A processor is to execute a first instruction to perform a simulated return in a program from a callee function to a caller function based on a first input stack pointer encoded with a first security context of a first callee stack frame. To perform the simulated return is to include generating a first simulated stack pointer to the caller stack frame. The processor is further to, in response to identifying an exception handler in the first caller function, execute a second instruction to perform a simulated call based on a second input stack pointer encoded with a second security context of the caller stack frame. To perform the simulated call is to include generating a second simulated stack pointer to a new stack frame containing an encrypted instruction pointer associated with the exception handler. The second simulated stack pointer is to be encoded with a new security context.

A method may select a surviving storage node based on environmental conditions. A request for exclusive access to a volume is received. A score based on data associated with an environment of the node is determined for each node in a cluster. Based on the scores, a node to grant exclusive access to the volume is identified, and such exclusive access is granted to the identified node.

The present disclosure describes a method to manage an enterprise data storage system, the method including: dividing storage disks of the enterprise data storage system into multiple virtual storage subsystems, wherein each virtual storage subsystem hosts a non-overlapping subset of the storage disks, and wherein each virtual storage subsystem includes a level-2 cache memory dedicated thereto; establishing a communication path between the level-2 cache memory dedicated to each virtual storage subsystem and a main cache of the enterprise-level data storage system; and maintaining a copy of transaction data from the non-overlapping subset of the storage disks hosted by each virtual storage subsystem in the level-2 cache memory dedicated thereto such that when the main cache searches for the copy of the transaction data, the main cache fetches, over the communication path, the copy of the transaction data from the level-2 cache memory of the virtual storage subsystem.

A serial presence detect (SPD) device includes a region of nonvolatile memory for SPD data and an additional region for other (e.g., vendor) use. The additional region may be subdivided into write protect regions that can be individually and independently write protected. To configure the write protection, a password key scheme is used to enter a mode whereby the write protection attributes may be configured. Another password key scheme is used to exit the write protection configuration mode.

A clustered storage system may include potentially many different nodes. A node may mount a virtual storage volume for the use of a container application at the node. The node may receive a request from a different node and respond by indicating whether the virtual storage volume is in active use. In this way, the clustered storage system may safely but forcibly unmount a virtual storage volume having a failed or hanging mount point so that the volume may be mounted on a different node.

A robust, computationally-efficient and secure system is described for streaming content from a server to a client device via the Internet or another digital network. Various aspects relate to automated processes, systems and devices for securing a media stream with efficient yet effective digital cryptography. In particular, content may be transmitted in transport stream (TS) format in which all packets are encrypted (e.g., using a cipher block chain), in which control packets are exempted from encryption (e.g., using an electronic codebook), or in any other manner.

A system includes circuitry for rewriting blockchains in a non-tamper-evident or tamper-evident operation using a key secret held in portions by multiple individually untrusted parties. The blockchains may include a series of blocks secured by integrity codes that may prevent non-tamper-evident rewrites by non-trusted parties that are not in possession of the key secret or individually-untrusted parties in possession of only a portion of the key secret. In some cases, multiple individually-untrusted parties may combine their portions into the key secret. As a group, the multiple individually-untrusted parties may perform non-tamper-evident operation with respect to at least one integrity code within the blockchain.

Methods, systems, and devices associated with techniques for secure writes by non-privileged users are described. A memory device may be configured with one or more blocks of memory operating in a secure write mode. The memory device may receive an append command from a non-privileged user. The append command may indicate data to write to the block of memory at an address determined by the memory device. The memory device may identify a pointer to the address for storing the data within the block of memory. The memory device may write the data to a portion of the block of memory based on identifying the pointer and may update the pointer associated with the block of memory based on writing the data.

A method for performing access management of a memory device with aid of buffer usage reduction control and associated apparatus are provided. The method includes: determining whether any host command among a plurality of host commands from a host device is a trim-related read command, wherein the trim-related read command represents a read command indicating that reading from at least one trimmed location is required; in response to the any host command being the trim-related read command, determining an estimated trim-related read operation count regarding a data buffer according to a trimmed range of the at least one trimmed location and a predetermined unit size of accessing the data buffer; writing predetermined trimmed data having the predetermined unit size into the data buffer; and controlling a transmission interface circuit to read the predetermined trimmed data from the data buffer multiple times, for being returned to the host device.

A storage controller manages a logical volume to which a host makes an access and which manages host data, an addition address space which is mapped with the logical volume and to which host data is added, and a physical address space which is mapped with the addition address space. In the addition address space, different address regions are allocated to respective parity groups. The storage controller selects, as an addition area of host data supplied from the host, an unoccupied address region in the addition address space. As the addition area, a region mapped to a normal status parity group in which data recovery is unnecessary is more preferentially selected than a region allocated to an abnormal status parity group in which data recovery is necessary.