Various examples are directed to secure memory arrangements and methods of using the same. A gateway device of the secure computing system may receiving a first message from an external system. The first message may comprise a first message payload data and first asymmetric access data. The gateway device may determine that the first asymmetric access data matches the first message payload data based at least in part on an external system public key. The gateway device may access a first system controller symmetric key associated with a first system controller in communication with the gateway device and generate a first symmetric access data based at least in part on the first system controller symmetric key and the first message payload data. The gateway device may send the first message payload data and the first symmetric access data to the first system controller.

According to one aspect, a method adds an additional function to a computer program installed on a microcontroller, the computer program using a table configured to associate an identifier of the additional function with a pointer to a memory address. The method includes the microcontroller obtaining a compiled code of the additional function and an identifier of this additional function, the microcontroller recording the compiled code of the additional function in a section of a memory, and recording in memory a pointer in the table, the pointer being aimed at the address of the memory section in which the compiled code of the additional function is recorded, the pointer being associated in the table with the identifier of the additional function.

An integrated circuit (122) includes an on-chip boot ROM (132) holding boot code, a non-volatile security identification element (140) having non-volatile information determining a less secure type or more secure type, and a processor (130). The processor (130) is coupled to the on-chip boot ROM (132) and to the non-volatile security identification element (140) to selectively execute boot code depending on the non-volatile information of the non-volatile security identification element (140). Other technology such as processors, methods of operation, processes of manufacture, wireless communications apparatus, and wireless handsets are also disclosed.

The present disclosure includes systems and methods for securing data direct I/O (DDIO) for a secure accelerator interface, in accordance with various embodiments. Historically, DDIO has enabled performance advantages that have outweighed its security risks. DDIO circuitry may be configured to secure DDIO data by using encryption circuitry that is manufactured for use in communications with main memory along the direct memory access (DMA) path. DDIO circuitry may be configured to secure DDIO data by using DDIO encryption circuitry manufactured for use by or manufactured within the DDIO circuitry. Enabling encryption and decryption in the DDIO path by the DDIO circuitry has the potential to close a security gap in modern data central processor units (CPUs).

Systems, methods, and computer-readable media for cybersecurity are disclosed. The systems and methods may involve receiving, by an application capable of JavaScript execution, code for execution; executing, before execution of the received code, an intercepting code, wherein the intercepting code is configured to intercept at least one application programming interface (API) invocation by the received code; intercepting, by the intercepting code, an API invocation by the received code; determining that the intercepted API invocation results in a manipulation of a backing store object; and modifying an execution of the intercepted API invocation, wherein the modified execution results in at least one of: a non-predictable memory layout, a non-predictable memory behavior, or a non-predictable property of an object.

Memory regions may be protected based on occurrence of an event in a computing device. Subsystems of the computing device may store information in a memory controller identifying memory regions to be erased upon occurrence of an event, such as a system or subsystem crash. The memory controller may control erasing the memory regions in response to an indication associated with the event. A memory dump may be performed after the memory regions have been erased.

Devices and techniques for efficient host assisted logical-to-physical (L2P) mapping are described herein. For example, a command can be executed that results in a change as to which physical address of a memory device corresponds to a logical address. The change can be obfuscated as part of an obfuscated L2P map for the memory device and written to storage on the memory device. The change can then be provided a host from the storage.

A processing device is configured to process an initial set of command types. A command extension module and a digital signature are received. The digital signature is generated based on the command extension module using a private key of a key pair. The command extension module, once installed by the processing device, enables the processing device to process a new command type that is not included in the initial set of command types. The digital signature is verified using a public key of the key pair. Based on a successful verification of the digital signature, the command extension module is temporarily installed by loading the command extension module in a volatile memory device.

An apparatus comprises at least one processing device having a processor coupled to a memory. The processing device is configured to implement a first ledger node of a first cloud. The first ledger node of the first cloud is configured to communicate over one or more networks with a plurality of additional ledger nodes associated with respective additional clouds. The first ledger node is further configured to obtain a transaction associated with a valuation of a data asset. The first ledger node is further configured to broadcast the valuation transaction to the additional ledger nodes. A cryptographic block characterizing at least the valuation transaction is generated and entered into a blockchain distributed ledger collectively maintained by the first and additional ledger nodes. The first and additional ledger nodes collectively maintain the blockchain distributed ledger on a peer-to-peer basis without utilizing a centralized transaction authority.

A plurality of byte ranges forms a sample for content output from a player device, and includes at least one double-encrypted byte range. The plurality of byte ranges is stored in a secured memory, and the at least one double-encrypted byte range is partially decrypted to generate at least one decrypted singe-encrypted byte range. The plurality of byte ranges is stored in an unsecured memory using the at least one decrypted single-encrypted byte range in place of the at least one double-encrypted byte range.