公开(公告)号：US20190034359A1

公开(公告)日：2019-01-31

申请号：US15664101

申请日：2017-07-31

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Geoffrey Ndu ,  Dejan S. Milojicic ,  Paola Faraboschi ,  Chris I. Dalton

IPC: G06F12/14

CPC classification number: G06F12/1475 ,  G06F12/1466 ,  G06F12/1491 ,  G06F2212/1052 ,  G06F2212/657

Abstract: Memory blocks are associated with each memory level of a hierarchy of memory levels. Each memory block has a matching key capability (MaKC). The MaKC of a memory block governs access to the memory block, in accordance with permissions specified by the MaKC. The MaKC of a memory block can uniquely identify the memory block across the hierarchy of memory levels, and can be globally unique across the memory blocks. An MaKC of a memory block includes a block protection key (BPK) stored with the memory block, and an execution protection key (EPK). If a provided EPK for a memory block matches the memory block's BPK upon comparison, access to the memory block is allowed according to the permissions specified by the MaKC.

公开(公告)号：US10089498B2

公开(公告)日：2018-10-02

申请号：US15021022

申请日：2013-10-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Nigel Edwards ,  Chris I. Dalton ,  Paolo Faraboschi

IPC: G06F21/00 ,  G06F21/64 ,  G06F21/52 ,  G06F21/56 ,  G06F21/79 ,  G06F12/14 ,  G06F21/62

Abstract: According to an example, memory integrity checking may include receiving computer program code, and using a loader to load the computer program code in memory. Memory integrity checking may further include verifying the integrity of the computer program code by selectively implementing synchronous verification and/or asynchronous verification. The synchronous verification may be based on loader security features associated with the loading of the computer program code. Further, the asynchronous verification may be based on a media controller associated with the memory containing the computer program code.

公开(公告)号：US20180218148A1

公开(公告)日：2018-08-02

申请号：US15417955

申请日：2017-01-27

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Michela D'Errico ,  Leon Frank Ehrenhart ,  Chris I. Dalton ,  Michael John Wray ,  Siani Pearson ,  Dennis Heinze

IPC: G06F21/53 ,  G06F17/30

CPC classification number: G06F21/53 ,  G06F16/245 ,  G06F2221/033

Abstract: Examples relate to system call policies for containers. In an example, a method includes receiving, by a container platform, a container for running an application. The container has a metadata record that specifies an application type of the application. The container platform receives a data structure that specifies a set of system call policies for a set of application types and queries the data structure to determine a policy of the set of system call policies to apply to the container based on the application type in the metadata record. A kernel implements the policy for the container to allow or deny permission for a system call by the application running in the container based on a comparison of the system call to the policy.

公开(公告)号：US20180157605A1

公开(公告)日：2018-06-07

申请号：US15577895

申请日：2015-11-25

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Nigel Edwards ,  Chris I. Dalton ,  Keith Mathew McAuliffe

IPC: G06F13/16 ,  G06F21/79 ,  G06F21/57

CPC classification number: G06F13/1668 ,  G06F13/16 ,  G06F21/577 ,  G06F21/79 ,  G06F2201/84

Abstract: Examples include configuration of a memory controller for copy-on-write. Some examples include, in response to a determination to take a snapshot of memory accessible to a first component, a management subsystem configuring a memory controller to treat location IDs, mapped to initial memory locations of the accessible memory, as copy-on-write for the first component and not for a second component.

公开(公告)号：US20180063158A1

公开(公告)日：2018-03-01

申请号：US15252392

申请日：2016-08-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Chris I. Dalton ,  Dejan S. Milojicic

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08

CPC classification number: H04L9/083 ,  G06F21/575 ,  H04L9/0891 ,  H04L9/0894 ,  H04L9/3242

Abstract: Example implementations relate to cryptographic evidence of persisted capabilities. In an example implementation, in response to a request to access a persisted capability stored in a globally shared memory, a system may decide whether to trust the persisted capability by verification of cryptographic evidence accompanying the persisted capability. The system may load the persisted capability upon a decision to trust the persisted capability based on successful verification.

公开(公告)号：US20170213054A1

公开(公告)日：2017-07-27

申请号：US15328408

申请日：2014-10-30

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Liqun Chen ,  Chris I. Dalton ,  Fraser John Dickin ,  Nigel Edwards ,  Simon Kai-Ying Shiu

IPC: G06F21/79 ,  H04L9/08 ,  G06F21/60 ,  G06F21/64

CPC classification number: G06F21/79 ,  G06F21/606 ,  G06F21/64 ,  H04L9/0822 ,  H04L9/083 ,  H04L2463/061

Abstract: In an example, transactions are secured between electronic circuits in a memory fabric. An electronic circuit may receive a transaction integrity key. The electronic circuit may compute a truncated message authentication code (MAC) using the received transaction integrity key and attach the truncated MAC to a security message header (SMH) of the transaction.