A method and system for memory attack mitigation in a memory device includes receiving, at a memory controller, an allocation of a page in memory. One or more device controllers detects an aggressor-victim set within the memory. Based upon the detection, an address of the allocated page is identified for further action.

A storage system and method for secure host controller memory buffer access are provided. In one embodiment, a storage system is provided comprising a storage area configured to store a database comprising a submission queue and a completion queue dedicated for use by an authorized host, and a controller. The controller is configured to: receive a request to access the storage area; determine whether the request is from the authorized host or from an unauthorized host; in response to determining that the request is from the authorized host, grant the request; and in response to determining that the request is from an unauthorized host, deny the request. Other embodiments are provided.

Systems and methods are provided for binding one or more components to an identification component of a hardware module. Each of the serial numbers for the one or more components are included within a module-specific authentication certificate that is stored within the identification component of the hardware module. When connected to a computing platform, an authentication system of the computing platform is capable of retrieving the module-specific authentication certificate. The authentication system can compare the list of serial numbers included in the module-specific authentication certificate with one or more serial numbers read over a first interface. If the two lists of serial numbers match, the authentication system can flag the hardware module as authenticate through authentication of all components of the hardware module.

Memory regions may be protected based on occurrence of an event in a computing device. Subsystems of the computing device may store information in a memory controller identifying memory regions to be erased upon occurrence of an event, such as a system or subsystem crash. The memory controller may control erasing the memory regions in response to an indication associated with the event. A memory dump may be performed after the memory regions have been erased.

A memory system for storing data that includes providing a memory module having one or more memory devices and a voltage regulator for controlling voltage levels supplied to the one or more memory devices, wherein the voltage regulator has a first state that permits write and read operations with the one or more memory devices, and a second state where the voltage regulator prevents at least read operations with the one or more memory devices the system configured to store an encryption key in ROM on the voltage regulator; copy the encryption key value from the ROM to a voltage regulator register; set a voltage regulator encryption timer for a period of time; and transition the voltage regulator to the second state in response to the voltage regulator encryption timer expiring.

An apparatus, a method, and a computer program product are provided that provide confidential computing on virtual machines by securing input/output operations between a virtual machine and a device. The method includes receiving an input/output (I/O) transaction from an I/O device requesting data stored memory from a virtual machine. The I/O transaction includes a virtual memory address and a bus device function. The method also includes associating the I/O transaction with a key slot associated with the virtual machine and retrieving, using the key slot, an encryption key used to encrypt and decrypt the data. The method further includes retrieving the data located at a physical memory address in physical memory relating to the virtual memory address of the data being requested and decrypting, during a read operation, the data using the encryption key for I/O transmission. The method also includes transmitting the decrypted data to the I/O device.

An electronic apparatus operating with a memory includes an operating module, a management module, a database and a filtering module. When the operating module needs to use the memory for performing a task, the operating module issues a memory request. The management module determines whether the memory request is to be permitted. When the memory request is permitted, the management module generates a requested data chunk according to the memory request. The filtering module receives the requested data chunk from the management module, and determines whether to store the requested data chunk into the data base according to a predetermined filtering condition.

A block of a storage device of a plurality of storage devices is allocated for storage of data, wherein the allocation comprises identifying a nonce associated with the block of the storage device. An erase command for the block is transmitted to the storage device, the erase command comprising the nonce, wherein the storage device is to erase the block upon determining that the nonce matches a corresponding nonce stored locally at the storage device.

A system for securely computing an elliptic curve scalar multiplication in an unsecured environment, including: a secure processor including secure memory, the secure processor configured to: split a secure scalar K into m.sub.2 random values k.sub.i, where i is an integer index; randomly select m.sub.1−m.sub.2 values k.sub.i for the indices m.sub.2<i≦m.sub.1; select m.sub.1 mask values δ.sub.i; compute m.sub.1 residues c.sub.i based upon random residues a.sub.i, δ.sub.π(i).sup.−1, and k.sub.π(i), wherein π(i) is a random permutation; compute m.sub.1 elliptic curve points G.sub.i based upon random residues a.sub.i and an elliptic point to be multiplied; receive m.sub.1 elliptic curve points; and compute the elliptic curve scalar multiplication by combining a portion of the received elliptic curve points and removing the mask values δ.sub.i from the portion of the received elliptic curve points; a memory device; and a processor in communication with the memory device, the processor being configured to: receive m.sub.1 residues c.sub.i and elliptic curve points G.sub.i; compute m.sub.1 elliptic curve points P.sub.i based upon the m.sub.1 residues c.sub.i and elliptic curve points G.sub.i; send the m.sub.1 elliptic curve points P.sub.i to the secure processor.

Provided are a method and an apparatus for controlling access to memory. The method, performed by a memory device, of controlling access of a master device, includes: receiving, from the master device, an access request with respect to at least one of a plurality of banks included in the memory device; determining whether access to each of the at least one bank to which access was requested is granted; and generating validity information representing whether the access to each of the at least one bank to which access was requested is granted, and transmitting the generated the validity information to the master device.