Abstract: The translation of virtual guest addresses to host physical addresses in a virtualized computer system provides a compound page table that may simultaneously support nested-paging and shadow-paging for different memory regions. Memory regions with stable address mapping, for example, holding program code, may be treated using shadow-paging while memory regions with dynamic address mapping, for example, variable storage, may be treated using nested-paging thereby obtaining the benefits of both techniques.

Abstract: A memory management unit for I/O devices uses page table entries to translate virtual addresses to physical addresses. The page table entries include removal rules allowing the I/O memory management unit to delete page table entries without CPU involvement significantly reducing the CPU overhead involved in virtualized I/O data transactions.

Abstract: The translation of virtual guest addresses to host physical addresses in a virtualized computer system provides a compound page table that may simultaneously support nested-paging and shadow-paging for different memory regions. Memory regions with stable address mapping, for example, holding program code, may be treated using shadow-paging while memory regions with dynamic address mapping, for example, variable storage, may be treated using nested-paging thereby obtaining the benefits of both techniques.

Abstract: A method includes the step of running a set of instances on at least one cloud for a first time interval, each of the instances comprising a bundle of virtualized resources. The method also includes the step of evaluating one or more performance characteristics of each of the instances in the set of instances over the first time interval. The method further includes the step of determining a first subset of the set of instances to maintain for a second time interval and a second subset of the set of instances to terminate for the second time interval responsive to the evaluating step. The steps are performed by at least one processing device comprising a processor coupled to a memory.

Abstract: A memory management unit for 110 devices uses page table entries to translate virtual addresses to physical addresses. The page table entries include removal rules allowing the I/O memory management unit to delete page table entries without CPU involvement significantly reducing the CPU overhead involved in virtualized I/O data transactions.

Abstract: In general, techniques are described for enabling a restartable file system. A computing device comprising a processor that executes an operating system may implement the techniques. The processor executes kernel and file system functions of the operating system to perform an operation, where both types of functions call each other to perform the operation. The operating system stores data identifying those of the kernel functions that called the file system functions. In response to determining that one of the file system functions that was called has failed, the operating system accesses the data to identify one of the kernel functions that most recently called one of the file system functions, and returns control to the identified one of the kernel functions without executing any of the file system functions called after the identified one of the kernel functions and prior to the one of the file system functions that failed.

Abstract: In general, techniques are described for enabling a restartable file system. A computing device comprising a processor that executes an operating system may implement the techniques. The processor executes kernel and file system functions of the operating system to perform an operation, where both types of functions call each other to perform the operation. The operating system stores data identifying those of the kernel functions that called the file system functions. In response to determining that one of the file system functions that was called has failed, the operating system accesses the data to identify one of the kernel functions that most recently called one of the file system functions, and returns control to the identified one of the kernel functions without executing any of the file system functions called after the identified one of the kernel functions and prior to the one of the file system functions that failed.

Abstract: A coherence controller in hardware of an apparatus in an example detects conflicts on coherence requests through direct, non-broadcast employment of signatures that: summarize read-sets and write-sets of memory transactions; and provide false positives but no false negatives for the conflicts on the coherence requests. The signatures comprise fixed-size representations of a substantially arbitrary set of addresses for the read-sets and the write-sets of the memory transactions.

Abstract: A method of controlling access to network services enables an authorized proxy client to access a service on behalf of a user. To permit the client to function as a proxy, the user registers proxy authorization information with a trusted security server. The proxy authorization information identifies the proxy client and specifies the extent of proxy authority granted to the proxy client. When the proxy client wants to access a target service on behalf of the user, it sends a proxy request to the trusted security server. The trusted security server checks the proxy authorization information of the user to verify whether the request is within the proxy authority granted to the proxy client. If so, the trusted security server returns to the proxy client a data structure containing information recognizable by the target service to authenticate the proxy client for accessing the target service on behalf of the user.

Abstract: A coherence controller in hardware of an apparatus in an example detects conflicts on coherence requests through direct, non-broadcast employment of signatures that: summarize read-sets and write-sets of memory transactions; and provide false positives but no false negatives for the conflicts on the coherence requests. The signatures comprise fixed-size representations of a substantially arbitrary set of addresses for the read-sets and the write-sets of the memory transactions.

Abstract: A methododology is provided for facilitating authentication of a service. The methodology includes making a request to a first party for authentication of a service, the request including a first alias. A list of aliases associated with the service is then searched enabling a second party making the request to access the service if a match is found between the first alias and at least one alias of the list of aliases.

Abstract: A method of controlling access to network services enables an authorized proxy client to access a service on behalf of a user. To permit the client to function as a proxy, the user registers proxy authorization information with a trusted security server. The proxy authorization information identifies the proxy client and specifies the extent of proxy authority granted to the proxy client. When the proxy client wants to access a target service on behalf of the user, it sends a proxy request to the trusted security server. The trusted security server checks the proxy authorization information of the user to verify whether the request is within the proxy authority granted to the proxy client. If so, the trusted security server returns to the proxy client a data structure containing information recognizable by the target service to authenticate the proxy client for accessing the target service on behalf of the user.

Abstract: Providing object type specific access control to an object is described. In one embodiment, a computer system comprises an operating system operative to control an application and a service running on a computer. The service maintains a service object having a link to an access control entry. The access control entry contains an access right to perform an operation on an object type. The system further includes an access control module within the operating system. The access control module includes an access control interface and operates to grant or deny the access right to perform the operation on the object.

Abstract: Restricted execution contexts are provided for untrusted content, such as computer code or other data downloaded from websites, electronic mail messages and any attachments thereto, and scripts or client processes run on a server. A restricted process is set up for the untrusted content, and any actions attempted by the content are subject to the restrictions of the process, which may be based on various criteria. Whenever a process attempt to access a resource, a token associated with that process is compared against security information of that resource to determine if the type of access is allowed. The security information of each resource thus determines the extent to which the restricted process, and thus the untrusted content, has access. In general, the criteria used for setting up restrictions for each untrusted content's process is information indicative of how trusted or untrusted the content is likely to be.

Abstract: A system and method of combined user logon-authentication provides enhanced logon performance by utilizing communications with a network access control server for user authentication to provide user account data required for user logon. When a user logs on a computer, the computer initiates a network access control process with a network access control server for obtaining access to network services, including the computer that the user is logging on. During the access control process, the network access control server authenticates the user and queries a directory service for the account data for the user. The network access control server includes the user account data in one of the communication packets sent to the computer in the network access control process. The computer retrieves the user account data from the communication packet and uses the data to complete the user logon.

Abstract: A method and computing system for extending access control of system objects in a computing environment beyond traditional rights such as read, write, create and delete. According to the invention, a system administrator or user application is able to create control rights that are unique to the type of object. Rights can be created that do not relate to any specific property of the object, but rather define how a user may control the object. A novel object, referred to as a control access data structure, is defined for each unique control right and associates the control right with one or more objects of the computing environment. In order to grant the right to a trusted user, an improved access control entry (ACE) is defined which holds a unique identifier of the trusted user and a unique identifier of the control access data structure.

Abstract: A system and method of combined user logon-authentication provides enhanced logon performance by utilizing communications with a network access control server for user authentication to provide user account data required for user logon. When a user logs on a computer, the computer initiates a network access control process with a network access control server for obtaining access to network services, including the computer that the user is logging on. During the access control process, the network access control server authenticates the user and queries a directory service for the account data for the user. The network access control server includes the user account data in one of the communication packets sent to the computer in the network access control process. The computer retrieves the user account data from the communication packet and uses the data to complete the user logon.

Abstract: The disclosed system uses a challenge-response authentication protocol for datagram-based remote procedure calls. Using a challenge-response authentication protocol has many advantages over using a conventional authentication protocol. There are two primary components responsible for communication using the challenge-response protocol: a challenge-response protocol component on the client computer (client C-R component) and a challenge-response protocol component on the server computer (server C-R component). In order to start a session using the challenge-response protocol, the client C-R component first generates a session key. The session key is used by both the client C-R component and the server C-R component for encrypting and decrypting messages. After creating the session key, the client C-R component encrypts a message containing a request for a remote procedure call and sends it to the server C-R component. In response, the server C-R component sends a challenge to the client C-R component.

Abstract: Restricted execution contexts are provided for untrusted content, such as computer code or other data downloaded from websites, electronic mail messages and any attachments thereto, and scripts or client processes run on a server. A restricted process is set up for the untrusted content, and any actions attempted by the content are subject to the restrictions of the process, which may be based on various criteria. Whenever a process attempt to access a resource, a token associated with that process is compared against security information of that resource to determine if the type of access is allowed. The security information of each resource thus determines the extent to which the restricted process, and thus the untrusted content, has access. In general, the criteria used for setting up restrictions for each untrusted content's process is information indicative of how trusted or untrusted the content is likely to be.

Abstract: A method and mechanism to enforce reduced access via restricted access tokens. Restricted access tokens are based on an existing token, and have less access than that existing token. A process is associated with a restricted token, and when the restricted process attempts to perform an action on a resource, a security mechanism compares the access token information with security information associated with the resource to grant or deny access. Application programs may have restriction information stored in association therewith, such that when launched, a restricted token is created for that application based on the restriction information thereby automatically reducing that application's access. Applications may be divided into different access levels such as privileged and non-privileged portions, thereby automatically restricting the actions a user can perform via that application.