A security verification system performs security verification of a circuit design. The security verification system simplifies formal security verification of the circuit design by replacing circuit blocks of the circuit with black box circuit blocks. The security verification system instruments the circuit design so that black-boxing can be performed for security verification without changing the security decision over the data paths. The security verification system uses dependence information of the inputs and outputs of the black box to connect inputs of the circuit block with outputs of the circuit block. The black-box circuit block keeps the logic inside the cone of influence of clocks and resets. The system performs security verification of the circuit design by proving a non-interference property of the instrumented circuit design.

Methods and systems for allowing software components that operate at a specific exception level (e.g., EL-3 to EL-1, etc.) to repeatedly or continuously observe or evaluate the integrity of software components operating at a lower exception level (e.g., EL-2 to EL-0) to ensure that the software components have not been corrupted or compromised (e.g., subjected to malware, cyberattacks, etc.) include a computing device that identifies, by a component operating at a higher exception level (“HEL component”), at least one of a current vector base address (VBA), an exception raising instruction (ERI) address, or a control and system register value associated with a component operating at a lower exception level (“LEL component”). The computing device may perform a responsive action in response to determining that the current VBA, the ERT address, or control and system register value do not match the corresponding reference data.

Methods and systems for allowing software components that operate at a specific exception level (e.g., EL-3 to EL-1, etc.) to repeatedly or continuously observe or evaluate the integrity of software components operating at a lower exception level (e.g., EL-2 to EL-0) to ensure that the software components have not been corrupted or compromised (e.g., subjected to malware, cyberattacks, etc.) include a computing device that identifies, by a component operating at a higher exception level (“HEL component”), at least one of a current vector base address (VBA), an exception raising instruction (ERI) address, or a control and system register value associated with a component operating at a lower exception level (“LEL component”). The computing device may perform a responsive action in response to determining that the current VBA, the ERT address, or control and system register value do not match the corresponding reference data.

A method of operating a storage means, wherein for writing and storing a storage item to the storage means the storage item to be written and stored—in particular by using the concept and theory of identification—is provided, a encoding process by means of randomization is applied to the storage item to generate and to provide a randomized encoded storage item, and the randomized encoded storage item is written and stored to the storage means. At least a first randomization process is underlying the encoding process and is a randomization process dedicated and assigned to the underlying storage means. The present disclosure further refers to a unit for operating a storage means, to a storage means and to a system for processing data. By having two randomization processes underlying the encoding process, a distinction can be made between a secrecy insuring and secrecy non-ensuring randomization processes.

A method for managing memory within a computing system. The method includes one or more computer processors identifying a range of physical memory addresses that store a first data. The method further includes determining whether a second data is stored within the range of physical memory addresses that stores the first data. The method further includes responding to determining that the second data is stored within the range of physical memory addresses that store the first data, by determining whether a process accessing the second data is identified as associated with a side-channel attack. The method further includes responding to determining that the process accessing the second data is associated with the side-channel attack, by initiating a response associated with the process accessing the second data.

Systems, apparatuses and methods may provide for technology that assumes, by a root of trust located in a trusted region of a system on chip (SOC), control over a reset of the SOC and conducting, by the root of trust, an authentication of an update package in response to an update condition. The root of trust technology may also apply the update package to firmware located in non-volatile memory (NVM) associated with a microcontroller of the SOC if the authentication is successful.

Examples described herein relate to a method and a system, for example, a restore management system for providing secure restore of computing system. In some examples, the restore management system may determine that the computing system is restored. Further, the restore management system may isolate the computing system by restricting access to the computing system for any data traffic other than data traffic associated with a security fix to be applied to the computing system. Furthermore, the restore management system may determine that the security fix has been successfully applied to the computing system and, in response to determining that the security fix has been successfully applied, the restore management system may remove the computing system from isolation.

Examples described herein relate to a method and a system, for example, a restore management system for providing secure restore of computing system. In some examples, the restore management system may determine that the computing system is restored. Further, the restore management system may isolate the computing system by restricting access to the computing system for any data traffic other than data traffic associated with a security fix to be applied to the computing system. Furthermore, the restore management system may determine that the security fix has been successfully applied to the computing system and, in response to determining that the security fix has been successfully applied, the restore management system may remove the computing system from isolation.

A secure programming system and method for provisioning and programming a target payload into a programmable device mounted in a programmer. The programmable devices are provisioned with a job package created by a user on a host system and deployed on a device programmer. The secure programming system supports a hardware security module on the host system that can be accessed remotely from the device programmer using coordinated sets of template and mechanism dictionaries linked to a security API coupled to the hardware security module.

A secure programming system and method for provisioning and programming a target payload into a programmable device mounted in a programmer. The programmable devices are provisioned with a job package created by a user on a host system and deployed on a device programmer. The secure programming system supports a hardware security module on the host system that can be accessed remotely from the device programmer using coordinated sets of template and mechanism dictionaries linked to a security API coupled to the hardware security module.