In some examples of a virtual computing environment, multiple virtual machines may execute on a physical computing device while sharing the hardware components corresponding to the physical computing device. A hypervisor corresponding to the physical computing device may be configured to designate a portion of a cache to one of the virtual machines for storing data. The hypervisor may be further configured to identify hostile activities executed in the designated portion of cache and, further still, to implement security measures on those virtual machines on which the identified hostile activities are executed.

A dual-system-based data storage method, comprising the steps of (S301) judging whether the data is important data when storing data in a first system; and (S302) storing the data into a second system if it is judged that the data is important data. Thus, in a dual-system environment, the important data handled by a user in a first system can be quickly and conveniently stored into a second system, thereby sufficiently protecting information security for the user.

In one embodiment, a storage unit stores a table tree and verifier tree. The table tree includes parent and child tables. The verifier tree includes parent and child verifiers associated with the parent and child tables, respectively. The parent verifier is used for verifying the child table and child verifier. A device stores a secure table tree corresponded to the table tree and used for address translation and a secure verifier tree corresponded to the verifier tree, to a secure storage unit. The device executes verification, based on verification information calculated based on a first child table and first child verifier in the storage unit and a first parent verifier in the secure verifier tree. The device sets the second address of the secure table tree such that the second address designates data in the first storage unit.

An integrated circuit includes a processing circuit, a first memory, and a writing unit. The processing circuit includes a memory space and stores data in the memory space and performs processing. The first memory stores permission information indicating a range permitted to be used in the memory space. The writing unit writes, in response to a request to write data to a specified address in the memory space, the data to the specified address in a case where the permission information indicating a range including the specified address is stored.

In an embodiment, a data processing method comprises: in a computer executing a supervisor program, the supervisor program establishing different memory access permissions comprising any combination of read, write, and execute permissions for one or more different regions of memory of a first domain, receiving a request from a process to execute a particular memory page of the regions of memory, the particular memory page comprising a memory access permission set to read-writeable or read-only, throwing an execute fault for the particular memory page, performing one or more responsive actions to restore execution access or content of the particular memory page, and after performing the one or more responsive actions, setting the memory access permission to execute only.

Embodiments are directed to providing a secure address translation service. An embodiment of a system includes memory for storage of data, an IOMMU coupled to the memory, and a host-to-device link to couple the IOMMU with one or more devices and to operate as a translation agent on behalf of one or more devices in connection with memory operations relating to the memory, including receiving a translated request from a discrete device via the host-to-device link specifying a memory operation and a physical address within the memory pertaining to the memory operation, determining page access permissions assigned to a context of the discrete device for a physical page of the memory within which the physical address resides, allowing the memory operation to proceed when the page access permissions permit the memory operation, and blocking the memory operation when the page access permissions do not permit the memory operation.

A storage device and method for enabling hidden functionality are provided. In one embodiment, a storage device is provided comprising an interface a memory, and a controller. The controller is configured to receive a series of read and/or write commands to the memory from the host device. If the series of read and/or write commands received from the host device matches an expected pattern of read and/or write commands, irrespective what data is being read or written by those commands, the controller enables a special functionality mode of the storage device. Other embodiments are possible, and each of the embodiments can be used alone or together in combination.

Systems and methods presented herein provide for region lock management in an expander. In one embodiment, an expander, being operable to link a plurality of initiators to a plurality of Redundant Array of Independent Disks logical volumes, includes a plurality of physical transceivers, each being operable to link the logical volumes to the initiators, and a region lock manager operable to receive a request from a first of the initiators to lock a region of the logical volumes for an input/output operation by the first initiator. The region lock manager is also operable to determine if the requested region is unlocked, to lock the requested region from the remaining initiators to allow the input/output operation of the first initiator after determining the requested region is unlocked, and to unlock the requested region after the input/output operation of the first initiator is complete.

A method, system, and computer program product are provided for prioritizing transactions. A processor in a computing environment initiates the execution of a transaction. The processor includes a transactional core, and the execution of the transaction is performed by the transactional core. The processor obtains concurrent with the execution of the transaction by the transactional core, an indication of a conflict between the transaction and at least one other transaction being executed by an additional core in the computing environment. The processor determines if the transactional core includes an indicator and based on determining that the transactional core includes an indicator, the processor ignores the conflict and utilizing the transactional core to complete executing the transaction.

An apparatus and method for protecting kernel data integrity in an electronic device are provided. The method includes mapping a specified type of data to a read-only memory area, detecting a write attempt to the specified type of data, determining whether a process attempting to write to the specified type of data is permitted according to a specified condition, and allowing the write attempt if the process attempting to write to the specified type of data satisfies the specified condition.