| Patent application number | Description | Published |
|---|
| 20090044274 | Impeding Progress of Malicious Guest Software - One embodiment of the present invention is a method of operating a virtualization system, the method including: (a) instantiating a virtualization system on an underlying hardware machine, the virtualization system exposing a virtual machine in which multiple execution contexts of a guest execute; (b) monitoring the execution contexts from the virtualization system; and (c) selectively impeding computational progress of a particular one of the execution contexts. | 02-12-2009 |
| 20090055571 | FORCING REGISTERED CODE INTO AN EXECUTION CONTEXT OF GUEST SOFTWARE - One embodiment of the present invention includes a method for: (a) executing guest computations in a virtual machine of the virtualization system; and (b) forcing execution of registered code into an execution context of the guest, wherein the forcing is performed from the virtualization system based on an execution trigger monitored without reliance on functionality of the guest software. | 02-26-2009 |
| 20090055693 | Monitoring Execution of Guest Code in a Virtual Machine - One embodiment of the present invention is a method of operating a virtualization system, the method including: (a) instantiating a guest in a virtual machine of the virtualization system; and (b) monitoring execution of code registered for monitored execution in an execution context of the guest, wherein the monitoring is performed by the virtualization system and is hidden from computations of the guest. | 02-26-2009 |
| 20090113110 | Providing VMM Access to Guest Virtual Memory - A virtual-machine-based system provides a mechanism for a virtual machine monitor (VMM) to process a hypercall received from an application running in the virtual machine (VM). A hypercall interface causes the virtual memory pages, needed by the VMM to process the hypercall, to be available to the VMM. In one embodiment, when virtual memory pages needed by the VMM to process the hypercall are not available to the VMM, the application is caused to access the needed pages, in response to which the required virtual memory becomes available to the VMM. | 04-30-2009 |
| 20090113111 | SECURE IDENTIFICATION OF EXECUTION CONTEXTS - A virtual-machine-based system that identifies an application or process in a virtual machine in order to locate resources associated with the identified application. Access to the located resources is then controlled based on a context of the identified application. Those applications without the necessary context will have a different view of the resource. | 04-30-2009 |
| 20090113216 | CRYPTOGRAPHIC MULTI-SHADOWING WITH INTEGRITY VERIFICATION - A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided. | 04-30-2009 |
| 20090113424 | Transparent VMM-Assisted User-Mode Execution Control Transfer - A virtual-machine-based system provides a control-transfer mechanism to invoke a user-mode application handler from existing virtual hardware directly, without going through an operating system kernel running in the virtual machine. A virtual machine monitor calls directly to the guest user-mode handler and the handler transfers control back to the virtual machine monitor, without involving the guest operating system. | 04-30-2009 |
| 20090113425 | Transparent Memory-Mapped Emulation of I/O Calls - A virtual-machine-based system provides a mechanism to implement application file I/O operations of protected data by implementing the I/O operations semantics in a shim layer with memory-mapped regions. The semantics of these I/O operations are emulated in a shim layer with memory-mapped regions by using a mapping between a process' address space and a file or shared memory object. Data that is protected from viewing by a guest OS running in a virtual machine may nonetheless be accessed by the process. | 04-30-2009 |
| 20090158432 | On-Access Anti-Virus Mechanism for Virtual Machine Architecture - A tangible medium embodying instructions usable by a computer system to protect a plurality of guest virtual machines (VMs), which execute via virtualization software on a common host platform, from malicious code is described. A scan engine is configured to scan data for malicious code and determine a result of the scanning, wherein the result indicates whether malicious code is present in the data. A driver portion is configured for installation in an operating system of a target VM, which is one of the guest VMs. The driver portion intercepts an access request to a file, that originates within the target VM. The driver portion communicates information identifying a location of the data to be scanned by the scan engine without sending a copy of the data to the scan engine. The scan engine executes within the virtualization layer outside a context of the target VM. | 06-18-2009 |
| 20100023565 | Separate Swap Files Corresponding to Different Virtual Machines in a Host Computer System - A swap space is provided for a host computer system, where the swap space includes a plurality of swap files with each individual swap file for swapping data only for a single corresponding virtual machine (VM). The per-VM swap space is used solely by the single, corresponding VM, such that only that particular VM's memory is allowed to be swapped out to the swap file. | 01-28-2010 |
| 20100241785 | MANAGEMENT OF HOST PHYSICAL MEMORY ALLOCATION TO VIRTUAL MACHINES WITH A BALLOON APPLICATION - Methods and systems for managing distribution of host physical memory (HPM) among virtual machines (VMs) executing on a host via a hypervisor are presented, where each VM has guest system software including an operating system. A method includes an operation for reserving, by a balloon application executing in a first VM, a guest virtual memory (GVM) location in the first VM. The GVM location is mapped to a guest physical memory (GPM) location, which is mapped to a host physical memory (HPM) location. The balloon application is responsive to the hypervisor for reserving memory. Further, the method includes operations for writing a value to the reserved GVM location and for remapping a plurality of GPM locations containing the value to a single HPM location. The remapping is performed by a content-based page sharing component of the hypervisor. Additionally, the method reclaims the HPM location when the HPM location is freed due to the remapping, and assigns the reclaimed HPM location to a different VM or to a pool of available HPM locations. | 09-23-2010 |
| 20100306849 | ON-ACCESS ANTI-VIRUS MECHANISM FOR VIRTUAL MACHINE ARCHITECTURE - A tangible medium embodying instructions usable by a computer system to protect a plurality of guest virtual machines (VMs), which execute via virtualization software on a common host platform, from malicious code is described. A scan engine is configured to scan data for malicious code and determine a result of the scanning, wherein the result indicates whether malicious code is present in the data. A driver portion is configured for installation in an operating system of a target VM, which is one of the guest VMs. The driver portion intercepts an access request to a file, that originates within the target VM. The driver portion communicates information identifying a location of the data to be scanned by the scan engine without sending a copy of the data to the scan engine. The scan engine executes within the virtualization layer outside a context of the target VM. | 12-02-2010 |
| 20110072426 | Speculative Notifications on Multi-core Platforms - A computer system having a plurality of processor cores utilizes a device driver running in a driver virtual machine to handle I/O with the corresponding device for other virtual machines. A hypervisor in the computer system receives an interrupt from the corresponding device and identifies a virtual machine that best correlates to the received interrupt prior to forwarding the interrupt for handling by the driver virtual machine. The hypervisor then speculatively transmits a notification to the identified virtual machine to wake up and poll a memory shared between the identified virtual machine and the driver virtual machine. Once the driver virtual machine completes handling of the forwarded interrupt, it copies data made available by the corresponding device to the shared memory for access by the polling identified virtual machine. | 03-24-2011 |
| 20110078361 | SYSTEM AND METHOD TO ENHANCE MEMORY PROTECTION FOR PROGRAMS IN A VIRTUAL MACHINE ENVIRONMENT - In a computer system supporting execution of virtualization software and at least one instance of virtual system hardware, an interface is provided into the virtualization software to allow a program to directly define the access characteristics of its program data stored in physical memory. The technique includes providing data identifying memory pages and their access characteristics to the virtualization software which then derives the memory access characteristics from the specified data. Optionally, the program may also specify a pre-defined function to be performed upon the occurrence of a fault associated with access to an identified memory page. In this manner, programs operating both internal and external to the virtualization software can protect his memory pages, without intermediation by the operating system software. | 03-31-2011 |
| 20110082962 | MONITORING A DATA STRUCTURE IN A VIRTUAL MACHINE - A method for monitoring a data structure maintained by guest software within a virtual machine is disclosed. Changes to the contents of the data structure are determined, such as by placing write traces on the memory pages containing the data structure. Also, the method involves determining when memory pages containing the data structure are swapped into and/or out of guest physical memory by the guest software, such as by placing write traces on the memory pages containing the guest page table and detecting changes to the present bit of page table entries involved in mapping virtual addresses for the data structure. Information about the contents of the data structure is retained while memory pages containing the data structure are swapped out of guest physical memory. | 04-07-2011 |
| 20110131388 | ACCESSING MULTIPLE PAGE TABLES IN A COMPUTER SYSTEM - A virtual memory system implementing the invention provides concurrent access to translations for virtual addresses from multiple address spaces. One embodiment of the invention is implemented in a virtual computer system, in which a virtual machine monitor supports a virtual machine. In this embodiment, the invention provides concurrent access to translations for virtual addresses from the respective address spaces of both the virtual machine monitor and the virtual machine. Multiple page tables contain the translations for the multiple address spaces. Information about an operating state of the computer system, as well as an address space identifier, are used to determine whether, and under what circumstances, an attempted memory access is permissible. If the attempted memory access is permissible, the address space identifier is also used to determine which of the multiple page tables contains the translation for the attempted memory access. | 06-02-2011 |
