There is a problem that memory protection against access to a shared memory by a sub-arithmetic unit used by a program executed in a main-arithmetic unit cannot be performed in a related-art semiconductor device. According to one embodiment, a semiconductor device includes a sub-arithmetic unit configured to execute a process of a part of a program executed by a main-arithmetic unit, and a shared memory shared by the main-arithmetic unit and the sub-arithmetic unit, in which the sub-arithmetic unit includes a memory protection unit configured to permit or prohibit access to the shared memory based on an access permission range address value provided from the main-arithmetic unit, the access to the shared memory being access that arises from a process executed by the sub-arithmetic unit.

The present disclosure provides methods, apparatus, and systems for implementing and operating a memory module, for example, in a computing that includes a network interface, which may be coupled to a network to enable communication with a client device, and host processing circuitry, which may be coupled to the network interface via a system bus and programmed to perform first data processing operations based on user inputs received from the client device. The memory module may be coupled to the system bus and include memory devices and a memory controller coupled to the memory devices via an internal bus. The memory controller may include memory processing circuitry programmed to perform a second data processing operation that facilitates performance of the first data processing operations by the host processing circuitry based on context of the data block indicated by the metadata.

In a memory component having a page buffer with 2.sup.N independently accessible regions, N bits of a command/address value are decoded to access contents within a first one of the 2.sup.N page-buffer regions if a configuration value specifies a first addressing resolution and, if the configuration value specifies a second addressing resolution, a composite address that includes fewer than N bits of the command/address value together with a plurality of bits generated within the memory component to access contents within a second one of the 2.sup.N page-buffer regions.

Provided is a method for optimising memory writing in a device implementing a cryptography module and a client module calling functions implemented by the cryptography module. The device includes a random access memory including a first memory zone that is secured and dedicated to the cryptography module and a second memory zone dedicated to the client module. When the client module calls a series of functions implemented by the cryptography module including a first function and at least one second function, with each second function executed following the first function or from a further second function and providing a runtime result added to a runtime result of the preceding series function, each runtime result is added to a value contained in a buffer memory allocated in the first memory. The buffer memory value is copied to the second memory zone following the execution of the last function of the series.

A system for protecting data stored in a removable data storage device includes a personal electronic device, a removable solid state data storage device operatively coupled to the personal electronic device, and a circuit configured to protect data stored in the data storage device in response to detecting impending removal of the data storage device from the personal electronic device.

A method for restricting write access to a non-volatile memory. The method includes receiving a request to write to a protected location in the non-volatile memory and determining whether the protected location is in a write-protected state. If the protected location is not in a write-protected state, the method includes writing data indicated by the request to the protected location. If the protected location is in a write-protected state, the method includes rejecting the request. The protected location stores a validation key to validate the contents of another portion of the non-volatile memory.

Memory is partitioned and isolated in container-based memory enclaves. The container-based memory enclaves have attestable security guarantees. During provisioning of the container-based memory enclaves from a container image, a purported link in the container to a memory address of the enclave is modified to verifiably link to an actual memory address of the host, such as partitioned memory enclave. In some instances, enclave attestation reports can be validated without transmitting corresponding attestation requests to remote attestation services, based on previous attestation of one or more previous container attestation reports from a similar container and without requiring end-to-end attestation between the container and remote attestation service for each new attestation request.

A semiconductor device includes a plurality of processing units, a shared resource shared by the plurality of processing units, and a guard unit. The guard unit restricts and thereby controls access to the shared resource by a processing unit, and changes, when a processing unit has failed, control of access so that another processing unit that takes over a process of the failed processing unit is permitted to access at least a part of an access destination which the failed processing unit has been permitted to access.

An information protection method and device based on a plurality of sub-areas for an MCU chip, the MCU chip comprises an instruction bus, a data bus, a flash controller and a user area of a flash memory, the method comprises: determining a preceding sub-area when the instruction bus accesses the user area; entering corresponding preceding sub-area working state; determining the current sub-area when the instruction bus accesses the user area; when the preceding sub-area is inconsistent with the current sub-area, entering the transition state; determining whether the duration of the transition state reaches the preset waiting time; if yes, entering the corresponding current sub-area working state. The information protection method and device prevent the cooperative companies which develop the program together from stealing program from each other.

Embodiments include computing devices, systems, and methods for protecting data using virtual views of resource contents. A virtualization interface monitor may monitor a request to access a computing device resource by a first requesting entity and determine whether the first requesting entity is an owner of the computing device resource. A data protection system may provide, to the first requesting entity, an unobscured virtual view of resource contents of the computing device resource in response to determining that the first requesting entity is the owner of the computing device resource. A resource content cryptographic device may obscure a virtual view of the resource contents of the computing device resource in response to determining that the first requesting entity is a non-owner of the computing device resource. The data protection system may provide, to the first requesting entity, the obscured virtual view of resource contents of the computing device resource.