The instruction code including an instruction code stored in the area where the encrypted instruction code is stored in a non-rewritable format is authenticated using a specific key which is specific to the core where the instruction code is executed or an authenticated key by a specific key to perform an encryption processing for the input and output data between the core and the outside.

The application discloses an electronic operating device (100) arranged to protect communication between a consumer application (125) and a network-connected consumer device (300). The operating device protects a command message by signing the command message with a private key obtained from a key storage of the operating device (optionally also encrypting the command message with an encryption key), and sends the protected command message to the network controller (200). The network controller performs the verification of the signature of the command message such that legacy consumer devices without cryptographic capability can be used. The signature ensures that only authorised devices (100) can send commands to the consumer device (300).

Protection of a kernel from a sniff and code reuse attack. A kernel mode page table in initialized in a kernel. The kernel page entries in the kernel mode page table are set from s-pages to u-pages. Supervisor mode access prevention is enabled in the u-pages. Code contained in the kernel page entries in the u-pages is executed, the kernel page entries in the u-pages are capable of execution but are not capable of being accessed and read directly.

Protection of a kernel from a sniff and code reuse attack. A kernel mode page table in initialized in a kernel. The kernel page entries in the kernel mode page table are set from s-pages to u-pages. Supervisor mode access prevention is enabled in the u-pages. Code contained in the kernel page entries in the u-pages is executed, the kernel page entries in the u-pages are capable of execution but are not capable of being accessed and read directly.

A method includes programming first and second values and a first compare enable command into respective first operand, second operand, and first compare enable command registers in a hardware comparator circuit. The method includes determining that a first match exists corresponding to the first and second values, programming a third value into the first operand register and a fourth value into the second operand register, and programming a second compare enable command into a second compare enable command register in the hardware comparator circuit. In response to a determination that a second match exists corresponding to the third and fourth values, the method includes asserting a success interrupt signal, programming a fifth value into the first operand register and a sixth value into the second operand register and programming a second compare enable command into a second compare enable command register in the hardware comparator circuit.

A method includes programming first and second values and a first compare enable command into respective first operand, second operand, and first compare enable command registers in a hardware comparator circuit. The method includes determining that a first match exists corresponding to the first and second values, programming a third value into the first operand register and a fourth value into the second operand register, and programming a second compare enable command into a second compare enable command register in the hardware comparator circuit. In response to a determination that a second match exists corresponding to the third and fourth values, the method includes asserting a success interrupt signal, programming a fifth value into the first operand register and a sixth value into the second operand register and programming a second compare enable command into a second compare enable command register in the hardware comparator circuit.

Disclosed embodiments relate implementing a runtime-based permissions management layer for application programming interface (API) calls. Techniques include identifying an application having a plurality of application programming interface (API) calls associated with the application; identifying, based on the application, a reference sequencing profile associated with the plurality of API calls; allowing at least one API call of a first group of API calls to be performed based on the reference sequencing profile; allowing at least one API call of a second group of API calls to be performed based on the reference sequencing profile; and denying the at least one API call of the first group of API calls.

An example method of sharing a resource between software containers includes detecting a request from a first software container to access a resource of a different, second software container, an operational state of the second software container being controlled by a container engine running on the host computing device. The method also includes accepting or rejecting the request based on whether the first and second software containers, which each contain a respective software application, are part of a same logical software application. An example host computing device configured to share resources between software containers is also disclosed.

An example method of sharing a resource between software containers includes detecting a request from a first software container to access a resource of a different, second software container, an operational state of the second software container being controlled by a container engine running on the host computing device. The method also includes accepting or rejecting the request based on whether the first and second software containers, which each contain a respective software application, are part of a same logical software application. An example host computing device configured to share resources between software containers is also disclosed.

Disclosed herein are techniques for visualizing and configuring controller function sequences. Techniques include identifying at least one executable code segment associated with a controller; analyzing the at least one executable code segment to determine at least one function and at least one functional relationship associated with the at least one code segment; constructing, a software functionality line-of-code behavior and relation model visually depicting the determined at least one function and at least one functional relationship; displaying the software functionality line-of-code behavior and relation model at a user interface; receiving a first input at the interface; in response to the received first input, animating the line-of-code behavior and relation model to visually depict execution of the at least one executable code segment on the controller; receiving a second input at the interface; and in response to the received second input, animating an update to the line-of-code behavior and relation model.