The problem to be solved is to seek an alternative to known addressing methods which provides the same or similar effects or is more secure. Solution The problem is solved by a method (40) of addressing memory in a data-processing apparatus (10) comprising, when a central processing unit (11), while performing a task (31, 32, 33, 34) of the apparatus (10), executes an instruction involving a pointer (59) into a segment (s, r, d, h, f, o, i, c) of the memory: decoding the instruction by means of an instruction decoder (12), generating a virtual address (45) within the memory by means of a safe pointer operator (41) operating on the pointer (59), augmenting the virtual address (45) by an identifier (43) of the task (31, 32, 33, 34) and an identifier (44) of the segment (s, r, d, h, f, o, i, c), said identifiers (43, 44) being hardware-controlled (42), and, based on the augmented address (45), dereferencing the pointer (59) via a memory management unit (13).

A technique is introduced for applying multi-level caching to deploy various types of physical memory to service captured memory calls from an application. The various types of physical memory can include local volatile memory (e.g., dynamic random-access memory), local persistent memory, and/or remote persistent memory. In an example embodiment, a user-space page fault notification mechanism is used to defer assignment of actual physical memory resources until a memory buffer is accessed by the application. After populating a selected physical memory in response to an initial user-space page fault notification, page access information can be monitored to determine which pages continues to be accessed and which pages are inactive to identify candidates for eviction.

A method for capturing VM resources for forensics includes receiving an indication of compromise (IoC). The indication of compromise indicates an attack is imminent against a virtual machine. The method also includes, in response to receiving the IoC and before the attack begins, snapshotting a memory state of memory used by the virtual machine and increasing a level of auditing of the virtual machine from a standard level of auditing to a heightened level of auditing. The heightened level of auditing generates data representative of all accesses to the memory used by the virtual machine. After the attack against the virtual machine has begun, the method includes maintaining the heightened level of auditing for a threshold period of time, notifying a user of the virtual machine of the indication of compromise, and storing the data in memory external to the virtual machine.

A control device includes a first controller, a second controller and a storage. The first controller performs safety control for a drive device. The second controller performs standard control for the drive device. The storage is accessible by both the first and second controllers and includes a first storage area and a second storage area. The first storage area stores data involved with the safety control, and the second storage area stores data involved with the standard control. The first controller accesses both the first storage area and the second storage area, and the second controller accesses the second storage area but is restricted from accessing the first storage area.

Disclosed embodiments relate to a security firewall having a security hierarchy including: secure master (SM); secure guest (SG); and non-secure (NS). There is one secure master and n secure guests. The firewall includes one secure region for secure master and one secure region for secure guests. The SM region only allows access from the secure master and the SG region allows accesses from any secure transaction. Finally, the non-secure region can be implemented two ways. In a first option, non-secure regions may be accessed only upon non-secure transactions. In a second option, non-secure regions may be accessed any processing core. In this second option, the access is downgraded to a non-secure access if the security identity is secure master or secure guest. If the two security levels are not needed the secure master can unlock the SM region to allow any secure guest access to the SM region.

Disclosed embodiments relate to a security firewall having a security hierarchy including: secure master (SM); secure guest (SG); and non-secure (NS). There is one secure master and n secure guests. The firewall includes one secure region for secure master and one secure region for secure guests. The SM region only allows access from the secure master and the SG region allows accesses from any secure transaction. Finally, the non-secure region can be implemented two ways. In a first option, non-secure regions may be accessed only upon non-secure transactions. In a second option, non-secure regions may be accessed any processing core. In this second option, the access is downgraded to a non-secure access if the security identity is secure master or secure guest. If the two security levels are not needed the secure master can unlock the SM region to allow any secure guest access to the SM region.

Provided is a control method of controlling locking or unlocking of storage using a blockchain. The control method includes: determining, when first request information indicating a lock/unlock request, that is a lock request or an unlock request, is received from a terminal, whether a keyholder identified by reading keyholder information stored in the blockchain matches an owner of the terminal that has transmitted the first request information, the keyholder information indicating a person having the authority to lock or unlock the storage; performing lock/unlock processing when the keyholder is determined to match the owner, the lock/unlock processing being processing for causing the storage to lock or unlock in accordance with the first request information; and performing first storage processing after the lock/unlock processing is performed, the first storage processing being processing of storing, in the blockchain, transaction data indicating that the lock/unlock processing has been performed.

Disclosed are devices, systems, apparatus, circuits, methods, products, and other implementations, including a method that includes obtaining, during execution of a process associated with a particular privilege level, data content from a memory location, and determining by a hardware-based detection circuit whether the data content matches at least one of one or more token values, with the one or more token values stored in one or more pre-determined memory locations, and with access of any of the pre-determined one or more memory locations indicating a potential anomalous condition. The method further includes triggering, in response to a determination that the data content matches the at least one of the one or more token values, another process with a higher or same privilege level as the particular privilege level associated with the process, to handle occurrence of a potential system violation condition.

One or more kernel-modifying procedures are stored in a trusted computing base (TCB) when bringing up a guest operating system (OS) on a virtual machine (VM) on a virtualization platform. When the guest OS invokes an OS-level kernel-modifying procedure, a call is made to the hypervisor. If the hypervisor determines the TCB to be valid, the kernel-modifying procedure in the TCB that corresponds to the OS-level kernel-modifying procedure is invoked so that the kernel code can be modified.

A method for capturing VM resources for forensics includes receiving an indication of compromise (IoC). The indication of compromise indicates an attack is imminent against a virtual machine. The method also includes, in response to receiving the IoC and before the attack begins, snapshotting a memory state of memory used by the virtual machine and increasing a level of auditing of the virtual machine from a standard level of auditing to a heightened level of auditing. The heightened level of auditing generates data representative of all accesses to the memory used by the virtual machine. After the attack against the virtual machine has begun, the method includes maintaining the heightened level of auditing for a threshold period of time, notifying a user of the virtual machine of the indication of compromise, and storing the data in memory external to the virtual machine.