Data storage device performing in-storage processing

What is claimed is: 1. A data storage device comprising: a nonvolatile memory device; a volatile memory device; a data encryption circuit configured to produce encrypted data by encrypting data outputted from the nonvolatile memory device; a data decryption circuit configured to produce decrypted data by decrypting the encrypted data and configured to provide the decrypted data to the volatile memory device; and a processor configured to perform a first process that controls installation of a first in-storage program into the data storage device, a second process for configured to manage a mapping table storing a relation between a logical address and a physical address of the nonvolatile memory device, and a third process configured to execute the first in-storage program. 2. The data storage device of claim 1 , wherein the volatile memory device includes a secure area configured to store metadata of the first in-storage program, a protected area configured to store the mapping table, and a normal area configured to store a first enclave allocated for the first in-storage program. 3. The data storage device of claim 1 , wherein the first process prevents the third process from performing a write operation on the protected area according to permissions associated with the third process. 4. The data storage device of claim 2 , wherein the first process controls installation of a second in-storage program, the normal area stores a second enclave allocated for the second in-storage program, and the processor performs a fourth process configured to execute the second in-storage program, wherein the first process prevents the third process from accessing the second enclave, and wherein plain data outputted from the enclaves is encrypted by the data encryption circuit and decrypted by the data decryption circuit. 5. The data storage device of claim 4 , wherein the mapping table comprises entries, each entry including a corresponding logical address field, physical address field, and ID field, wherein the ID field stores information for identifying the first in-storage program and the second in-storage program. 6. The data storage device of claim 5 , wherein the second process provides mapping information referring to the ID field when the third process reads the mapping table. 7. The data storage device of claim 1 , wherein the data encryption circuit includes: an initial vector generation circuit configured to generate an initial vector referring to a physical address of data output from the nonvolatile memory device; a stream encryption circuit configured to generate an encrypted stream encrypted with the initial vector; and an operation circuit configured to generate the encrypted data by using the data output from the nonvolatile memory device and the encrypted stream. 8. The data storage device of claim 7 , further comprising a stream buffer configured to buffer the encrypted stream. 9. The data storage device of claim 7 , wherein the initial vector generation circuit includes a pseudo-random number generator configured to generate a key vector, and a logical circuit configured to provide the initial vector by operating the key vector and the physical address. 10. The data storage device of claim 1 , wherein the data decryption circuit includes: a stream encryption circuit configured to generate an encrypted stream encrypted with an initial vector; and an operation circuit configured to generate plain data by using the encrypted data and the encrypted stream. 11. The data storage device of claim 2 , further comprising: a cache memory configured to cache data of the first enclave; and a memory security circuit configured to encrypt data evicted from the cache memory to be written back to the first enclave. 12. The data storage device of claim 11 , wherein the memory security circuit includes: a key generation circuit configured to generate a key value from a counter value generated according to a writeback operation of the data storage device; and an encryption circuit configured to generate an encrypted data block according to data block of the cache memory and the key value. 13. The data storage device of claim 12 , further comprising a counter block including a major counter and a minor counter, wherein the minor counter increases according to the writeback operation and the major counter updates when overflow occurs at the minor counter, and wherein the counter value is provided from the major counter. 14. The data storage device of claim 12 , wherein the memory security circuit includes a verification management circuit configured to verify integrity of a data block outputted from the first enclave. 15. The data storage device of claim 11 , wherein the verification management circuit generates a first message authentication code (MAC) by hashing the data block with the counter value when the data block is written back to the first enclave, and generates or updates a verification data structure using the first MAC. 16. The data storage device of claim 15 , wherein when update data for updating the data block is stored in the first enclave, the verification management circuit generates a second MAC by hashing the first MAC with a result of hashing the update data block and a counter value used for encrypting the update data block, and updates the verification data structure so that the second MAC is related to the first MAC. 17. The data storage device of claim 1 , further comprising an internal bus for transmitting data between the data encryption circuit and the data decryption circuit, and an interface coupled to the internal bus. 18. A method performed by a data storage device in communication with a host computing device, the data storage device comprising a flash chip, a dynamic random access memory (DRAM) chip, an encryption circuit, an internal bus, a processor, and a decryption circuit, the method performed by the processor and comprising: executing an in-storage program stored in the data storage device, the in-storage program having plain data stored in the flash chip; when execution of the in-storage program causes the plain data to be stored in the DRAM chip, as the plain data flows out of the flash chip, encrypting, by the encryption circuit, the plain data to produce corresponding encrypted data; transferring, via the internal bus, the encrypted data from the encryption circuit to the decryption circuit; decrypting, by the decryption circuit, the encrypted data to reproduce the plain data; and storing the plain data in the DRAM chip.