In one embodiment, the method includes receiving, at a storage device, a request. The request includes a request message authentication code and write protect information. The write protect information includes at least one of start address information and length information. The start address information indicates a logical block address at which a memory area in a non-volatile memory of the storage device starts, and the length information indicates a length of the memory area. The method also includes generating, at the storage device, a message authentication code based on (1) at least one of the start address information and the length information, and (2) a key stored at the storage device; authenticating, at the storage device, the request based on the generated message authentication code and the request message authentication code; and processing, at the storage device, the request based on a result of the authenticating.

Data units are stored in private caches in nodes of a multiprocessor system, each node containing at least one processor (CPU), at least one cache private to the node and at least one cache location buffer (CLB) private to the node. In each CLB location information values are stored, each location information value indicating a location associated with a respective data unit, wherein each location information value stored in a given CLB indicates the location to be either a location within the private cache disposed in the same node as the given CLB, to be a location in one of the other nodes, or to be a location in a main memory. Coherence of values of the data units is maintained using a cache coherence protocol. The location information values stored in the CLBs are updated by the cache coherence protocol in accordance with movements of their respective data units.

Methods and apparatus relating to scalable access control checking for cross-address-space data movement are described. In an embodiment, a memory stores an InterDomain Permissions Table (IDPT) having a plurality of entries. At least one entry of the IDPT provides a relationship between a target address space identifier and a plurality of requester address space identifiers. A hardware accelerator device allows access to a target address space, corresponding to the target address space identifier, by one or more of requesters, corresponding to the plurality of requester address space identifiers, respectively, based at least in part on the relationship provided by the at least one entry of the IDPT. Other embodiments are also disclosed and claimed.

An apparatus includes a processor, configured to designate a memory region in a memory, and to issue (i) memory-access commands for accessing the memory and (ii) a conditional-fence command associated with the designated memory region. Memory-Access Control Circuitry (MACC) is configured, in response to identifying the conditional-fence command, to allow execution of the memory-access commands that access addresses within the designated memory region, and to defer the execution of the memory-access commands that access addresses outside the designated memory region, until completion of all the memory-access commands that were issued before the conditional-fence command.

In a controller that operates a control program which executes sequence control or the like together with a data processing program which executes a complex arithmetic operation or the like, I/O resource information is shared with a shared memory, and an access right to the I/O resource information by the data processing program is controlled using read-in prohibited information and write-in permitted information.

Various embodiments relate to a memory controller, including: a memory interface connected to a memory; an address and control logic connected to the memory interface and a command interface, wherein the address and control logic is configured to receive a memory read request; a read inline encryption engine (IEE) connected to the memory interface, wherein the read IEE is configured to decrypt encrypted data read from the memory; a key selector configured to determine a read memory region associated with the memory read request based upon a read address where the data to be read is stored, wherein the read address is received from the address and control logic; and a key logic configured to select a first key associated with the determined read memory region and provide the selected key to the read IEE.

An embodiment of an integrated circuit may comprise a management controller and circuitry communicatively coupled to the management controller, the circuitry to apply two or more respective controls to statistical data from two or more respective data sources in accordance with respective configuration information for each data source, and store the statistical data in a memory in accordance with the applied two or more controls. Other embodiments are disclosed and claimed.

A data storage device includes a nonvolatile memory device, a volatile memory device, a data encryption circuit configured to encrypt data outputted from the nonvolatile memory device, a data decryption circuit configured to decrypt encrypted data output from the data encryption circuit and configured to provide the decrypted data to the volatile memory device, and a processor configured to perform a first process that controls installation of a first in-storage program in the data storage device, a second process configured to manage a mapping table storing a relation between a logical address and a physical address of the nonvolatile memory device, and a third process configured to execute the first in-storage program.

An apparatus comprises capability checking circuitry 86 to perform a capability validity checking operation to determine whether use of a capability satisfies one or more use-limiting conditions. The capability comprises a pointer and pointer-use-limiting information specifying the one or more use-limiting conditions. The one or more use-limiting conditions comprise at least an allowable range of addresses for the pointer. In response to a capability write request requesting that a capability is written to a memory location associated with a capability write target address, when capability write address tracking is enabled, capability write address tracking circuitry 200 updates a capability write address tracking structure 100 based on the capability write target address.

A method, system and apparatus for protecting a program from making out of bounds memory references, including determining whether an instruction makes out of bound references where the instruction that loads data from or stores data to a buffer refers to addresses that are outside the bounds of the buffer, and responsive to the determining that the instruction refers to addresses that are partially out of bounds, changing an execution of the load or the store including modifying the starting address specified in the instruction, a length of data specified in the instruction, or a value for an out of bounds reference to load or store data that is within the bounds of the buffer.