Described are methods, systems and computer readable media for dynamic updating of query result displays.

A compute instance is instrumented to detect certain kernel memory allocation functions, in particular functions that allocate heap memory and/or make allocated memory executable. Dynamic shell code exploits can then be detected when code executing from heap memory allocates additional heap memory and makes that additional heap memory executable.

A method for device authentication comprises receiving, by processing hardware of a first device, a message from a second device to authenticate the first device. The processing hardware retrieves a secret value from secure storage hardware operatively coupled to the processing hardware. The processing hardware derives a validator from the secret value using a path through a key tree, wherein the path is based on the message, wherein deriving the validator using the path through the key tree comprises computing a plurality of successive intermediate keys starting with a value based on the secret value and leading to the validator, wherein each successive intermediate key is derived based on at least a portion of the message and a prior key. The first device then sends the validator to the second device.

A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.

Some embodiments of the present invention include a method comprising: accessing units of network storage that encode state data of respective virtual machines, wherein the state data for respective ones of the virtual machines are stored in distinct ones of the network storage units such that the state data for more than one virtual machine are not commingled in any one of the network storage units.

In various embodiments, apparatuses and methods are disclosed to keep a memory clock gated when the data for a current memory address is the same as the data in the immediate previous memory address. For a write function, new data will only be written into the current memory address if it is different from the data in the immediate previous memory address. Similarly, for a read function, the data will only be read out of the current memory address if it is different from the data in the immediate previous memory address. Each row in the memory may have one associated status bit outside the memory. Data may only be written to or read from the current memory address when the status bit is set. Clock gating the memory ports may reduce the overall power consumption of the memory.

A method of writing data to a memory device and reading data from the memory device includes issuing a challenge to a PUF device during a power-up process in order to derive a PUF response, error correcting the PUF response, providing delinearized addresses via a delinearization algorithm to the memory device using the error corrected PUF response, masking data, which is written to the memory device, via a masking module using the error corrected PUF response, de-masking data, which is read from the memory device, via the masking module (19) using the error corrected PUF response; and performing a check-sum verification of read data such that address delinearization and data masking are used together to obfuscate the memory content.

In one embodiment, a secure computing system comprises a key generation sub-system configured to generate cryptographic keys and corresponding key labels for distribution to computer clusters, each computer cluster including a plurality of respective endpoints, a plurality of quantum key distribution (QKD) devices connected via respective optical fiber connections, and configured to securely distribute the generated cryptographic keys among the computer clusters, and a key orchestration sub-system configured to manage caching of the cryptographic keys in advance of receiving key requests from applications running on ones of the endpoints, and provide respective ones of the cryptographic keys to the applications to enable secure communication among the applications.

A secrecy system and a decryption method of on-chip data stream of nonvolatile FPGA are provided in the present invention. The nonvolatile memory module of the system is configured to only allow the full erase operation. After the full erase operation is finished, the nonvolatile memory module gets into the initial state. Only the operation to the nonvolatile memory module under the initial state is effective, and thereby the encryption region unit is arranged in the nonvolatile memory module. Only the decryption data written into the encryption region unit under the initial state can make the nonvolatile memory module to be readable, so that the decryption of the system is finished, which greatly improves the secrecy precision.

Techniques are described for metadata processing that can be used to encode an arbitrary number of security policies for code running on a processor. Metadata may be added to every word in the system and a metadata processing unit may be used that works in parallel with data flow to enforce an arbitrary set of policies. In one aspect, the metadata may be characterized as unbounded and software programmable to be applicable to a wide range of metadata processing policies. Techniques and policies have a wide range of uses including, for example, safety, security, and synchronization. Additionally, described are aspects and techniques in connection with metadata processing in an embodiment based on the RISC-V architecture.