A method comprising: receiving a request from a second application to access information from a first application, said first and second applications installed on a user equipment, and in response to said request, determining whether said second application is operating in accordance with at least one rule.

Systems and methods are disclosed for data protection in a cluster of data processing accelerators (DPAs). The cluster of accelerators may include DPAs of a third party accelerator that may not be trusted. To ensure data protection in the cluster, a first DPA that receives a request from a second DPA to access a resource of the first DPA authenticates the second DPA. If the second DPA passes authentication, the second DPA is permitted to access non-sensitive resources of the first DPA, otherwise the second DPA is not permitted access to any resources of the first DPA and the first DPA breaks a communication link with the second DPA. Authentication is premised on a shared secret function between DPAs and a random number generated by the first DPA. The shared secret function is updateable by, e.g., a patch from a manufacturer of the DPA.

A data processing system may be configured to include a memory device, a controller configured to access the memory device when a host requests offload processing of an application, and process the application, and a sharing memory management component within the controller and configured to: set controller owning rights of access to a target region of the memory device in response to the host stores, in the target region, data used for the requested offload processing of the application; and set the controller owning rights of access or the host owning rights of access to the target region based on a processing state of the application.

An agent inserts one or more hooks into a sub-execution runtime environment that is configured to include a script and/or targeted to include the script. The agent including the one or more hooks monitors a behavior of the sub-execution runtime environment and/or the script. The agent subsequently obtains context information regarding the sub-execution runtime environment and/or the script so that it can control the runtime of at least the sub-execution runtime environment. Related systems, methods, and articles of manufacture are also disclosed.

Methods and systems for providing virtual workspaces are provided. Specifically, Application Workspace System “AWS” enables users to access remote server-based applications (e.g., thin client applications, terminal server applications, applications on hosted operating systems, etc.) using the same interface that they use to access local applications, without needing to know where the application is being accessed. The AWS automatically determines which applications the user is entitled to use, and then figures out, based upon a variety of parameters, which applications are to be made available to the user (resolved to version, particular package etc.), and whether they are to be installed locally, or accessed remotely.

Included within a shared housing are at least one user interface element; a first isolated computational entity; a second isolated computational entity; and a switching arrangement. The switching arrangement is configured to, in a first mode, connect the first isolated computational entity to the at least one user interface element; and, in a second mode, connect the second isolated computational entity to the at least one user interface element.

The disclosed computer-implemented method for running applications on a multi-tenant container platform may include (1) receiving, at a host administrator service on a container host computing device and via a host administrator service socket handle, a request for a privileged operation from an application running in a non-privileged container, (2) performing, based on a user identifier of the application, a security check of a user associated with the application, (3) comparing, when the security check results in approval, a process identifier of the requested privileged operation against a whitelist of permitted operations to determine the requested privileged operation is permissible, and (4) initiating running, when the requested privileged operation is permissible, the requested privileged operation. Various other methods, systems, and computer-readable media are also disclosed.

In some examples, an access control policy controller in a computer network may receive a request to create an access control policy that permits a role to perform one or more functions in the computer network. The access control policy controller may determine one or more operations performed on one or more objects in the computer network to perform the one or more functions based at least in part on tracking performance of the one or more functions in the computer network. The access control policy controller may create the access control policy for the role that permits the role to perform the one or more operations on the one or more objects in the computer network.

Methods, apparatus, and computer readable media are described herein for allowing a first user to interface with an automated assistant to assign tasks to additional user(s), and/or for causing notification(s) of the assigned task to be rendered to the additional user(s) via corresponding automated assistant interface(s). In various implementations, one or more criteria can be utilized in selecting a group of client device(s), linked to the additional user, via which to provide the notification(s) for the task assigned to the additional user. Also, in various implementations condition(s) for providing the notification(s) for the task can be determined, and the notification(s) provided based on determining satisfaction of the condition(s).

Embodiments of techniques and systems for increasing efficiencies in computing systems using virtual memory are described. In embodiments, instructions which are located in two memory pages in a virtual memory system, such that one of the pages does not permit execution of the instructions located therein, are identified and then executed under temporary permissions that permit execution of the identified instructions. In various embodiments, the temporary permissions may come from modified virtual memory page tables, temporary virtual memory page tables which allow for execution, and/or emulators which have root access. In embodiments, per-core virtual memory page tables may be provided to allow two cores of a computer processor to operate in accordance with different memory access permissions. In embodiments, a physical page permission table may be utilized to provide for maintenance and tracking of per-physical-page memory access permissions. Other embodiments may be described and claimed.