs in a secure world; executing a first-stage boot loader (FSBL) from a second memory; executing a security monitoring application to validate the security device; in response to the security device being validated, switching some of the plurality of cores from the secure world to a normal world, wherein at least one of the plurality of cores remains in the secure world to communicate with the security monitoring application; executing a second-stage boot loader (SSBL); and monitoring, via the security monitoring application, status of the security device and communications between the security device and at least one external system.