Abstract: Facilities are provided to secure guest runtime environments (GREs). Security policy specifications may be associated with GREs. A GRE's security policy may be specific to the GRE and may also include security policy inherited from higher levels such as a host operating environment. The security policy of a GRE specifies restrictions and/or permissions for activities that may be performed within the scope of execution of the GRE. A GRE's security policy may limit what the GRE's guest software may do within the GRE. Restrictions/permissions may be applied to objects such as files, configuration data, and the like. Security specifications may be applied to execution initiated within a GRE. A GRE's security specification may restrict/permit executable objects from loading and executing within the GRE. The executability or accessibility of objects may be conditioned on factors such as the health/integrity of the GRE, the host system, requested files, and others.

Abstract: Systems, methods, and apparatus for separately loading and managing foreground work and background work of an application. In some embodiments, a method is provided for use by an operating system executing on at least one computer. The operating system may identify at least one foreground component and at least one background component of an application, and may load the at least one foreground component for execution separately from the at least one background component. For example, the operating system may execute the at least one foreground component without executing the at least one background component. In some further embodiments, the operating system may use a specification associated with the application to identify at least one piece of computer executable code implementing the at least one background component.

Abstract: Facilities are provided to secure guest runtime environments (GREs). Security policy specifications may be associated with GREs. A GRE's security policy may be specific to the GRE and may also include security policy inherited from higher levels such as a host operating environment. The security policy of a GRE specifies restrictions and/or permissions for activities that may be performed within the scope of execution of the GRE. A GRE's security policy may limit what the GRE's guest software may do within the GRE. Restrictions/permissions may be applied to objects such as files, configuration data, and the like. Security specifications may be applied to execution initiated within a GRE. A GRE's security specification may restrict/permit executable objects from loading and executing within the GRE. The executability or accessibility of objects may be conditioned on factors such as the health/integrity of the GRE, the host system, requested files, and others.

Abstract: Embodiments for performing cooperative user mode scheduling between user mode schedulable (UMS) threads and primary threads are disclosed. In accordance with one embodiment, privileged hardware states are transferred from a kernel portion of a UMS thread to a kernel portion of a primary thread.

Abstract: Various embodiments provide techniques and devices for protecting application secrets from operating system attacks. In some examples, applications execute with an isolated user mode of a secure execution environment, while relying on an operating system executing within a separate execution environment for resource management and system services. A proxy kernel can control access by the operating system to data associated with the secure execution environment. Further, the proxy kernel can act as a transparent interface between isolated user mode applications and the operating system during the provision of resource management and system services.

Abstract: Systems, methods, and apparatus for separately loading and managing foreground work and background work of an application. In some embodiments, a method is provided for use by an operating system executing on at least one computer. The operating system may identify at least one foreground component and at least one background component of an application, and may load the at least one foreground component for execution separately from the at least one background component. For example, the operating system may execute the at least one foreground component without executing the at least one background component. In some further embodiments, the operating system may use a specification associated with the application to identify at least one piece of computer executable code implementing the at least one background component.

Abstract: Only a particular number of applications on a computing device are active at any given time, with applications that are not active being suspended. A policy is applied to determine when an application is to be suspended. However, an operating system component can have a particular application be exempted from being suspended (e.g., due to an operation being performed by the application). Additionally, an operating system component can have an application that has been suspended resumed (e.g., due to a desire of another application to communicate with the suspended application).

Abstract: Systems, methods, and apparatus for separately loading and managing foreground work and background work of an application. In some embodiments, a method is provided for use by an operating system executing on at least one computer. The operating system may identify at least one foreground component and at least one background component of an application, and may load the at least one foreground component for execution separately from the at least one background component. For example, the operating system may execute the at least one foreground component without executing the at least one background component. In some further embodiments, the operating system may use a specification associated with the application to identify at least one piece of computer executable code implementing the at least one background component.

Abstract: Various embodiments provide techniques and devices for protecting application secrets from operating system attacks. In some examples, applications execute with an isolated user mode of a secure execution environment, while relying on an operating system executing within a separate execution environment for resource management and system services. A proxy kernel can control access by the operating system to data associated with the secure execution environment. Further, the proxy kernel can act as a transparent interface between isolated user mode applications and the operating system during the provision of resource management and system services.

Abstract: Embodiments for performing cooperative user mode scheduling between user mode schedulable (UMS) threads and primary threads are disclosed. In accordance with one embodiment, privileged hardware states are transferred from a kernel portion of a UMS thread to a kernel portion of a primary thread.

Abstract: Systems, methods, and apparatus for separately loading and managing foreground work and background work of an application. In some embodiments, a method is provided for use by an operating system executing on at least one computer. The operating system may identify at least one foreground component and at least one background component of an application, and may load the at least one foreground component for execution separately from the at least one background component. For example, the operating system may execute the at least one foreground component without executing the at least one background component. In some further embodiments, the operating system may use a specification associated with the application to identify at least one piece of computer executable code implementing the at least one background component.

Abstract: Systems, methods, and apparatus for separately managing foreground work and background work. In some embodiments, an operating system may identify at least one foreground component and at least one background component of a same application or different applications, and may manage the execution of the components differently. For example, the operating system may receive a request that at least one background component of an application be executed in response to at least one event. In response to detecting an occurrence of the at least one event, the operating system may determine whether at least one first condition set by the application is satisfied and whether at least one second condition set by the operating system is satisfied, and may execute the at least one background component when it is determined that the at least one first and second conditions are satisfied following the occurrence of the at least one event.

Abstract: Systems, methods, and apparatus for separately loading and managing foreground work and background work of an application. In some embodiments, a method is provided for use by an operating system executing on at least one computer. The operating system may identify at least one foreground component and at least one background component of an application, and may load the at least one foreground component for execution separately from the at least one background component. For example, the operating system may execute the at least one foreground component without executing the at least one background component. In some further embodiments, the operating system may use a specification associated with the application to identify at least one piece of computer executable code implementing the at least one background component.

Abstract: Only a particular number of applications on a computing device are active at any given time, with applications that are not active being suspended. A policy is applied to determine when an application is to be suspended. However, an operating system component can have a particular application be exempted from being suspended (e.g., due to an operation being performed by the application). Additionally, an operating system component can have an application that has been suspended resumed (e.g., due to a desire of another application to communicate with the suspended application).

Abstract: Only a particular number of applications on a computing device are active at any given time, with applications that are not active being suspended. A policy is applied to determine when an application is to be suspended. However, an operating system component can have a particular application be exempted from being suspended (e.g., due to an operation being performed by the application). Additionally, an operating system component can have an application that has been suspended resumed (e.g., due to a desire of another application to communicate with the suspended application).

Abstract: Only a particular number of applications on a computing device are active at any given time, with applications that are not active being suspended. A policy is applied to determine when an application is to be suspended. However, an operating system component can have a particular application be exempted from being suspended (e.g., due to an operation being performed by the application). Additionally, an operating system component can have an application that has been suspended resumed (e.g., due to a desire of another application to communicate with the suspended application).

Abstract: Systems, methods, and apparatus for separately loading and managing foreground work and background work of an application. In some embodiments, a method is provided for use by an operating system executing on at least one computer. The operating system may identify at least one foreground component and at least one background component of an application, and may load the at least one foreground component for execution separately from the at least one background component. For example, the operating system may execute the at least one foreground component without executing the at least one background component. In some further embodiments, the operating system may use a specification associated with the application to identify at least one piece of computer executable code implementing the at least one background component.

Abstract: Systems, methods, and apparatus for separately managing foreground work and background work. In some embodiments, an operating system may identify at least one foreground component and at least one background component of a same application or different applications, and may manage the execution of the components differently. For example, the operating system may receive a request that at least one background component of an application be executed in response to at least one event. In response to detecting an occurrence of the at least one event, the operating system may determine whether at least one first condition set by the application is satisfied and whether at least one second condition set by the operating system is satisfied, and may execute the at least one background component when it is determined that the at least one first and second conditions are satisfied following the occurrence of the at least one event.

Abstract: The present invention manages resources in a computing device to facilitate the allocation of resources amongst competing clients operating on the device. A hierarchy of budgets is constructed to encode restrictions on the aggregated use of a resource allocated by a resource provider to one or more clients. A resource manager validates and arbitrates requests to allocate resources to the one or more clients by resource providers in accordance with the budgets comprising the hierarchy. The resource manager notifies clients of availability and shortages of resources to promote compliance with the restrictions encoded in the budgets of the hierarchy.

Abstract: A system and method for automatically updating software components on a running computer system without requiring any interruption of service. A software module is hotpatched by loading a patch into memory and modifying an instruction in the original module to jump to the patch. A coldpatching technique places a coldpatch version of the module on disk for subsequent loading by processes, after hotpatching occurred. The coldpatch has the entry points to its functions at the same relative locations within the module as the hotpatch, which facilitates subsequent hotpatching. A hotpatch and coldpatch are automatically generated by deriving differences between changed and original binary files, and establishing the point to insert the jump. Validation is performed to ensure that the hotpatch is applied to the correct version, and that the coldpatch is replacing the correct version. Version management is also provided to control the number of patches via support rules.