Secure migratable architecture having security features

The invention claimed is: 1. A computing system comprising: a programmable circuit configured to execute instructions according to a first computing architecture; a memory communicatively connected to the programmable circuit, the memory storing software executable by the programmable circuit, the software including: an operating system; and a process including a firmware environment representing a virtual computing system having a second computing architecture different from the first computing architecture and one or more workloads to be executed within the process, the software executable to perform a method including: upon initiating execution of the process, allocating a portion of the memory for use by the process during execution; and executing the process hosted by the operating system, wherein the firmware environment manages the portion of the memory using a token associated with one or more area descriptors to describe the portion of the memory and a tag, each of the one or more area descriptors defining to the firmware environment a base address and an offset at which a buffer memory area is located, the base address translated to an address in the memory managed by the operating system wherein the firmware receives a write request from the one or more workloads, translating the request to a specific memory buffer corresponding to the token, adding an offset to the base address at which the buffer memory area is located, the buffer memory area being within the portion of memory allocated for use by the process, validate that the tag value associated with the address is compatible, write the a value of the memory access request at the offset address, the write value and the offset address is passed to the first computing architecture, wherein the first computing architecture converts the virtual address to a physical address and writes the value in the memory. 2. The system of claim 1 , wherein the one or more area discriptors are included in an area descriptor collection managed by the firmware environment. 3. The system of claim 1 , wherein the portion of the memory is, according to the second architecture implemented in the firmware environment, directly addressable. 4. The system of claim 3 , wherein the portion of the memory is, from the perspective of the first architecture implemented by the programmable circuit and operating system, addressable using one or more virtual addresses. 5. The system of claim 1 , wherein the area descriptor encapsulates a plurality of attributes of the memory area within the portion of memory. 6. The system of claim 1 , wherein the one or more area descriptors are unique within the firmware environment across the entire duration of execution of the process. 7. The system of claim 1 , wherein the one or more area descriptors reference a memory area having a common tag value associated with all the memeory locations within the memory area. 8. The system of claim 1 , wherein the one or more area descriptors includes a link to a tag area, the tag area including a tag byte associated with each data word in the memory area. 9. The system of claim 8 , wherein the memory area is organized in contiguous 64-bit data words, wherin the tag area is seperate from the memory area containing the data words. 10. The system of claim 1 , wherein the one or more area descriptors includes a descriptor associated with access rights to the memory area. 11. The system of claim 1 , wherein the one or more area descriptors includes a descriptor identifying a type of memory associated with the memory area. 12. A computer-implemented method comprising: upon initiating execution of a process, allocating a portion of a memory for use by the process during execution, the process including a firmware environment representing a virtual computing system having a second computing architecture different from a first computing architecture of a computing system on which the process is executed; and executing the process hosted by the operating system, wherein the firmware environment manages the portion of the memory using a token associated with one or more area descriptors to describe the portion of the memory and a tag, each of the one or more area descriptors defining to the firmware environment a base address and an offset at which a buffer memory area is located, the base address translated to an address in the memory managed by the operating system, wherein the firmware receives a write request from the one or more workloads, translating the request to a specific memory buffer corresponding to the token, adding an offset to the base address at which the buffer memory area is located, the buffer memory area being within the portion of memory allocated for use by the process, validate that the tag value associated with the address is compatible, write the a value of the memory access request at the offset address, the write value and the offset address is passed to the first computing architecture, wherein the first computing architecture converts the virtual address to a physical address and writes the value in the memory. 13. The computer-implemented method of claim 12 , further comprising communicating with a remote computing system via security software, the remote computing system and the computing system being members of a common community of interest. 14. The computer-implemented method of claim 12 , wherein the process further includes one or more workloads to be executed within the process. 15. The computer-implemented method of claim 12 , wherein executing the process hosted by the operating system comprises calling a native function from the firmware environment, the native function executable according to the first computing architecture. 16. The computer-implemented method of claim 12 , wherein executing the process comprises: receiving a memory request from the workload at the firmware, the memory request including a reference to a memory arae and an offset; translating the memory request to a memory access request according to the native instruction set architecture and managed by the operating system. 17. The computer-implemented method of claim 12 , wherein executing the process comprises: allocating a new memory area to the process; creating a new area descriptor token associated with the new memory area in an area descriptor collection, the area descriptor token referencing an area descriptor associated with the new memory area. 18. A computing system comprising: a programmable circuit configured to execute instructions according to a first computing architecture; a memory communicatively connected to the programmable circuit, the memory storing software executable by the programmable circuit, the software including: an operating system; and a process including a firmware environment representing a virtual computing system having a second computing architecture different from the first computing architecture and one or more workloads to be executed within the process according to the second computing architecture, the software executable to perform a method including: upon initiating execution of the process, allocating a portion of the memory for use by the process during execution; creating an area descriptor associated with a memory area included within the portion of the memory, the area descriptor including a base address and a length of the memory area; storing the area descriptor in an area descriptor collection; and executing the process hosted by the operating system, wherein the firmware environment