Example implementations include a system of secure decryption by virtualization and translation of physical encryption keys, the system having a key translation memory operable to store at least one physical mapping address corresponding to at least one virtual key address, a physical key memory operable to store at least one physical encryption key at a physical memory address thereof; and a key security engine operable generate at least one key address translation index, obtain, from the key translation memory, the physical mapping address based on the key address translation index and the virtual key address, and retrieve, from the physical key memory, the physical encryption key stored at the physical memory address.

Apparatuses, systems, and methods related to memory pooling between selected memory resources are described. A system using a memory pool formed as such may enable performance of functions, including automated functions critical for prevention of damage to a product, personnel safety, and/or reliable operation, based on increased access to data that may improve performance of a mission profile. For instance, one apparatus described herein includes a memory resource, a processing resource coupled to the memory resource, and a transceiver resource coupled to the processing resource. The memory resource, the processing resource, and the transceiver resource are configured to enable formation of a memory pool between the memory resource and another memory resource at another apparatus responsive to a request to access the other memory resource transmitted from the processing resource via the transceiver.

Apparatuses, systems, and methods related to memory pooling between selected memory resources are described. A system using a memory pool formed as such may enable performance of functions, including automated functions critical for prevention of damage to a product, personnel safety, and/or reliable operation, based on increased access to data that may improve performance of a mission profile. For instance, one apparatus described herein includes a memory resource, a processing resource coupled to the memory resource, and a transceiver resource coupled to the processing resource. The memory resource, the processing resource, and the transceiver resource are configured to enable formation of a memory pool between the memory resource and another memory resource at another apparatus responsive to a request to access the other memory resource transmitted from the processing resource via the transceiver.

A processor receives, from a requestor, a first request containing a virtual address. Based on the first request, the processor determines a real address corresponding to the virtual address, encrypts at least a portion of the real address to obtain a cryptographic secure real address, and returns the cryptographic secure real address to the requestor. Based on receiving a second request specifying a request address, the processor decrypts the request address to validate the request address as the cryptographic secure real address. Based on validating the request address as the cryptographic secure real address, the processor allows access to a resource of the data processing system identified by the real address.

An embodiment of an integrated circuit comprises circuitry to store memory protection information for a non-host memory in a memory protection cache, and perform one or more memory protection checks on a translated access request for the non-host memory based on the stored memory protection information. Other embodiments are disclosed and claimed.

Described are implementations directed to protecting secret data against adversarial attacks by obfuscating the secret data during storage and communication. Obfuscation techniques include, among other things, splitting secret data into a plurality of portions, performing rotation of secret data, splitting secret data into a plurality of shares, modifying shares of secret data in view of the values of the shares, and various other protection mechanisms.

One example method includes performing a recovery operation. A recovery operation is performed using streams rather than volumes in the cloud and without using compute instances or servers for do data. Do data is written to a do stream. Occasionally, a compute instance power on reads data from the do stream. The do data ready from the do stream is applied to a cloud volume and a snapshot of the cloud volume is performed. The backups include discrete PiT backups and recovery can be performed to any of the discrete PiT backups.

A solution is proposed for managing containers isolating corresponding application environments from one or more shared operating systems in a computing system. One or more relevant groups are determined among one or more candidate groups (each comprising private data in common among a plurality of the containers); the candidate groups are determined according to corresponding access commands submitted by the containers and the relevant groups are determined according to one or more relevance policies. The private data of the relevant groups are consolidated into corresponding shared data.

An instruction is provided to perform a reset address translation protection operation when executed. Executing the instruction includes determining, by a processor, that an address translation protection bit in a specified translation table entry associated with a storage block is to be reset. Based on determining that the address translation protection bit is to be reset, executing the instruction includes resetting the address translation protection bit to deactivate write protection for the storage block. The resetting is absent waiting for an action by one or more other processors of the computing environment.

Computer-readable media, methods, and systems are disclosed for encrypting and decrypting data pages in connection with a database employing group-level encryption. A request to load a group-level encrypted logical data page into main memory is received, the data page being identified by a logical page number. A block of group-level encrypted data is loaded into the main memory of the database system from an address corresponding to the physical block number. A block of group-level encrypted data is loaded into the main memory of the database system. A header associated with the block of group-level encrypted data is decrypted using a data-volume encryption key, and an encryption-group identifier is accessed from the decrypted header. A group-level encryption key is retrieved from a key manager, and the remainder of the block of group-level encrypted data is decrypted using the group-level encryption key.