Abstract: Approaches for executing untrusted software on a client without compromising the client using micro-virtualization to execute untrusted software in isolated contexts. A template for instantiating a virtual machine on a client is identified in response to receiving a request to execute an application. After the template is identified, without human intervention, a virtual machine is instantiated, using the template, in which the application is to be executed. The template may be selected from a plurality of templates based on the nature of the request, as each template describe characteristics of a virtual machine suitable for a different type of activity. When the client determines that the application has ceased to execute, the client ceases execution of the virtual machine without human intervention.

Abstract: Approaches for transferring data to a client by safely receiving the data in or more virtual machines. In response to the client determining that digital content is to be received or processed by the client, the client identifies one or more virtual machines, executing or to be executed on the client, into which the digital content is to be stored. In doing so, the client may consult policy data that defines one or more policies for determining into which virtual machine the digital content should be stored. In this way, digital content, such as executable code or interpreted data, of unknown trustworthiness may be safely received by the client without the possibility of any malicious code therein from affecting any undesirable consequence upon the client.

Abstract: Approaches for securing resources of a virtual machine. An application executes on a host operating system. A user instructs the application to display a file. In response, a host module executing on the host operating system instructs a guest module, executing within a virtual machine, to render the file within the virtual machine. The application displays the file using screen data which was created within the virtual machine and defines a rendered representation of the file. The user is prevented from accessing any resource of the virtual machine unrelated to the file. The virtual machine may consult policy data to determine how to perform certain user-initiated actions within the virtual machine. Examples of the file include image, a document, an email, and a web page.

Abstract: Approaches for ensuring a document does not inadvertently link or contain to any malicious content. A request from a document embedded within a parent web page itself, or comprised within a window launched by the parent web page, is received. The request is executed in a memory address space separate from a memory address space in which the parent web page resides. The execution of the request is performed using a parent proxy that represents the parent web page. Any malicious actions resulting from the performance of the request affect the parent proxy rather than the parent web page. The parent proxy provides at least a portion of the results of executing the request to a child proxy, which in turn determines what, if any, content within the results should be sent to the web browser rendering the parent web page.

Abstract: Mitigating eviction of the memory pages of virtualized machines. Upon detecting that a request to perform an I/O operation has been issued against a block stored a disk, a determination is made as to whether a pristine copy of the contents of the block is stored in memory. If a pristine copy of the contents of the block is stored in memory, then the request may be performed by updating mapping data that maps a page of memory to a location in memory at which the pristine copy is stored. In this way, the request is performed without performing the I/O operation against the block stored on disk. Various approaches for resharing memory, including memory of a template virtual machine, are discussed.

Abstract: The execution of a process within a VM may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM. The trigger event may be analyzed in relation to a set of heuristics, and based on the analysis, a data collection process may be initiated wherein the data comprises information about events occurring in the first virtual machine.

Abstract: Approaches for performing memory management by a hypervisor. A host operating system and a hypervisor are executed on a device. The host operating system is not configured to access physical memory addressed above four gigabytes. The hypervisor manages memory for a device, including memory addressed above four gigabytes. When the hypervisor instantiates a virtual machine, the hypervisor may allocate memory pages for the newly instantiated virtual machine by preferentially using any unassigned memory addressed above four gigabytes before using memory allocated from the host (and hence addressed below four gigabytes).

Abstract: Approaches for ensuring the privacy and integrity of a hypervisor. A host operating system manages a set of resources. The host operating system is prevented from accessing a portion of the resources belonging to or allocated by the hypervisor. The host operating system may be prevented from accessing resources belonging to or allocated by the hypervisor by transferring execution of the host operating system into a virtual machine container that does not have sufficient privilege to access any portion of the memory pages in which the hypervisor is executing.

Abstract: Approaches for ensuring a digital file does not contain malicious code. A digital file in an original format may or may not contain malicious code. An intermediate copy of the digital file in an intermediate format is created from the digital file in the original format. The intermediate format preserves a visual or audio presentation of the digital file without supporting metadata or file format data structures of the original format. A sterilized copy of the digital file is created from the intermediate copy. The sterilized copy is in the original format. The sterilized copy comprises a digital signature indicating that the sterilized copy has been converted from the intermediate format to the original format. Advantageously, the sterilized copy is guaranteed to not possess any malicious code.

Abstract: Approaches for executing untrusted software on a client without compromising the client using micro-virtualization to execute untrusted software in isolated contexts. A template for instantiating a virtual machine on a client is identified in response to receiving a request to execute an application. After the template is identified, without human intervention, a virtual machine is instantiated, using the template, in which the application is to be executed. The template may be selected from a plurality of templates based on the nature of the request, as each template describe characteristics of a virtual machine suitable for a different type of activity. Selected resources such as files are displayed to the virtual machines according to user and organization policies and controls. When the client determines that the application has ceased to execute, the client ceases execution of the virtual machine without human intervention.

Abstract: Approaches for enabling Supervisor Mode Execution Protection (SMEP) for a guest operating system which does not support SMEP. A guest operating system (OS), which does not support SMEP, is executed within a virtual machine. A hypervisor instructs hardware to enable SMEP for the virtual machine executing the guest operating system. When the hypervisor is notified that the hardware has detected the guest operating system instructing a central processing unit (CPU) to execute code stored in virtual memory accessible by user space while the CPU is in supervisor mode, the hypervisor may consult a policy to identify what, if any, responsive action the hypervisor should perform.

Abstract: Approaches for transferring a file using a virtualized application. A virtualized application executes within a virtual machine residing on a physical machine. When the virtualized application is instructed to download a file stored external to the physical machine, the virtualized application displays an interface which enables at least a portion of a file system, maintained by a host OS, to be browsed while preventing files stored within the virtual machine to be browsed. Upon the virtualized application receiving input identifying a target location within the file system, the virtualized application stores the file at the target location. The virtualized application may also upload a file stored on the physical machine using an interface which enables at least a portion of a file system of a host OS to be browsed while preventing files in the virtual machine to be browsed.

Abstract: Approaches for ensuring a digital file does not contain malicious code. A digital file in an original format may or may not contain malicious code. An intermediate copy of the digital file in an intermediate format is created from the digital file in the original format. The intermediate format preserves a visual or audio presentation of the digital file without supporting metadata or file format data structures of the original format. A sterilized copy of the digital file is created from the intermediate copy. The sterilized copy is in the original format. The sterilized copy comprises a digital signature indicating that the sterilized copy has been converted from the intermediate format to the original format. Advantageously, the sterilized copy is guaranteed to not possess any malicious code.

Abstract: Approaches for transferring data to a client by safely receiving the data in or more virtual machines. In response to the client determining that digital content, originating from an external source, is to be received or processed by the client, the client identifies, without human intervention, one or more virtual machines, executing or to be executed on the client, into which the digital content is to be stored. In doing so, the client may consult policy data to determine a placement policy, a containment policy, and a persistence policy for any virtual machine to receive the digital content. In this way, digital content, such as executable code or interpreted data, of unknown trustworthiness may be safely received by the client without the possibility of any malicious code therein from affecting any undesirable consequence upon the client.

Abstract: Approaches for processing a digital file in a manner designed to minimize exposure of any malicious code contained therein. A digital file resides with a virtual machine. When the virtual machine receives an instruction to print, fax, or email the digital file, the virtual machine creates, from the digital file existing in an original format, a copy of the digital file in a different format within the virtual machine. The different format preserves a visual presentation of the digital file without supporting metadata or file format data structures of the original format. The virtual machine instructs the host OS to print the copy of the digital file, send a facsimile of the copy of the digital file, or email the copy of the digital file. The host OS may consult policy data in determining how to carry out the request vis-à-vis the digital file.

Abstract: Approaches for ensuring a digital file does not contain malicious code. A digital file in an original format may or may not contain malicious code. An intermediate copy of the digital file in an intermediate format is created from the digital file in the original format. The intermediate format preserves a visual or audio presentation of the digital file without supporting metadata or file format data structures of the original format. A sterilized copy of the digital file is created from the intermediate copy. The sterilized copy is in the original format. The sterilized copy comprises a digital signature indicating that the sterilized copy has been converted from the intermediate format to the original format. Advantageously, the sterilized copy is guaranteed to not possess any malicious code.