A command to perform a data operation at a memory device is received. The command includes an encryption key tag. A first key table is accessed from local memory. The first key table includes a first set of key entries corresponding to a first set of encryption keys. The first key table is searched to determine whether it includes an entry corresponding to the encryption key tag. Based on determining the first key table does not include an entry corresponding to the tag, a second key table is accessed from RAM. The second key table includes a second set of key entries corresponding to a second set of encryption keys. A key entry corresponding to the encryption key tag is identified from the second key table. The key entry includes an encryption key corresponding to the encryption key tag. The command is processed using the encryption key.

A method includes writing sets of encoded data slices to storage units of a storage network in accordance with error encoding parameters, where for a set of encoded data slices, the error encoding parameters include an error coding number and a decode threshold number, the error coding number indicates a number of encoded data slices that results when a data segment is encoded using an error encoding function and the decode threshold number indicates a minimum number needed to recover the data segment. The method further includes monitoring processing of the writing the sets of encoded data slices to produce write processing performance information. When the write processing performance information compares unfavorably to a desired write performance range, the method further includes adjusting at least one of the error coding number and the decode threshold number to produce adjusted error encoding parameters for writing subsequent encoded data slices.

A peripheral device package for use in a host computing device has a plurality of compute elements and a plurality of resources shared by the plurality of compute elements. A datastructure is stored in a hidden memory of the peripheral device package. The data structure holds metadata about ownership of resources of the peripheral device package by a plurality of user runtime processes of the host computing device which use the compute elements. At least one of the user runtime processes is a secure user runtime process. The peripheral device package has a command processor configured to use the datastructure to enforce isolation of the resources used by the secure user runtime process.

Various embodiments are generally directed to an apparatus, method and other techniques to determine whether a target address of a register for an execution instruction is valid or invalid based on a comparison between the target address and one or more valid target addresses stored in a storage, increase a number of invalid target addresses if the target address is invalid, and determine whether the number of invalid target addresses is greater than an invalid target address threshold. Various embodiments may also include initiating a security measure to prevent a security breach if the number of invalid target addresses is greater than the invalid target address threshold or executing the execution instruction if the number of invalid target addresses is less than or equal to the invalid target address threshold.

A storage system management application contains control logic configured to enable the storage system management application to fully orchestrate setup of a containerized cloud communication system within embedded operating system, with minimal interaction from an end user. Upon receipt of an instruction to initiate cloud access, the storage system management application enrolls a cloud tethering subsystem and establishes a secure communication channel to the cloud tethering subsystem. The storage system management application also creates a cloud protection environment within the operating system for use by the cloud tethering subsystem, and registers the storage system to the cloud tethering subsystem. The storage system management application also creates external network interfaces on the cloud tethering subsystem and configures one or more private cloud provider endpoints on the cloud tethering subsystem.

A command to perform a data operation at a memory device is received. The command includes an encryption key tag. A first key table is accessed from local memory. The first key table includes a first set of key entries corresponding to a first set of encryption keys. The first key table is searched to determine whether it includes an entry corresponding to the encryption key tag. Based on determining the first key table does not include an entry corresponding to the tag, a second key table is accessed from RAM. The second key table includes a second set of key entries corresponding to a second set of encryption keys. A key entry corresponding to the encryption key tag is identified from the second key table. The key entry includes an encryption key corresponding to the encryption key tag. The command is processed using the encryption key.

A data processing system for processing data using a memory having a plurality of memory regions, a given memory region within said plurality of memory regions having an associated owning process having exclusive rights to control access to said given memory region, said system comprising: a security controller to: receive a request to initialise a guest execution environment; claim one or more regions of memory to be owned by said security controller; store executable program code of said guest execution environment within said one or more regions of memory; and transfer ownership of said one or more regions to said guest execution environment.

A GUID partition table (GPT) based Hidden Data Store (HDS) system includes first computing systems that include networked storage devices and that are coupled to a second computing system through a network. The second computing system include local storage devices that provide a GPT having a GPT entry that identifies local HDS elements that provides an HDS and that are included on the local storage devices, and networked HDS elements that provide the HDS and that are included on the networked storage devices. The second computing system also includes an HDS engine that receives the GPT entry and authorization credentials, determines that the authorization credentials allow access to the HDS and, in response, provides access to the local HDS elements that are included on the local storage devices, and provide access to the networked HDS elements that are included on the networked storage devices.

A command executing method for a memory storage apparatus is provided. The method includes grouping logical addresses into logical address groups and assigning a key for each of the logical address groups independently. The method also includes receiving a write command and write data corresponding to the write command and temporarily storing the write data into a buffer memory. The method further includes executing the write command, enabling a direct memory access once to transfer the write data from the buffer memory to a writable non-volatile memory module of the memory apparatus and encrypting each sector data of the write data with keys corresponding to the logical address groups that the logical address storing the sector data belong to.

Various embodiments are generally directed to an apparatus, method and other techniques to determine whether a target address of a register for an execution instruction is valid or invalid based on a comparison between the target address and one or more valid target addresses stored in a storage, increase a number of invalid target addresses if the target address is invalid, and determine whether the number of invalid target addresses is greater than an invalid target address threshold. Various embodiments may also include initiating a security measure to prevent a security breach if the number of invalid target addresses is greater than the invalid target address threshold or executing the execution instruction if the number of invalid target addresses is less than or equal to the invalid target address threshold.