Abstract: Principles for enabling power management techniques for virtual machines. In a virtual machine environment, a physical computer system may maintain management facilities to direct and control one or more virtual machines executing thereon. In some techniques described herein, the management facilities may be adapted to place a virtual processor in an idle state in response to commands from a guest operating system. One or more signaling mechanisms may be supported such that the guest operating system will command the management facilities to place virtual processors in the idle state.

Abstract: A method and apparatus are provided to detect malicious code in a computing system, where the malicious code is obscured by manipulation of an input/output memory management unit. A peripheral component interconnect express (PCIe) device requests a translation of a bus address for a given device in the system and determines whether the requested translation was received. If the requested translation was received, the PCIe device further determines whether the bus address for the given device corresponds to a physical address for the given device. If the bus address for the given device does not correspond to the physical address for the given device, the PCIe device sends a notification that the computing system is potentially compromised.

Abstract: Principles for enabling power management techniques for virtual machines. In a virtual machine environment, a physical computer system may maintain management facilities to direct and control one or more virtual machines executing thereon. In some techniques described herein, the management facilities may be adapted to place a virtual processor in an idle state in response to commands from a guest operating system. One or more signaling mechanisms may be supported such that the guest operating system will command the management facilities to place virtual processors in the idle state.

Abstract: Methods, systems, and apparatuses, including computer programs encoded on a computer storage medium, for distribution of cryptographic keys. In one aspect, a method includes receiving a plurality of requests, each request being received by a different respective virtual machine of a plurality of virtual machines; generating, by each of the virtual machines, a different host key pair, wherein each of the host key pairs comprises an encryption key and a decryption key that are associated with the virtual machine that generated it; providing, by each of the virtual machines, the encryption key generated by the virtual machine to a distinct metadata server that stores parameters of the virtual machine; and sending, from each of the metadata servers, the encryption key generated by the virtual machine that the metadata server is configured to communicate with to an application programming interface system.

Abstract: In the host operating system of a computing device, entropy data is collected based at least in part on each of one or more hardware components of the computing device. An entropy pool is updated based at least in part on the collected entropy data, and data from the entropy pool is provided to a guest operating system running as a virtual machine of the computing device. The guest operating system maintains a guest operating system entropy pool based on the data from the entropy pool provided by the host operating system. The guest operating system accesses the guest operating system entropy pool and uses the guest operating system entropy pool as a basis for generating values including random numbers.

Abstract: Principles for enabling power management techniques for virtual machines. In a virtual machine environment, a physical computer system may maintain management facilities to direct and control one or more virtual machines executing thereon. In some techniques described herein, the management facilities may be adapted to place a virtual processor in an idle state in response to commands from a guest operating system. One or more signaling mechanisms may be supported such that the guest operating system will command the management facilities to place virtual processors in the idle state.

Abstract: Techniques are disclosed for coalescing timer ticks generated by timers used to service guest operating systems executing in virtual machines. By coalescing timer ticks a logical processor can enter a low power mode thereby reducing power consumed by the system.

Abstract: Avoiding cache-line sharing in virtual machines can be implemented in a system running a host and multiple guest operating systems. The host facilitates hardware access by a guest operating system and oversees memory access by the guest. Because cache lines are associated with memory pages that are spaced at regular intervals, the host can direct guest memory access to only select memory pages, and thereby restrict guest cache use to one or more cache lines. Other guests can be restricted to different cache lines by directing memory access to a separate set of memory pages.

Abstract: Avoiding cache-line sharing in virtual machines can be implemented in a system running a host and multiple guest operating systems. The host facilitates hardware access by a guest operating system and oversees memory access by the guest. Because cache lines are associated with memory pages that are spaced at regular intervals, the host can direct guest memory access to only select memory pages, and thereby restrict guest cache use to one or more cache lines. Other guests can be restricted to different cache lines by directing memory access to a separate set of memory pages.