Abstract: Technologies are provided in embodiments for receiving policy information associated with at least one security exception, the security exception relating to execution of at least one program, determining an operation associated with the security exception based, at least in part, on the policy information, and causing the operation to be performed, based at least in part, on a determination that the at least one security exception occurred.

Abstract: Technologies are provided in embodiments for receiving policy information associated with at least one security exception, the security exception relating to execution of at least one program, determining an operation associated with the security exception based, at least in part, on the policy information, and causing the operation to be performed, based at least in part, on a determination that the at least one security exception occurred.

Abstract: A method, apparatus and system enable processor frequency governors to comprehend virtualized platforms. Specifically, in one embodiment, the processor frequency governor in a virtual host may be para-virtualized. As a result, the processor frequency governor may run in a partition on the virtualized platform and nonetheless collect and process central processing utility (“CPU”) information on the virtualized platform based on the activity of a plurality of virtual machines on the virtual host.

Abstract: Executing a monitor on a platform, the monitor capable of providing exclusive, secure access to an audio I/O device of the platform, executing a first partition on the platform, providing an audio device model in the first partition by directly mapping the audio I/O device from the monitor to the first partition for applications executing in the first partition, and providing exclusive, secure access to the audio I/O device to a program performing an audio function in a secure mode in the first partition.

Abstract: Detecting a rootkit in a computing system may be achieved by detecting, by a virtual machine monitor, a virtualization trap occurring as a result of an action by a rootkit executing in a computing system; and analyzing the virtualization trap to detect the presence of the rootkit in the computing system. Action may then be taken to block the rootkit activity to safeguard the computing system.

Abstract: A method, apparatus and system for virtualized proxy services are disclosed herein. Specifically, on one embodiment, a virtual proxy may be implemented in a virtual machine host. The virtual proxy may reside within a dedicated or shared virtual partition and may include a set of access restrictions. In one embodiment, a network including virtual machine hosts having virtual proxies may also provide additional peer-to-peer services. More specifically, a virtual proxy on a virtual host may be configured to broadcast/multicast content requests to other virtual hosts on the network prior to accessing the content from a remote location. If the content has previously been downloaded by another virtual host on the network, the virtual proxy on the requesting host may copy the content from the peer virtual host, instead of downloading the content from the remote location again. A variety of security measures may be implemented in one embodiment to ensure data integrity.

Abstract: Executing a monitor on a platform, the monitor capable of providing exclusive, secure access to an audio I/O device of the platform, executing a first partition on the platform, providing an audio device model in the first partition by directly mapping the audio I/O device from the monitor to the first partition for applications executing in the first partition, and providing exclusive, secure access to the audio I/O device to a program performing an audio function in a secure mode in the first partition.

Abstract: Executing a monitor on a platform, the monitor capable of providing exclusive, secure access to an audio I/O device of the platform, executing a first partition on the platform, providing an audio device model in the first partition by directly mapping the audio I/O device from the monitor to the first partition for applications executing in the first partition, and providing exclusive, secure access to the audio I/O device to a program performing an audio function in a secure mode in the first partition.

Abstract: A processor includes non-volatile memory into which streamed application components may be pre-fetched from a slower storage medium in order to decrease stall times during execution of the application. Alternatively, the application components pre-fetched into the non-volatile memory may be from a traditionally-loaded application rather than a streamed application. The order in which components of the application are prefetched into the non-volatile memory may be based on load order hints. For at least one embodiment, the load order hints are derived from sever-side load ordering logic. For at least one other embodiment, the load order hints are provided by the application itself via a mechanism such as an application programming interface. For at least one other embodiment, the load order hints are generated by the client using profile data. Or, a combination of such approaches may be used. Other embodiments are also described and claimed.

Abstract: Detecting a rootkit in a computing system may be achieved by detecting, by a virtual machine monitor, a virtualization trap occurring as a result of an action by a rootkit executing in a computing system; and analyzing the virtualization trap to detect the presence of the rootkit in the computing system. Action may then be taken to block the rootkit activity to safeguard the computing system.

Abstract: A method, apparatus and system enable processor frequency governors to comprehend virtualized platforms. Specifically, in one embodiment, the processor frequency governor in a virtual host may be para-virtualized. As a result, the processor frequency governor may run in a partition on the virtualized platform and nonetheless collect and process central processing utility (“CPU”) information on the virtualized platform based on the activity of a plurality of virtual machines on the virtual host.

Abstract: A method, apparatus and system enable enhanced processor frequency governors to comprehend virtualized platforms and utilize predictive information to enhance performance in virtualized platforms. Specifically, in one embodiment, an enhanced frequency governor in a virtual host may run within a virtual machine on the host and interact with a virtual machine manager to collect predictive information from application(s) running within each virtual machine on the host. The enhanced frequency governor may then utilize the predictive information to determine future CPU frequency requirements and raise or lower the CPU frequency and/or voltage in anticipation of the needs of the various applications.

Abstract: The present disclosure relates to the authenticating a client against a pool of servers utilizing a secure authentication protocol, and, more specifically, to the authenticating a client against a pool of servers providing a common service, utilizing the Kerberos secure authentication protocol.

Abstract: A method, apparatus and system enable a virtual diskless architecture on a virtual machine (“VM”) host. In one embodiment, a partition on the VM host may be designated a management VM and the storage controller (coupled to a storage device) on the host VM may be dedicated to this management VM. Thereafter, a second VM on the host may connect to management VM via a virtual network connection and access data on the “remote” storage device via the virtual network connection.

Abstract: Executing a monitor on a platform, the monitor capable of providing exclusive, secure access to an audio I/O device of the platform, executing a first partition on the platform, providing an audio device model in the first partition by directly mapping the audio I/O device from the monitor to the first partition for applications executing in the first partition, and providing exclusive, secure access to the audio I/O device to a program performing an audio function in a secure mode in the first partition.

Abstract: A method, apparatus and system enable a virtual and a non-virtual component to be bundled together in a single binary. According to an embodiment of the present invention, an operating system may boot directly on host hardware or on a virtual machine manager. If the operating system boots directly on host hardware, the binary is capable of executing the non-virtual (“physical”) component code in the binary. If, on the other hand, the operating system boots onto a virtual machine manager, the binary is further capable of executing the virtual component code in the binary. In one embodiment, the virtual component may be para-virtualized, i.e., the component may be aware that it is running in a virtual environment.

Abstract: In some embodiments, the invention involves saving limited context information when transitioning between virtual machines. A predetermined set of instructions and events cause a trap. A bit or flag is set to indicate that the event has occurred within a virtual machine. The virtual machine monitor determines whether specific register sets must be saved or restored upon a context switch, based on whether the flag has been set. Other embodiments are described and claimed.

Abstract: A method and apparatus for granting access to a hardware interface shared between multiple software drivers are described. In one embodiment, the apparatus includes an interface to provide access to a hardware function or a resource. As described herein, the hardware function or resource is shared between at least two software entities, such as, for example, device drivers. In one embodiment, access verification logic denies an access request for the hardware function, unless the key associated with the access request matches a stored key semaphore. In one embodiment, a key size may be relatively large to provide a very low probability that a malicious software entity could accidentally or maliciously gain access to the software. Other embodiments are described and claimed.

Abstract: In some embodiments, the invention involves protecting network communications in a virtualized platform. An embodiment of the present invention is a system and method relating to protecting network communication flow using packet encoding/certification and the network stack. One embodiment uses a specialized engine or driver in the network stack to encode packets before being sent to physical network controller. The network controller may use a specialized driver to decode the packets, or have a hardware implementation of a decoder. If the decoded packet is certified, the packet is transmitted. Otherwise, the packet is dropped. An embodiment of the present invention utilizes virtualization architecture to implement the network communication paths. Other embodiments are described and claimed.

Abstract: A method includes performing a file system integrity validation on a host machine having a hypervisor architecture when a file system of a second process is mounted on a file system of a first process. The file system integrity validation occurs independently of booting the host machine.