Abstract: Apparatuses, systems, and techniques for supporting fairness of multiple context sharing cryptographic hardware. An accelerator circuit includes a copy engine (CE) with AES-GCM hardware configured to perform both encryption and authentication of data transfers for multiple applications or multiple data streams in a single application or belonging to a single user. The CE splits a data transfer of a specified size into a set of partial transfers. The CE sequentially executes the set of partial transfers using a context for a period of time (e.g., a timeslice) for an application. The CE stores in a secure memory for the application one or more data for encryption or decryption (e.g., a hash key, a block counter, etc.) computed from a last partial transfer. The one or more data for encryption or decryption are retrieved and used when data transfers for the application is resumed by the CE.

Abstract: The present technology may include a first storage circuit connected to a plurality of memory banks, an error correction circuit, a read path including a plurality of sub-read paths connected between the plurality of memory banks and the error correction circuit, and a control circuit configured to control data output from the plurality of memory banks to be simultaneously stored in the first storage circuit by deactivating the read path during a first sub-test section, and to control the data stored in the first storage circuit to be sequentially transmitted to the error correction circuit by sequentially activating the plurality of sub-read paths during a second sub-test section.

Abstract: A method, system and apparatus for protecting against out-of-bounds references, including storing an address of a buffer in a general register and storing bounds information (BI) for the buffer in a bounds information register, and when a content of the general register is used as an address in a load or store operation, using a content of the bounds information register to determine if the load or store is out of bounds.

Abstract: A memory unit (23,24) is proposed for a computer system having a processing unit and a data bus for transferring data between the processing unit and the memory unit. The memory unit (23,24) stores data at a plurality of locations (“data items”) in a logical memory space (32), such that each data item has an address given by at least one index variable. In addition to read and write commands, the memory unit is operative to receive a shift command in a predefined format and including shift data which indicates a source address in the logical space. Upon receiving the command, the memory unit is operative to recognise it as a shift command and accordingly perform a predefined shift function comprising (i) using the source address to identify a portion of data in the memory space and (ii) writing that portion of data to a different location in the memory space. Thus, the portion of data can be shifted within the memory space without a need to transfer the portion of data along the bus.

Abstract: A method for direct memory access includes: receiving a direct memory access request designating addresses in a data block to be accessed in a memory; randomizing an order of the addresses the data block is accessed; and accessing the memory at addresses in the randomized order. A system for direct memory access is disclosed.

Abstract: An electronic device for controlling access to a device resource, and an operation method thereof, are disclosed. The electronic device may include a memory; and a processor configured to execute at least one operating system executed in a first region allowing an operation based on a first authority; execute at least one application executed in a second region allowing an operation based on a second authority; and in response to detection of access to at least one device resource by the at least one application, determine authority of access to the at least one device resource by using an authority determination module executed in a third region allowing an operation based on a third authority.

Abstract: An illustrative method includes determining that a total amount of read traffic and write traffic processed by a storage system during a time period exceeds a threshold; determining a first compressibility metric associated with the write traffic; determining a second compressibility metric associated with the read traffic; determining, based on a comparison of the first compressibility metric with the second compressibility metric, that the write traffic is less compressible than the read traffic; determining, based on the total amount of read traffic and write traffic exceeding the threshold and on the write traffic being less compressible than the read traffic, that the storage system is possibly being targeted by a security threat; and modifying, in response to the determining that the storage system is possibly being targeted by the security threat, a data protection parameter set for one or more recovery datasets generated by the storage system.

Abstract: Content within a memory device (e.g., a DRAM) may be secured in a customizable manner. Data can be secured and the memory device performance by be dynamically defined. In some examples, setting a data security level for a group of memory cells of a memory device may be based, at least in part, on a security mode bit pattern (e.g., a flag, flags, or indicator) in metadata read from or written to the memory device. Some examples include comparing a first signature (e.g., a digital signature) in metadata to a second value (e.g., an expected digital signature) to validate the first value in the metadata. The first value and the second value can be based, at least in part, on the data security level. Some examples include performing a data transfer operation in response to validation of the first and/or second values.

Abstract: Aspects of the present disclosure address systems, methods, and devices for tracking object dependencies in a cloud database system. An object dependency created between a referencing object and a referenced object is detected. Based on detecting the object dependency, a dependency record is generated. The dependency record includes dependency information describing the object dependency between the reference object and the referenced object. The dependency record is stored in a database of dependency records.

Abstract: A method, system and apparatus for protecting against out-of-bounds references, including storing an address of a buffer in a general register and storing bounds information (BI) for the buffer in a bounds information register, and when a content of the general register is used as an address in a load or store operation, using a content of the bounds information register to determine if the load or store is out of bounds.

Abstract: Embodiments are directed to providing a secure address translation service. An embodiment of a system includes memory for storage of data, an IOMMU coupled to the memory, and a host-to-device link to couple the IOMMU with one or more devices and to operate as a translation agent on behalf of one or more devices in connection with memory operations relating to the memory, including receiving a translated request from a discrete device via the host-to-device link specifying a memory operation and a physical address within the memory pertaining to the memory operation, determining page access permissions assigned to a context of the discrete device for a physical page of the memory within which the physical address resides, allowing the memory operation to proceed when the page access permissions permit the memory operation, and blocking the memory operation when the page access permissions do not permit the memory operation.

Abstract: An apparatus, system and method for protecting the confidentiality and integrity of a secure object running on a computer system by protecting the memory pages owned by the secure object, including assigning a secure object an ID, labeling the memory pages owned by a secure object with the ID of the secure object, maintaining an Access Control Monitor (ACM) table for the memory pages on the system, controlling access to memory pages by monitoring load and store instructions and comparing information in the ACM table with the ID of the software that is executing these instructions; and limiting access to a memory page to the owner of the memory page.

Abstract: Entanglement of pages and threads is disclosed. An indication is received of a stalling event caused by a requested portion of memory being inaccessible. It is determined that the requested portion of memory is an entangled portion of memory that is entangled with a physical node in a plurality of physical nodes. A type of the entangled portion of memory is determined. The stalling event is handled based at least in part on the determined type of the entangled portion of memory.

Abstract: Systems and methods relate generally to graphics and image processing by a printing device. In such a method, a graphics orderlist is obtained by a printer engine. The graphics orderlist has at least one imaging issue for printing an associated image. A debug mode is entered for debugging the graphics orderlist. A selection for a debug region is received. A graphic order of the graphics orderlist is executed by a graphic execution unit of the printer engine in the debug mode. The graphic execution unit determines whether the debug region is accessed by the execution of the graphic order. Responsive to the debug region being accessed for the execution of the graphic order, an interrupt is issued. Information of the graphic order and buffer contents associated with the debug region is stored in a log file.

Abstract: An apparatus comprises a processing device configured to maintain a deduplication data structure comprising sub-portions associated with different compression ratio ranges and having different numbers of data block identifiers. The processing device is also configured to identify a given data block identifier and a given compression ratio for a given data block to be stored, and to determine whether the given data block identifier is in a given one of the sub-portions having a given compression ratio range including the given compression ratio. The processing device is further configured, responsive to determining that the given data block identifier is not in the given sub-portion, to write the given data block to a physical space block of the storage system and, responsive to determining that the given data block identifier is in the given sub-portion, to increment a deduplication reference count for the given data block identifier.

Abstract: A storage system receives a command from a host to overwrite data that is stored in a memory of the storage system. The command may have been issued in error or by malware, so the storage system preserves the data that the host wants to overwrite, just in case the host later wants to recover the data. To do this, the storage system associates the physical address of the location of the memory that stores the data with a logical block address that is inaccessible by the host. To recover the data, the storage system replaces the logical block address that is inaccessible by the host with a logical block address that is accessible by the host.

Abstract: A sample is received for analysis. A determination is made that the sample was compiled for a CPU architecture that is different from a host CPU architecture. The sample is executed in an emulated user space corresponding to the CPU architecture for which the sample was compiled. The emulated user space is provided by executing a user space emulation utility in a virtual machine that shares the host CPU architecture.

Abstract: Embodiments for providing end-to-end automated contextual and differentiated application level replication by dynamically creating replication profiles for asynchronous or synchronous replication at runtime to maintain any relevant service level agreement requirements. Based on relevant operating information, data sources are identified as critical and non-critical servers and their data is tagged accordingly in the replication application by using an analytics engine. The information and tags are used to produce a trained model for machine learning processes that can generated predictions for future replication operations. An error handler identifies erroneous predictions and provides a fallback mechanism to avoid any customer replication service level agreement breach at any given time.

Abstract: Apparatuses, methods, and systems are disclosed for deriving an operating system identity. One method includes determining, at a remote unit, a type of operating system used by the remote unit. The method includes determining a domain name corresponding to the type of operating system. The method includes deriving an operating system identity by applying a hash function to the domain name and a predetermined value. The method includes transmitting a first message to a mobile communication network. In such embodiments, the first message includes the operating system identity.

Abstract: A semiconductor memory device comprises: a first pad receiving a first signal; a second pad receiving a second signal; a first memory cell array; a first sense amplifier connected to the first memory cell array; a first data register connected to the first sense amplifier and configured to store user data read from the first memory cell array; and a control circuit configured to execute an operation targeting the first memory cell array. The first memory cell array comprises a plurality of first memory strings. The first memory strings each comprise a plurality of first memory cell transistors. In a first mode of this semiconductor memory device, a command set instructing the operation is inputted via the first pad. In a second mode of this semiconductor memory device, the command set is inputted via the second pad.

Abstract: During a garbage collection process of a data storage device, superblocks may be filled with dummy data, which may decrease device performance. Embodiments described herein provide systems, methods, and computer readable media for varying a size of a superblock to reduce or eliminate dummy data in a data storage device including a plurality of superblocks. Each of the plurality of superblocks including a plurality of die blocks.

Abstract: An information handling system may include at least one processor; a plurality of physical storage resources; and a network interface configured to communicatively couple the information handling system to a plurality of host systems; wherein the information handling system is configured to: determine a likelihood of compromise for each of the plurality of host systems; and in response to the likelihood of compromise for a particular host system exceeding a threshold likelihood, carry out a remedial action with respect to the particular host system, wherein the remedial action includes restricting access from the particular host system to the plurality of physical storage resources.

Abstract: A programmable crossbar matrix or an array of steering multiplexors (MUXs) coalesces (i.e., routes) the data values from multiple known “bad” bit positions within multiple symbols of a codeword, to bit positions within a single codeword symbol. The single codeword symbol receiving the known “bad” bit positions may correspond to a check symbol (vs. a data symbol). Configuration of the routing logic may occur at boot or initialization time. The configuration of the routing logic may be based upon error mapping information retrieved from system non-volatile memory (e.g., memory module serial presence detect information), or from memory tests performed during initialization. The configuration of the routing logic may be changed on a per-rank basis.

Abstract: A new approach is proposed to support hardware-based protection for registers of an electronic device. Sources requesting access to the registers are categorized into a set of internal sources that can be trusted and a set of external sources that are untrusted. The registers are classified into a set of internal registers allowed to be accessed by the internal resources only, a set of read-only external registers that can be read by the external resources in addition to accessed by the internal resources, and a set of read/write external registers that can be read and written by both the internal and the external resources. Each access request by a source to the registers includes the source type, wherein access request is granted or denied based on the matching between the source bits in the access request and the register classification bits of the one or more registers to be accessed.

Abstract: When a request for accessing a service is received, a user object may be stored in a long-term data store, as well as in a short-term cache. The cache may be divided into a regular cache that stores full versions of the user objects, and a surrogate cache that stores compact versions of the user object. The compact version of the user object may include a field that is derived from the full user object indicating whether a subsequent request for access to a particular service should be granted. After access is granted/denied based on this value in the compact user object, the system can process an update to the full user object offline. This surrogate cache structure may be used to rapidly approve/deny requests, decoupling this procedure from the processing involved with a full user object.

Abstract: Method for processing data, in which a Petri net is encoded, written into a memory and read and executed by at least one instance, wherein transitions of the Petri net read from at least one tape and/or write on at least one tape symbols or symbol strings, with the aid of at least one head. [FIG. 1]. In an alternative, data-processing, co-operating nets are composed, the composition result is encoded, written into a memory and read and executed from the memory by at least one instance. In doing this, components can have cryptological functions. The data-processing nets can receive and process second data from a cryptological function which is executed in a protected manner. The invention enables processing of data which prevents semantic analysis of laid-open, possibly few processing steps and which can produce a linkage of the processing steps with a hardware which is difficult to isolate.

Abstract: The technology disclosed herein involves tracking contention and using the tracked contention to manage processor cache. The technology can be implemented in a processor's cache controlling logic and can enable the processor to track which locations in main memory are contentious. The technology can use the contentiousness of locations to determine where to store the data in cache and how to allocate and evict cache lines in the cache. In one example, the technology can store the data in a shared cache when the location is contentious and can bypass the shared cache and store the data in the private cache when the location is uncontentious. This may be advantageous because storing the data in shared cache can reduce or avoid having multiple copies in different private caches and can reduce the cache coherency overhead involved to keep copies in the private caches in sync.

Abstract: Certain embodiments disclosed herein reduce or eliminate a communication bottleneck at the storage manager by reducing communication with the storage manager while maintaining functionality of an information management system. In some implementations, a client obtains information for enabling a secondary storage job (e.g., a backup or restore) from a storage manager and stores the information (which may be referred to as job metadata) in a local cache. The client may then reuse the job metadata for multiple storage jobs reducing the frequency of communication with the storage manager. When a configuration of the information management system changes, or the availability of resources changes, the storage manager can push updates to the job metadata to the clients. Further, a client can periodically request updated job metadata from the storage manager ensuring that the client does not rely on out-of-date job metadata.

Abstract: A data access manager is provided on a computing device to manage access to secure files stored in memory. The data access manager intercepts function calls from applications to the memory management unit and determines whether an application is allowed to access secure data stored in the memory of the computing device. When an initial request to map the data is received, the data access manager maps both secure data and clear data, obtaining pointers to both secure and clear data. When an application has permission to access the requested data, the data access manager returns the pointer to the clear data. When an application does not have permission to access the requested data, the data access manager returns the pointer to the secure data.

Abstract: Various embodiments are generally directed to an apparatus, method and other techniques to detect an access request to access a computing resource while in a system management mode (SMM), determine a bit of a lock register is set to enable access to a bitmap associated with the computing resource, the bitmap to indicate an access policy for the computing resource, and determine whether the access request violate the access policy set in the bitmap. Embodiments may also include performing the access request if the access request does not violate the access policy, and causing a fault if the access request does violate the access policy.

Abstract: A playlist preview is generated to provide a preview of media content items identified by a media playlist. The playlist preview can be created by selecting all or some of the media content items in the playlist, determining preview portions of the selected media content items, and arranging the preview portions with or without a transition effect. The playlist preview can be easily shared with other users through, for example, social media sites.

Abstract: A wear-leveling process for a memory subsystem selects a source chunk to be removed from a usable address space of the memory subsystem to distribute wear across all available chunks in the memory subsystem. The memory subsystem has a plurality of non-volatile memory components. The plurality of non-volatile memory components includes a plurality of chunks including at least one chunk in an unusable address space of the memory subsystem. The wear-leveling process copies valid data of the source chunk to a destination chunk in the unusable address space of the memory subsystem and assigns the destination chunk to a location in the usable address space of the memory subsystem occupied by the source chunk.

Abstract: Embodiments described herein provide systems and methods to streamline the mechanism by which data users access differently regulated data through the use of one or more integrated identifiers. The integrated identifiers lessen or eliminate the need to separately maintain one set of identifiers for regulated data and another set for non-regulated data. The methods and systems may be applicable in various credit and healthcare contexts where regulations over data use are prevalent. In one or more embodiments, a data user receives a unique integrated identifier for each of the data user's current or prospective customers, and the integrated identifiers can be used to persistently identify and track the customers over time and across applications that access regulated and/or non-regulated data. In the healthcare context, a healthcare provider may utilize a patient ID as the integrated identifier. To protect privacy, the integrated identifier may not include social security numbers or birthdates.

Abstract: A content provider system includes: a repository to store a catalog of content; a storage device including at least a first port and a second port; a first hosted device connected to the first port over a first storage interface for access to the storage device, and to execute content stored in the storage device to provide the content to a first user device; a second hosted device connected to the second port over a second storage interface for access to the storage device, and to execute the content stored in the storage device to provide the content to a second user device; and one or more processing circuits to control access to the storage device from the first and second ports by the first and second hosted devices.

Abstract: According to certain aspects, a system may include a data agent configured to: process a database file residing on a primary storage device(s) to identify a subset of data in the database file for archiving, the database file generated by a database application; and extract the subset of the data from the database file and store the subset of the data in an archive file on the primary storage device(s) as a plurality of blocks having a common size; and at least one secondary storage controller computer configured to, as part of a secondary copy operation in which the archive file is copied to a secondary storage device(s): copy the plurality of blocks to the secondary storage devices to create a secondary copy of the archive file; and create a table that provides a mapping between the copied plurality of blocks and corresponding locations in the secondary storage device(s).

Abstract: Embodiments of the present disclosure provide a method, an electronic device, and a computer program product for data processing.

Abstract: An illustrative method includes a data protection system determining that data stored by a storage system is under a possible attack, detecting a modify request with respect to the storage system while the data stored by the storage system is under the possible attack, determining that the modify request may be related to the possible attack, and performing, in response to determining that the modify request may be related to the possible attack, a remedial action with respect to the modify request.

Abstract: Apparatuses and methods related to mitigating unauthorized memory access are described. Mitigating unauthorized memory access can include verifying whether an access command is authorized to access a protected region of a memory array. The authorization can be verified utilizing a key and a memory address corresponding to the access command. If an access command is authorized to access a protected region, then a row of the memory array corresponding to the access command can be activated. If an access command is not authorized to access the protected region, then a row of the memory array corresponding to the access command may not be activated.

Abstract: A system for managing and facilitating the preview, sale and transfer of digital media files, such as digital photographs and/or digital videos, preferably through text messaging that provides streamlined transactions between photographers and/or videographers and purchasers of digital media files.

Abstract: Methods, apparatuses, and systems related to securing memory data are described. A hardware circuit is configured to encrypt and decrypt memory data using a scrambling key unique to a computing process processing the memory data. In writing the memory data, the hardware circuit generates scrambled memory data based on encrypting the memory data according to the security key. The scrambled memory data is stored for the write operation instead of the memory data. When the same process reads back the scrambled data, the same security key can be used to decrypt the scrambled data and recover the initial unscrambled memory data.

Abstract: A computer system includes a volatile memory and at least one processor. The volatile memory includes a protected storage segment (PSS) configured to store firmware-authentication program code for authenticating firmware of the computer system. The at least one processor is configured to receive a trigger to switch to a given version of the firmware, to obtain, in response to the trigger, a privilege to access the PSS, to authenticate the given version of the firmware by executing the firmware-authentication program code from the PSS, to switch to the given version of the firmware upon successfully authenticating the given version, and to take an alternative action upon failing to authenticate the given version.

Abstract: A circuit device includes a bus, a plurality of master circuits that are coupled to the bus and are bus masters in the bus, and a plurality of slave circuits that are coupled to the plurality of master circuits via the bus and are bus slaves in the bus. Access authority to the bus slaves is set for the plurality of master circuits, and permission setting of read access or write access from the bus masters is performed for the plurality of slave circuits. The plurality of master circuits determine whether the plurality of slave circuits are accessible based on the access authority and the permission setting.

Abstract: Embodiments of the present disclosure provide a protective apparatus for an indirect access memory controller. The apparatus can include: a bus monitoring unit configured to monitor a bus address and detect an operation type of a bus accessing the indirect access memory controller, update a corresponding window register if the operation type is a window register operation, initiate permission authentication if the operation type is a register controlling operation, and perform list entry configuration if the operation type is a permission list configuration operation; a window register unit configured to store operation addresses of different access types; a permission list unit configured to partition a memory space into several virtual memory protection areas, and independently set a access permission attribute for each memory area; and an unauthorized operation processing unit configured to process a subsequent operation performed when a permission violating access occurs.

Abstract: An illustrative method includes a data protection system detecting a request to perform a restricted operation with respect to a recovery dataset configured to be used by a storage system to recover from a data corruption event within the storage system, monitoring, in response to the request, for an occurrence of a predetermined set of one or more authorization events performed with one or more hardware tokens, and preventing the restricted operation from being executed until the each of the one or more authorization events included in the predetermined set occurs.

Abstract: An illustrative method includes a data protection system identifying one or more input operations and one or more output operations performed between a source and a storage system, identifying an anomaly in a relationship between the one or more input operations and the one or more output operations, and determining, based on the identifying of the anomaly, that the storage system is possibly being targeted by a security threat.

Abstract: An illustrative method includes determining an encryption indicator for a first recovery dataset by determining a difference in an amount or percentage of incompressible data associated with the first recovery dataset compared to an amount or percentage of incompressible data associated with a second recovery dataset that temporally precedes the first recovery dataset, the encryption indicator representative of data within or represented by the first recovery dataset that cannot be compressed more than a threshold amount; and performing, based on the encryption indicator for the first recovery dataset, an action with respect to the second recovery dataset, wherein the second recovery dataset is usable to restore data maintained by a storage system to a second state corresponding to a second point in time that temporally precedes a first point in time corresponding to the first recovery dataset.

Abstract: A method of writing data to a protected region in response to a request from a host includes receiving a first write request including a first host message authentication code and a first random number from the host, verifying the first write request based on a write count, the first random number, and the first host message authentication code, updating the write count based on a result of verifying the first write request, generating a first device message authentication code based on the updated write count and the first random number, and providing the host with a first response including the first device message authentication code and a result of the verifying of the first write request.

Abstract: A method and apparatus provide recovery from a computing device boot up error by detecting a current boot up error in the computing device, loading a plurality of recovery pre-EFI initialization modules (PEIMs), of a recovery unified extensible firmware interface (UEFI) BIOS for execution, wherein the recovery PEIMS include executable code to pre-initialize at least a processing unit and memory of the computing device in a pre-EFI initialization (PEI) phase of a multi-phase platform initialization operation, and recovering from the boot up error by booting up the computing device using the loaded plurality of recovery pre-EFI initialization modules.

Abstract: A logical-to-physical (L2P) data structure and a physical-to-logical (P2L) data structure are maintained. The L2P data structure comprises table entries that map a logical address to a physical address. The P2L data structure comprises data entries that map a physical address to a logical address. The P2L data entries also comprise a data move status, a base address, and a boundary indicator. A move operation is detected, wherein the move operation indicates that data referenced by a logical address is to be moved from a source physical address to a destination physical address. Responsive to detecting the move operation, the data move status associated with the source physical address in the P2L data structure is updated.

Abstract: The technology disclosed herein enhances a fault-based communication channel between a virtual machine and a hypervisor. An example method may include: configuring, by a hypervisor, a first memory location to generate one or more faults when accessed by a virtual machine process, wherein the first memory location is mapped to a device and a second memory location is mapped to memory; detecting, by the hypervisor, a fault caused by a first execution of an instruction of the virtual machine process, wherein the instruction comprises a reference to a register comprising the first memory location; responsive to the detecting the fault, the hypervisor performing a computing task for the virtual machine process and updating the register to comprise the second memory location; and initiating, by the hypervisor, a second execution of the instruction of the virtual machine process, wherein the second execution of the instruction accesses the second memory location.