Abstract: A method for implementing an object based vulnerability model includes identifying each component in an information system and annotating such component in a database; decomposing each component into major functional objects and annotating each object in a database; identifying actions an attacker could take to modify a behavior of the functional objects in the information system and annotating such actions in a database; capturing a trust score and a trustworthiness score for each object and annotating the trust score and the trustworthiness score in the database; assessing each action on the structure, state, and inputs of each functional object to determine if an interaction exists and annotating the interaction existence in the database; and applying preventive and reactive countermeasures accordingly.

Abstract: A method for developing an information system specification includes: performing, from a design specification for an information system having a functional and structural component, an information assurance component and an anti-tamper component, a trust analysis identifying which components of the information system the information system must trust to enforce a security policy and providing a trust score; performing for each system element in the information system a trustworthiness assessment and providing a trustworthiness score; performing mitigation to reduce a trust gap as determined from the trust score and the trustworthiness score; performing a vulnerability assessment to identify residual vulnerabilities determined from the vulnerability assessment; mitigating the residual vulnerabilities by designing preventive and reactive countermeasures to reduce the number of residual vulnerabilities; designing and applying anti-tamper techniques to cyber RCPI to ensure countermeasure effectiveness; assessing

Abstract: A method, a computer program product and a memory control unit operate to store encrypted data in a memory. In response to receiving a memory write command having write data and a memory address, a determination is made if a corresponding region of the memory is specified to store encrypted data. If the corresponding region of the memory is specified to store encrypted data, the method and computer program product retrieve an encryption key predefined for use with the received memory address and retrieve a write counter associated with the write data, increment a value of the write counter, construct data so as to include at least a portion of the memory address, a current value of the write counter and a fill pattern, and apply the constructed data to a first input of an encryption algorithm and apply the retrieved encryption key to a second input of the encryption algorithm.

Abstract: An electrical circuit includes a first interface for coupling to a data processor bus; a second interface for coupling to a memory; at least one data encryption engine and storage for storing a data structure specifying, for individual ones of a plurality of partitions of the memory, whether use of the at least one encryption engine for data read operations and data write operations is enabled for the associated partition and, if it is, information descriptive of at least one input to the encryption engine for that partition, comprising information related to a plurality of counters individual ones of which count write operations to an individual one of a plurality of data units storable in that partition.