Methods, systems, and devices for access control configurations for inter-processor communications are described to support reconfiguration of a dynamic access control configuration at a device. For example, additional configuration fields may be added to existing access control rules of the device, where these additional fields may be configured by a processor sending information to a receiving processor, via a shared memory resource or region of the device. The additional fields may include a read-only value which may specify a processor which has exclusive write permission for a memory region of the share memory. This value may indicate the sending processor of the memory region, and the value may be set by access control hardware when the additional field is changed. Other processors of the device may be prevented from writing to the memory region.

A technique includes, in response to a cache miss occurring with a given processing node of a plurality of processing nodes, using a directory-based coherence system for the plurality of processing nodes to regulate snooping of an address that is associated with the cache miss. Using the directory-based coherence system to regulate whether the address is included in a snooping domain is based at least in part on a number of cache misses associated with the address.

An apparatus is provided comprising storage elements to store data blocks, where each data block has capability metadata associated therewith identifying whether the data block specifies a capability, at least one capability type being a bounded pointer. Processing circuitry is then arranged to be responsive to a bulk capability metadata operation identifying a plurality of the storage elements, to perform an operation on the capability metadata associated with each data block stored in the plurality of storage elements. Via a single specified operation, this hence enables query and/or modification operations to be performed on multiple items of capability metadata, hence providing more efficient access to such capability metadata.

Memory access circuitry controls access to memory based on ownership information defining, for a given memory region, an owner realm specified from among two or more realms, each realm corresponding to at least a portion of a software processes running on processing circuitry. The owner realm has a right to exclude other realms from accessing data stored within the given memory region. When security configuration parameters for a given realm specify that the given realm is associated with a trusted intermediary realm identified by the security configuration parameters, the trusted intermediary realm may be allowed to perform at least one realm management function for the given realm, e.g. provision of secret keys and/or saving/restoring of security configuration parameters. This can enable use cases where multiple instances of the same realm with common parameters need to be established on the same system at different times or on different systems.

There is a possibility that unauthorized writing of adjustment information occurs in a sensor device in which the adjustment information of the sensor device can be written from outside. A sensor device 1 of the present embodiment includes a detection unit 2 configured to detect a physical quantity, a nonvolatile memory 5 configured to store adjustment information 6 and protection information 7, an adjustment unit 3 configured to adjust an output signal of the detection unit 2 based on contents of the adjustment information 6, an output unit 4 configured to output an output of the adjustment unit 3 to an outside via an external terminal 12, a communication unit 11 configured to communicate with the outside of the sensor device 1 via an external terminal 13, a writing unit 8 configured to perform writing process to the nonvolatile memory 6 based on information from the communication unit 11, an erasing unit 9 configured to perform erasing process of the nonvolatile memory 5 based on information from the communication unit 11, and a reading unit 10 configured to perform reading process from the nonvolatile memory 5 based on information from the communication unit 11.

Systems, methods, and computer-readable media for cybersecurity are disclosed. The systems and methods may involve receiving, by an application capable of JavaScript execution, code for execution; executing, before execution of the received code, an intercepting code, wherein the intercepting code is configured to intercept at least one application programming interface (API) invocation by the received code; intercepting, by the intercepting code, an API invocation by the received code; determining that the intercepted API invocation results in a manipulation of a backing store object; and modifying an execution of the intercepted API invocation, wherein the modified execution results in at least one of: a non-predictable memory layout, a non-predictable memory behavior, or a non-predictable property of an object.

Memory regions may be protected based on occurrence of an event in a computing device. Subsystems of the computing device may store information in a memory controller identifying memory regions to be erased upon occurrence of an event, such as a system or subsystem crash. The memory controller may control erasing the memory regions in response to an indication associated with the event. A memory dump may be performed after the memory regions have been erased.

In one embodiment, one or more control units may store a position tracker associated with a first window of memory blocks and allow a first processing unit to write data within the first window. The control units may receive, from a second processing unit, a request for reading data with a memory-reading address, compare the memory-reading address to a first starting address of the first window, and prevent the second processing unit from reading the data when the memory-reading address is greater than or equal to the first starting address of the first window. The control units may store, when the data writing process is complete, an updated position tracker of a second window of memory blocks and allow the second processing unit to read the data based on a determination that the memory-reading address is less than a second starting address of the second window.

A plurality of byte ranges forms a sample for content output from a player device, and includes at least one double-encrypted byte range. The plurality of byte ranges is stored in a secured memory, and the at least one double-encrypted byte range is partially decrypted to generate at least one decrypted singe-encrypted byte range. The plurality of byte ranges is stored in an unsecured memory using the at least one decrypted single-encrypted byte range in place of the at least one double-encrypted byte range.

Some aspects of this disclosure relate to implementing a thread device that can associate with a thread network. The thread device includes a network processor, a first memory, and a host processor communicatively coupled to the network processor and the first memory. The first memory can be a nonvolatile memory with a first level security protection, and configured to store a first dataset including thread network parameters for the network processor to manage network functions for the thread device associated with the thread network. The host processor is configured to perform various operations associated with the first dataset stored in the first memory. The network processor can be communicatively coupled to a second memory to store a second dataset, where the second dataset has a same content as the first dataset. The network processor is configured to manage the network functions based on the second dataset. The second memory can be a volatile memory with a second level security protection that is less than the first level security protection.