A method for operating an electronic control unit (ECU) includes a normal mode and a protected mode. In the protected mode a new security artifact is stored in a microcontroller. The security artifact is transferred from the microcontroller to a microprocessor, and, after having received the security artifact, the microprocessor uses the security artifact for authenticating a program.

This disclosure describes system on a chip (SOC) communications that prevent direct memory access (DMA) attacks. An example SoC includes an encryption engine and a security processor. The encryption engine is configured to encrypt raw input data using a cipher key to form an encrypted payload. The security processor is configured to select the cipher key from a key store holding a plurality of cipher keys based on a channel ID describing a {source subsystem, destination subsystem} tuple for the encrypted payload, to form an encryption header that includes the channel ID, to encapsulate the encrypted payload with the encryption header that includes the channel ID to form a crypto packet, and to transmit the crypto packet to a destination SoC that is external to the SoC.

Systems and methods for preventing kernel stalling attacks. An example method may comprise receiving, by a kernel, an address range associated with a data store of an application program; mapping, by the kernel, a portion of random access memory (RAM) to the address range; disabling page fault handling with respect to addresses falling within the address range; and responsive to receiving, from the application program, a memory access request specifying an address outside of the address range, returning a memory access error to the application program.

Provided is a control method of controlling locking or unlocking of storage using a blockchain. The control method includes: determining, when first request information indicating a lock/unlock request, that is a lock request or an unlock request, is received from a terminal, whether a keyholder identified by reading keyholder information stored in the blockchain matches an owner of the terminal that has transmitted the first request information, the keyholder information indicating a person having the authority to lock or unlock the storage; performing lock/unlock processing when the keyholder is determined to match the owner, the lock/unlock processing being processing for causing the storage to lock or unlock in accordance with the first request information; and performing first storage processing after the lock/unlock processing is performed, the first storage processing being processing of storing, in the blockchain, transaction data indicating that the lock/unlock processing has been performed.

Provided herein may be a storage device and a method of operating the same. The method of operating a storage device including a replay protected memory block (RPMB) may include receiving a write request for the RPMB from an external host, selectively storing data in the RPMB based on an authentication operation, receiving a read request from the external host, and providing result data to the external host in response to the read request, wherein the read request includes a message indicating that a read command to be subsequently received from the external host is a command related to the result data.

Methods, systems and devices for configuring access to a memory device are disclosed. The configuration of the memory device may be carried out by creating a plurality of access profiles that are adapted to optimize access to the memory device in accordance with a type of access. For example, when an application with specific memory access needs is initiated, the memory access profile that is designed for that particular access need may be utilized to configure access to the memory device. The configuration may apply to a portion of the memory device, a partition of the memory device, a single access location on the memory device, or any combination thereof.

In one embodiment, one or more control units may store a position tracker associated with a first window of memory blocks and allow a first processing unit to write data within the first window. The control units may receive, from a second processing unit, a request for reading data with a memory-reading address, compare the memory-reading address to a first starting address of the first window, and prevent the second processing unit from reading the data when the memory-reading address is greater than or equal to the first starting address of the first window. The control units may store, when the data writing process is complete, an updated position tracker of a second window of memory blocks and allow the second processing unit to read the data based on a determination that the memory-reading address is less than a second starting address of the second window.

Memory regions may be protected based on occurrence of an event in a computing device. Subsystems of the computing device may store information in a memory controller identifying memory regions to be erased upon occurrence of an event, such as a system or subsystem crash. The memory controller may control erasing the memory regions in response to an indication associated with the event. A memory dump may be performed after the memory regions have been erased.

In one embodiment, one or more control units may store a position tracker associated with a first window of memory blocks and allow a first processing unit to write data within the first window. The control units may receive, from a second processing unit, a request for reading data with a memory-reading address, compare the memory-reading address to a first starting address of the first window, and prevent the second processing unit from reading the data when the memory-reading address is greater than or equal to the first starting address of the first window. The control units may store, when the data writing process is complete, an updated position tracker of a second window of memory blocks and allow the second processing unit to read the data based on a determination that the memory-reading address is less than a second starting address of the second window.

Some aspects of this disclosure relate to implementing a thread device that can associate with a thread network. The thread device includes a network processor, a first memory, and a host processor communicatively coupled to the network processor and the first memory. The first memory can be a nonvolatile memory with a first level security protection, and configured to store a first dataset including thread network parameters for the network processor to manage network functions for the thread device associated with the thread network. The host processor is configured to perform various operations associated with the first dataset stored in the first memory. The network processor can be communicatively coupled to a second memory to store a second dataset, where the second dataset has a same content as the first dataset. The network processor is configured to manage the network functions based on the second dataset. The second memory can be a volatile memory with a second level security protection that is less than the first level security protection.