An computer-implemented method according to examples includes receiving, by a secure interface control of a computing system, a request by a requestor to access a page in a memory of the computing system. The method further includes, responsive to determining that the requestor is a non-secure requestor and responsive to a secure-storage bit being set, prohibiting access to the page without performing an authorization check. The method further includes, responsive to determining that the requestor is a secure requestor, performing the authorization check.

At least one secure object of a security module is bound to a secure guest. A trusted component determines whether metadata of the secure guest includes a confidential binding attribute for the security module. Based on determining that the metadata includes the confidential binding attribute, the trusted component configures the security module for the secure guest in a select mode. The select mode prevents certain operations from being intercepted by a hypervisor associated with the secure guest. The trusted component intercepts a security module communication and performs a cryptographic operation on one or more secure objects of the security module communication using the confidential binding attribute to provide a cryptographic result. An outcome of the security module communication, which includes the cryptographic result, is provided to a receiver.

Techniques described herein relate to a method for managing data protection feature compatibility. The method may include identifying a host data protection feature update event associated with a host; in response to identifying the host data protection feature update event, obtaining host data protection feature information from the host; updating a host data protection feature information repository using the host data protection feature information; updating data protection feature compatibility information using the host data protection feature information and data protection manager data protection feature information; and sending data protection feature compatibility information associated with the host to the host.

A security client can efficiently authenticate an application during I/O request handling by maintaining a white list that identifies processes that have been created for authenticated applications. The security client can register to be notified when a process is being created. When such a notification is received, the security client can authenticate the application for which the process is being created and then add an entry to the white list that includes the process identifier of the process being created. Then, when the process subsequently generates I/O requests, the security client can use the white list to quickly determine that the process pertains to an authenticated application and allow the I/O requests to modify protected artifacts.

Persistent storage contains a parent table and one or more child tables, the parent table containing: a class field specifying types, and one or more filter fields. One or more processors may: receive a first request to read first information of a first type for a first entity; determine that, in a first entry of the parent table for the first entity, the first type is specified in the class field; obtain the first information from a child table associated with the first type; receive a second request to read second information of a second type for a second entity; determine that, in a second entry of the parent table for the second entity, the second type is indicated as present by a filter field that is associated with the second type; and obtain the second information from a set of additional fields in the second entry.

A computer-implemented method for the usage of a jointly utilized memory medium by a user, in particular by a computer-implemented application. The jointly utilized memory medium is divided into at least one partition, each partition being assignable a right of use, in particular a write permission and/or a read permission, a plurality of user groups being assignable to the right of use, the user being a member of a user group, a usage of the jointly utilized memory medium by the user being prevented when the user accesses a first partition of the at least one partition and the user is not a member of one of the user groups assigned to the right of use corresponding to the access.

A protected stream manager includes one or more subsystems to receive a content stream in a virtual environment, obfuscate the content stream, and prioritize use of a processor to process the content stream.

Techniques for supporting invocations of the RDTSC (Read Time-Stamp Counter) instruction, or equivalents thereof, by guest program code running within a virtual machine (VM), including guest program code running within a secure hardware enclave of the VM, are provided. In one set of embodiments, a hypervisor can activate time virtualization heuristics for the VM, where the time virtualization heuristics cause accelerated delivery of system clock timer interrupts to a guest operating system (OS) of the VM. The hypervisor can further determine a scaling factor to be applied to timestamps generated by one or more physical CPUs, where the timestamps are generated in response to invocations of a CPU instruction made by guest program code running within the VM, and where the scaling factor is based on the activated time virtualization heuristics. The hypervisor can then program the scaling factor into the one or more physical CPUs.

A method for execution by a computing device to adjust data storage efficiency of data in a storage network includes determining an estimated overwrite frequency for a data segment for storage in memory of the storage network. The method continues by determining a storage approach for the data segment based on the estimated overwrite frequency. The method continues by processing the data segment based on the storage approach to produce a processed data segment. The method continues by error encoding the processed data segment to produce a set of encoded data slices, where a decode threshold number of encoded data slices is needed to recover the processed data segment. The method continues by storing the set of encoded data slices in the memory of the storage network.

The present invention relates to the security of sensitive data executed by program files in a computing device. A first file comprising of a sequence of instructions that can be configured onto the memory and executed by a processor is stored in a storage device of the device. A suitable program comprising a sequence of instructions is configured on memory and coupled to an encrypted credential store only accessible to the program instance being executed by a processor. A encrypted data store coupled to above said program is provided on the device's storage device. The successful execution of said first file requires access to sensitive data such as but not limited to passwords, API keys or other sensitive parameters, which are provided at run-time by the program coupled to the encrypted credential store.