Abstract: Techniques are disclosed relating to specifying memory consistency constraints. In some embodiments, an instruction may specify, for a memory operation, a type of memory consistency and a scope at which to enforce the type of consistency. For example, these fields may specify whether to sequence memory accesses relative to the operation at one or more of multiple different cache levels based on the type of memory consistency and the scope.

Abstract: Disclosed embodiments relate to reporting Electronic Control Unit (ECU) errors or faults to a remote monitoring server. Operations may include receiving operational data from a plurality of ECUs in the vehicle, the operational data being indicative of a plurality of runtime attributes of the plurality of ECUs; generating, through a machine learning process, a statistical model of the operational data; receiving live, runtime updates from the plurality of ECUs in the communications network of the vehicle; identifying an ECU error associated with an ECU in the communications network of the vehicle, the ECU error being determined by a comparison of the live, runtime updates with the statistical model of the operational data to identify at least one deviation from the operational data; and wirelessly sending a report to the remote monitoring server based on the live, runtime updates, the report identifying the ECU and the identified ECU error.

Abstract: A method comprises: maintaining a database (120, 130) of access control events; dividing a portion (138) of the database into shares (140A, 140B, 140C); passing the respective shares to respective third party servers (44A, 44B, 44C); processing the shares in the respective third party servers; passing output of the processing to a further server (40) in common; and processing the output on the further server.

Abstract: A method for allocating to a resource, in a system of addressable resources, a hybrid deterministic/random key for access to a second resource, includes maintaining a table of storage positions for key values, searching the table for an available storage position, determining an index, in the table, of the available storage position, generating a random key value associated with location of the second resource, storing the random key value in the storage position, and assembling the index and the random key value into the hybrid key. The index may be most significant bits of the hybrid key, with the random key value being the least significant bits. Alternatively, the index may be least significant bits of the hybrid key, with the random key value being the most significant bits, or the bits of the index may be distributed among bits of the random key value.

Abstract: An apparatus comprises memory access circuitry to perform a tag-guarded memory access in response to a target address, the tag-guarded memory access comprising a guard-tag check of comparing an address tag associated with the target address with a guard tag stored in association with a block of one or more memory locations comprising an addressed location identified by the target address. The memory access circuitry is responsive to a sequence of received target addresses specifying a sequence of addressed locations to perform a non-tag-guarded memory access that does not perform the guard-tag check to a subset of the sequence of addressed locations.

Abstract: Embodiments are directed to providing a secure address translation service. An embodiment of a system includes DRAM for storage of data, an IOMMU coupled to the DRAM, and a host-to-device link to couple the IOMMU with one or more devices and to operate as a translation agent on behalf of one or more devices in connection with memory operations relating to the DRAM, including receiving a translated request from a discrete device via the host-to-device link specifying a memory operation and a physical address within the DRAM pertaining to the memory operation, determining page access permissions assigned to a context of the discrete device for a physical page of the DRAM within which the physical address resides, allowing the memory operation to proceed when the page access permissions permit the memory operation, and blocking the memory operation when the page access permissions do not permit the memory operation.

Abstract: A memory controller according to an aspect of the present invention includes a BIST (built-in self-tester) configured to test a memory, a scheduler configured to change an execution order of memory commands to be transmitted to the memory, a main controller configured to control the memory, and a switch configured to connect one of an output of the scheduler and an output of the BIST to an input of the main controller in response to a control signal output from the BIST.

Abstract: Mechanisms to protect the integrity of memory of a virtual machine are provided. The mechanisms involve utilizing certain capabilities of the hypervisor underlying the virtual machine to monitor writes to memory pages of the virtual machine. A guest integrity driver communicates with the hypervisor to request such functionality. Additional protections are provided for protecting the guest integrity driver and associated data, as well as for preventing use of these mechanisms by malicious software. These additional protections include an elevated execution mode, termed “integrity mode,” which can only be entered from a specified entry point, as well as protections on the memory pages that store the guest integrity driver and associated data.

Abstract: A method, computer program product, and computer system for receiving, at a computing device, a write request from a host, wherein a first portion of a process may receive the write request. A callback and context may be set in the write request by the first portion of the process. The write request may be passed to a second portion of the process. The first process may be provided with the context. The first process may use the context to replicate the write request data to a destination.

Abstract: Embodiments for allocating and reclaiming memory using dynamic buffer allocation for a slab memory allocator. The method keeps track of a count of a total number of worker threads and a count of a total number of quiesced threads, and determines if there is any free slab memory. If there is no free slab memory, the method triggers an out of memory event and increments the count of the total number of quiesced threads. It reclaims all objects currently allocated in an object pool, and allocates a buffer of a next smaller size than an original buffer until a sufficient amount of slab memory is freed.

Abstract: Systems and methods for managing access data are disclosed. One method can comprise receiving prediction information relating to one or more content options and requesting access information associated with the prediction information. At least a portion of the received access information can be processed to provide a preliminary access decision. A request for access relating to the one or more data options can be received and an access decision based at least in part on the preliminary access decision can be provided.

Abstract: A first storage device or first storage disk including first executable instructions that, when executed, cause a processor to at least: in response to determining a variable associated with a memory page that (1) has been loaded into local memory from a second storage device and (2) has been accessed from the local memory, has a first state, identify the memory page as a modified memory page, the memory page including second executable instructions. The first instructions also cause the processor to, in response to determining the second executable instructions of the modified memory page have been changed since a previous analysis of the modified memory page, perform anti-malware analysis of at least a portion of the modified memory page.

Abstract: In one embodiment, a method includes receiving, at a job control manager, a command specifying execution of a batch application. The method also includes receiving, at the job control manager, a commit count associated with the batch application, and initiating the batch application, with the batch application processing a group of records. The method also includes locking a first record of the group of records in response to the first record being processed by the batch application with the proviso that the batch application does not cause the first record to be unlocked unless the batch application has finished processing a last record in the group of records. Moreover, the method includes committing, in response to the batch application having completed processing of an nth record of the group of records, all records of the group of records that are locked resulting from execution of the batch application.

Abstract: An opportunistic storage service, or system, identifies currently unused storage capacity on a plurality of physical storage components of computing devices dispersed throughout a provider network. In some embodiments, the currently unused storage capacity is provisioned as primary storage, but is not currently being used to store primary storage data. The opportunistic storage service advertises at least a portion of the currently unused storage capacity as opportunistic storage capacity and provisions the opportunistic storage capacity subject to revocation if additional storage capacity of the physical storage components is needed to store primary storage data to fulfill a primary storage commitment.

Abstract: An integrated circuit device includes a shuffler, a logic unit and registers each including two or more bit storages. The shuffler receives an address indicating one of the registers and data bits, selects target bit storages at which the data bits are to be stored from among bit storages of the registers depending on a shuffle configuration and the address, stores the data bits into the target bit storages, and transfers the data bits from the target bit storages depending on the shuffle configuration. The logic unit receives the data bits transferred from the shuffler and operates using the received data bits. The shuffle configuration is adjusted when a reset operation is performed.

Abstract: The present invention provides a storage device (100) which consists of multiple access levels to access data or information depending on its importance, usefulness, severity, criticality and vulnerability. Further, the storage device (100) ensures data protection through confidentiality, integrity and accessibility for information security by disabling any connection with external communication channels such as Wi-Fi, Bluetooth and so on. Further, the storage device (100) is designed to erasing all the credentials data after 5 unsuccessful attempts ensuring security of the data or information. Authenticated data or information stored on the device can only be accessed by the owner of the device thereby preserving the integrity of the stored data. Reminders may be set for authentication related data which helps change the authentication credentials in time.

Abstract: An information handling system includes an embedded controller to capture a current battery power level of a battery that is a sole source of power of the information handling system. A service module may update a configuration table with anticipated power consumption associated with a component of the information handling system, wherein the anticipated power consumption is based on an operation, and predict whether the current battery power level is sufficient to complete the operation, including comparing the current battery power level with the anticipated power consumption of the component. If the current battery power level is sufficient to complete the operation, then the service module may execute the operation. If the current battery power level is insufficient to complete the operation, then the service module may provide one or more options associated with the operation based on a power management policy.

Abstract: An application can be installed, updated or reconfigured without disabling a write filter. When a package is to be deployed to a client terminal to install, update or reconfigure an application, an overlay optimizer can be instructed to start a session. During the session, the overlay optimizer can analyze I/O requests to identify any I/O request that pertains to the deployment of the package. The overlay optimizer can then redirect the identified I/O requests to a session overlay that the overlay optimizer has created for the session rather than passing the I/O requests to the write filter. As a result, the artifacts that are affected by the deployment of the package will be stored in the session overlay rather than the write filter's overlay. Once the session is completed, the overlay optimizer can copy the artifacts from the session overlay to the write filter's overlay and commit them.

Abstract: Techniques for persisting user data across secure shell instances are provided. The techniques include a method wherein a computer system receives a request to reserve a block volume, the request being received from a session manager service. The method also includes reserving the block volume, identifying a data center identifier of the block volume, returning the data center identifier of the block volume to the session manager service, attaching the block volume to a volume management fleet machine, receiving an instruction from the session manager service to release the block volume, creating a backup of the block volume comprising the data stored in the block volume, and releasing the block volume.

Abstract: A method for validating access to data files using a combination of secure data values includes: storing at least a first check value and a seed value in an account profile; receiving a data request message including at least a first data value, a second data value, a timestamp, and a data file request from a computing device; identifying a second check value using a predetermined algorithm applied to at least the seed value and the timestamp; validating the first data value using the first check value and the second data value using the second check value; and transmitting one or more data files indicated in the data file request to the computing device upon successful validation of the first data value and the second data value.

Abstract: The system collects startup commands associated with network-attached computing devices. A startup command is automatically executed by a device on which the startup command is stored upon startup of the device and is associated with a device identifier for the device. For each startup command, a corresponding command tag is determined for the startup command using a verb list. Using the device identifier associated with each startup command and the command tag determined for each startup command, a proportion of the plurality of devices is determined that are associated with each command tag. Based on the determined proportion of the plurality of devices that are associated with each command tag, a suspicious command tag is determined. A report is stored that includes the suspicious command tag, suspicious startup command(s) associated with the suspicious command tag, and the device identifier associated with each suspicious startup command.

Abstract: Techniques read data. Such techniques involve: in response to receiving a read request from the user for data on a physical data block, determining whether there is data state information corresponding to the physical data block. The data state information may include a plurality of units for respectively indicating availability of data stored in a plurality of sub-blocks of the physical data block. Such techniques further involve: in response to determining that there is data state information, selecting a target sub-block from the plurality of sub-blocks of the physical storage block based on the data state information. Such techniques further involve: providing the user with data stored in the target sub-block. Such techniques are capable of determining the availability of data at a finer granularity.

Abstract: The present invention is an controller for dynamically allocating RAM between powersave code copied from ROM and transient RAM memory used for storing packets. When the utilization of the transient RAM memory is low, code segments are copied from ROM and executed from RAM using a RAM pointer table which is updated after the code segments are copied over from ROM, and when the utilization of the transient RAM memory is high, code segments are deallocated from RAM and the pointer table is updated to point to the corresponding location in flash ROM.

Abstract: A method includes retrieving, by a workspace client on a computing device, a first set of resource associations from a workspace server. The first set of resource associations identify one or more data file-types executable by each application on a virtualization server. The method also includes generating, by the workspace client, from the first set of resource associations, a second set of resource associations. The second set of resource associations identify a subset of applications on the virtualization server operable to perform operations on each of the one or more data file-types. The method further includes obtaining, by a storage provider client on the computing device, the second set of resource associations. The storage provider client is configured to enable one or more applications on the virtualization server to execute at least one data file accessible from a storage provider.

Abstract: Examples described herein provide for memory access protection in programmable logic devices. In an example, an integrated circuit includes a programmable logic region, control logic, an interconnect, and a memory controller. The control logic is communicatively coupled to the programmable logic region. The control logic is configurable to generate one or more transaction attributes of a memory transaction request, and the memory transaction request is communicated from the programmable logic region. The interconnect is communicatively coupled to the control logic. The interconnect is operable to communicate the memory transaction request therethrough. The memory controller is communicatively coupled to the interconnect. The memory controller is operable to receive the memory transaction request. The memory controller is configurable to determine whether the memory transaction request is permitted based on the one or more transaction attributes.

Abstract: There is provided an inter-company information sharing system in which a communication connection is made with a plurality of computers individually corresponding to a plurality of companies, including information disclosure request receiving means for receiving an information disclosure request from each of the computers, information registration request receiving means for receiving an information registration request from each of the computers, information storage means for storing information regarding the information registration request, and disclosure control means for controlling a disclosure of the information stored in the information storage means on the basis of information regarding the company corresponding to the computer that has transmitted the information registration request and the information regarding the company corresponding to the computer that has transmitted the information disclosure request.

Abstract: A processor of an aspect includes an instruction pipeline to process a multiple memory address instruction that indicates multiple memory addresses. The processor also includes multiple page fault aggregation logic coupled with the instruction pipeline. The multiple page fault aggregation logic is to aggregate page fault information for multiple page faults that are each associated with one of the multiple memory addresses of the instruction. The multiple page fault aggregation logic is to provide the aggregated page fault information to a page fault communication interface. Other processors, apparatus, methods, and systems are also disclosed.

Abstract: Processing circuitry performs multiple beats of processing in response to a vector instruction, each beat comprising processing corresponding to a portion of a vector value comprising multiple data elements. The processing circuitry sets beat status information indicating which beats of a group of two or more vector instructions have completed. In response to a return-from-event request indicating a return to processing of a given vector instruction, the processing circuitry resumes processing of the group of uncompleted vector instructions while suppressing beats already completed, based on the beat status information.

Abstract: An apparatus, system, and method are disclosed that service SCSI commands, including SCSI PGR commands in the standby node of a storage system that operates in an Asymmetric Logic Unit Access (ALUA) mode. The apparatus, system, and method service SCSI PGR commands without maintaining peer/proxy port information. The apparatus, system, and method service SCSI commands by forwarding/proxying commands between the active node and standby node, in both directions and use a modified command descriptor block (MCDB) message to conduct the communications between the nodes.

Abstract: A system and method use a physical unclonable function in a PUF circuit on an integrated circuit to generate a security key, and stabilize the security key by storage in a set of nonvolatile memory cells. The stabilized security key is moved from the set of nonvolatile memory cells to a cache memory, and utilized as stored in the cache memory in a security protocol. Also, data transfer from the PUF circuit to the set of nonvolatile memory cells can be disabled after using the PUF circuit to produce the security key, at a safe time, such as after the security key has been moved from the set of nonvolatile memory cells to the cache memory.

Abstract: A method of data transmission is described. Data content is acquired by processing circuitry of a first terminal. Fingerprint identity information corresponding to the data content is acquired by the processing circuitry of the first terminal. A fingerprint-based transfer request that includes the data content and the fingerprint identity information is sent to a server. In an embodiment, the fingerprint-based transfer request enables the server to establish an association relationship between the data content and the fingerprint identity information, to acquire, in response to receiving a fingerprint-based downloading request from a second terminal, target data content matching the fingerprint-based downloading request according to the association relationship, and to send the target data content to the second terminal.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing cryptographic keys based on user identity information. One of the methods includes receiving biometric information associated with a user and a request to store a user key pair to a memory on an identity cryptographic chip (ICC); comparing the biometric information associated with the user with biometric information pre-stored in the memory as pre-stored biometric information; in response to determining that the biometric information associated with the user matches the pre-stored biometric information, encrypting the user key pair to provide an encrypted user key pair; and storing the encrypted user key pair to the memory.

Abstract: A hardware monitor arranged to detect out-of-bounds violations in a hardware design for an electronic device. The hardware monitors include monitor and detection logic configured to monitor the current operating state of an instantiation of the hardware design and detect when the instantiation of the hardware design implements a fetch of an instruction from memory; and assertion evaluation logic configured to evaluate one or more assertions that assert a formal property that compares the memory address of the fetched instruction to an allowable memory address range associated with the current operating state of the instantiation of the hardware design to determine whether there has been an out-of-bounds violation. The hardware monitor may be used by a formal verification tool to exhaustively verify that the hardware design does not cause an instruction to be fetched from an out-of-bounds address.

Abstract: Systems and methods are disclosed comprising receiving a request for a descriptor of a storage system, sending the descriptor to the host including an indication that a component of the storage device is in a restricted operation mode, wherein the host device utilizes the indication to determine a boot mode of the host device.

Abstract: A management apparatus includes: a data holding part that holds a function management table for storing information associating apparatus identification information identifying an expansion apparatus and function identification information for identifying a function that is set in the expansion unit; a function management part that specifies an expansion apparatus in response to an instruction to start up a virtual machine, that sets, in the expansion unit, function identification information corresponding to a function satisfying a functional requirement of the virtual machine, that sets the function satisfying the functional requirement as an internal function in the expansion unit, and that stores function identification information in the function management table; and a function setting part that determines driver software necessary for an internal function of the expansion apparatus based on function identification information set in the expansion unit.

Abstract: A method of protecting software for embedded applications against unauthorized access is disclosed. Software to be protected is loaded into a protected memory area and access to the protected memory area is controlled by sentinel logic circuitry. The sentinel logic circuitry allows access to the protected memory area only either from within the protected memory area or from outside of the protected memory area but through a dedicated memory location within the protected memory area. The dedicated memory location then points to protected address locations within the protected memory area.

Abstract: Maintaining cache coherency in the presence of a network attached memory is disclosed. A computer system includes a plurality of physical nodes. An operating system is run collectively across the plurality of physical nodes. The physical nodes are configured to communicate with a network attached memory. Based at least in part on an operation to be performed with respect to page on a first physical node included in the plurality of physical nodes, the network attached memory is configured to receive a message. The network attached memory is configured to perform an action based at least in part on the received message.

Abstract: Various embodiments relate generally to computer software and systems, including a subset of intermediary executable instructions constituting an communication interface between various software and/or hardware platforms, and, more specifically, to an application interface integration design management platform configured to analyze distinctive repositories (e.g., version-control application-based repositories) and identify application interface files and data components to form a consolidated data source with which to perform a unified search (e.g., a global search) to implement different portions of various application interfaces in development of application program interfaces (“APIs”), and the like.

Abstract: A method performed by at least one computer processor, the method comprising: obtaining an original file to be encrypted; encrypting header data of the original file to obtain encrypted header data, the header data comprising metadata of the original file; storing the encrypted header data; recording, to correspond to a file identifier of the original file, a first storage path of the encrypted header data; partitioning file data other than the header data in the original file, into segments; storing the segments in a disordered fragment sequence; and recording, to correspond to the file identifier, second storage paths of the segments along with an actual sequence of the segments in the original file.

Abstract: The data processing apparatus includes a memory protection setting storage unit capable of storing a plurality of address sections as memory protection setting targets, a plurality of first determination units provided for each of the address sections stored in the memory protection setting storage unit and provisionally determining whether or not an access request is permitted based on whether or not an access destination address specified by the access request corresponds to the address section acquired from the memory protection setting storage unit, and a second determination unit finally determining whether or not the access request is permitted based on the classification information and the results of provisional determinations by the first determination unit.

Abstract: A system includes software and a computing device configured to test the software in parallel. The computing device may obtain a first test case from a plurality of test cases. The first test case may be configured to cause the software to access a subset of data entries in a database. A plurality of locks facilitates exclusive access to the plurality of data entries. The computing device may further attempt to acquire a subset of the locks that correspond to the subset of the data entries. The computing device may further determine when to execute the first test case. Doing so involves either: (i) failing to acquire all of the subset of the locks and delaying execution of the first test case, or (ii) successfully acquiring all of the subset of the locks and executing the first test case in parallel with the second test case.

Abstract: A data transfer system including a first memory and a processor includes a second memory and a DMA controller. The processor performs RMW on data which has a size less than a cache line size and in which a portion of a cache line (a unit area of the first memory) is a write destination. Output target data is transferred from an I/O device to the second memory. Thereafter, the DMA controller transfers the output target data from the second memory to the first memory in one or a plurality of transfer unit sizes by which the number of occurrences of RMW is minimized.

Abstract: Generating, by a computing device, a device secret, the generating comprising: providing, by at least one physical unclonable function (PUF), at least one value; and generating, using a key derivative function (KDF), the device secret, wherein the at least one value provided by the at least one PUF is an input to the KDF; and storing, in memory of the computing device, the generated device secret.

Abstract: Embodiments of the present invention provide systems and methods for thwarting attempts at the unauthorized access to the restricted resources within the target server in a multi-node system. Real-time detection of the user ID and thread ID associated with attempts to access the restricted resources within the target server in a multi-node system is achieved by analyzing causality, message queue, and event-driven patterns.

Abstract: An apparatus comprises a non-associative memory comprising a plurality of storage locations, and error recovery storage to store at least one error recovery entry providing a recovery value for a corresponding storage location of the non-associative memory. Control circuitry is responsive to a non-associative memory read request specifying a target address of a storage location of the non-associative memory, when the error recovery storage includes a valid matching error recovery entry for which the corresponding storage location is the storage location identified by the target address, to return the recovery value stored in the valid matching error recovery entry as a response to the non-associative memory read request, instead of information stored in the storage location identified by the target address. This enables the apparatus to continue to function even if hard errors occur in a storage location of the non-associative memory.

Abstract: Secure memory repartitioning technologies are described. Embodiments of the disclosure may include a processing device including a processor core and a memory controller coupled between the processor core and a memory device. The memory device includes a memory range including a section of convertible pages that are convertible to secure pages or non-secure pages. The processor core is to receive a non-secure access request to a page in the memory device, responsive to a determination, based on one or more secure state bits in one or more secure state bit arrays, that the page is a secure page, insert an abort page address into a translation lookaside buffer, and responsive to a determination, based on the one or more secure state bits in the one or more secure state bit arrays, that the page is a non-secure page, insert the page into the translation lookaside buffer.

Abstract: Dynamic load balancing of hardware threads in clustered processor cores using shared hardware resources, and related circuits, methods, and computer readable media are disclosed. In one aspect, a dynamic load balancing circuit comprising a control unit is provided. The control unit is configured to determine whether a suboptimal load condition exists between a first cluster and a second cluster of a clustered processor core. If a suboptimal load condition exists, the control unit is further configured to transfer a content of private register(s) of a first hardware thread of the first cluster to private register(s) of a second hardware thread of the second cluster via shared hardware resources of the first hardware thread and the second hardware thread. The control unit is also configured to exchange a first identifier associated with the first hardware thread with a second identifier associated with the second hardware thread via the shared hardware resources.

Abstract: Techniques support and perform data replication of a virtual machine. Changed data tracking is performed on a storage unit associated with the virtual machine in a storage system, to obtain changed data related information related to the virtual machine, wherein the changed data related information indicates a range and a type of data change related to the virtual machine; from the changed data related information, changed data related information related to the virtual machine within a specified range is obtained in response to receiving an obtainment request of the storage system for changed data related information within the specified range; and the changed data related information within the specified range is sent to the storage system. Accordingly, changed data related information can be provided to a storage system, such that the storage system can implement an optimized data replication operation based on the changed data related information.

Abstract: An overlay optimizer can be configured to accelerate the moving of files from an overlay and to atomically move files from the overlay. To accelerate the moving of files from the overlay, the overlay optimizer can continuously monitor the consumption of the overlay. If the consumption exceeds an optimized threshold, the overlay optimizer can cause the file system cache to be invalidated to thereby release handles to any closed files that are still cached. To move files atomically from the overlay, the overlay optimizer can be configured to handle attempts to open a file by determining whether the file is in the process of being moved from the overlay. If so, the overlay optimizer can detect which stage the move process has reached and can dynamically adapt the move process to enable the attempt to open the file to be completed successfully and in a consistent manner.

Abstract: Systems, apparatuses, and methods related to securing domain crossing using domain access tables are described. For example, a computer processor can have registers configured to store locations of domain access tables respectively for predefined, non-hierarchical domains. Each respective domain access table can be pre-associated with a respective domain and can have entries configured to identify entry points of the respective domain. The processor is configured to enforce domain crossing in instruction execution using the domain access tables and to prevent arbitrary and/or unauthorized domain crossing.