Abstract: A docking station operable in a plurality of modes is disclosed. An example method includes obtaining first data via a first interface of the docking station configured to couple the docking station to a computing device and second data via a second interface of the docking station configured to communicate with a network, responsive to operating in a first mode, obtaining third data via the second interface of the docking station, responsive to operating in a second mode, and selectively outputting the first and the second data, or the third data, to a display based on whether the docking station operates in the first or the second mode. The selectively outputting includes determining that the computing device is not coupled to the docking station, and in response, processing the third data by an application installed in a secure sandbox, and outputting the processed third data to the display.

Abstract: A docking station operable in a plurality of modes is disclosed. An example method includes obtaining first data via a first interface of the docking station configured to couple the docking station to a computing device and second data via a second interface of the docking station configured to communicate with a network, responsive to operating in a first mode, obtaining third data via the second interface of the docking station, responsive to operating in a second mode, and selectively outputting the first and the second data, or the third data, to a display based on whether the docking station operates in the first or the second mode. The selectively outputting includes determining that the computing device is not coupled to the docking station, and in response, processing the third data by an application installed in a secure sandbox, and outputting the processed third data to the display.

Abstract: In one set of embodiments, confidential data needed by a workload component running within a worker VM can be placed on an encrypted virtual disk that is attached to the worker VM and hardware-based attestation can be used to validate the worker VM's software and isolate its guest memory from its hypervisor. Upon successful completion of this attestation process, a data decryption key can be delivered to the worker VM via a secure channel established via the attestation, such that the hypervisor cannot read or alter the key. The worker VM can then decrypt the contents of the encrypted virtual disk using the data decryption key, thereby granting the workload component access to the confidential data.

Abstract: A framework is provided that assigns a digital certificate to each VM-based control plane element and computing node (i.e., worker VM) of a workload orchestration platform implemented in a virtualized environment, where the digital certificate is signed by a trusted entity and provides cryptographic proof that the control plane element/worker VM has been successfully attested by that trusted entity using hardware-based attestation. Each control plane element/worker VM is configured to verify the digital certificates of other platform components prior to communicating with those components. With these digital certificates in place, when an end-user submits to the platform's front-end control plane element a new workload for deployment, the end-user can verify the digital certificate of the front-end control plane element in order to be assured that the workload will be deployed and executed by the platform in a secure manner.

Abstract: A compositor receives, from each of a plurality of originating devices, compressed and/or encrypted image data portions of a frame of image data, together with portion metadata for each of the compressed and/or encrypted image data portions. Frame metadata for the frame of image data. The compositor then composites the image data portions without decompressing and/or decrypting them, based on the portion and frame metadata, by generating composited frame metadata for the composited image frame and amending the portion metadata for each of the compressed and/or encrypted image data portions to indicate a location of the compressed and/or encrypted image data portions in the composited image frame. The compressed and/or encrypted image data portions, the composited frame metadata and the amended portion metadata are then transmitted by the compositor to a display control device.

Abstract: Mechanisms to protect the integrity of memory of a virtual machine are provided. The mechanisms involve utilizing certain capabilities of the hypervisor underlying the virtual machine to monitor writes to memory pages of the virtual machine. A guest integrity driver communicates with the hypervisor to request such functionality. Additional protections are provided for protecting the guest integrity driver and associated data, as well as for preventing use of these mechanisms by malicious software. These additional protections include an elevated execution mode, termed “integrity mode,” which can only be entered from a specified entry point, as well as protections on the memory pages that store the guest integrity driver and associated data.

Abstract: In one set of embodiments, confidential data needed by a workload component running within a worker VM can be placed on an encrypted virtual disk that is attached to the worker VM and hardware-based attestation can be used to validate the worker VM's software and isolate its guest memory from its hypervisor. Upon successful completion of this attestation process, a data decryption key can be delivered to the worker VM via a secure channel established via the attestation, such that the hypervisor cannot read or alter the key. The worker VM can then decrypt the contents of the encrypted virtual disk using the data decryption key, thereby granting the workload component access to the confidential data.

Abstract: A framework is provided that assigns a digital certificate to each VM-based control plane element and computing node (i.e., worker VM) of a workload orchestration platform implemented in a virtualized environment, where the digital certificate is signed by a trusted entity and provides cryptographic proof that the control plane element/worker VM has been successfully attested by that trusted entity using hardware-based attestation. Each control plane element/worker VM is configured to verify the digital certificates of other platform components prior to communicating with those components. With these digital certificates in place, when an end-user submits to the platform's front-end control plane element a new workload for deployment, the end-user can verify the digital certificate of the front-end control plane element in order to be assured that the workload will be deployed and executed by the platform in a secure manner.

Abstract: A compositor receives, from each of a plurality of originating devices, compressed and/or encrypted image data portions of a frame of image data, together with portion metadata for each of the compressed and/or encrypted image data portions. Frame metadata for the frame of image data. The compositor then composites the image data portions without decompressing and/or decrypting them, based on the portion and frame metadata, by generating composited frame metadata for the composited image frame and amending the portion metadata for each of the compressed and/or encrypted image data portions to indicate a location of the compressed and/or encrypted image data portions in the composited image frame. The compressed and/or encrypted image data portions, the composited frame metadata and the amended portion metadata are then transmitted by the compositor to a display control device.

Abstract: Disclosed are various embodiments that utilize conflict cost for workload placements in datacenter environments. In some examples, a protected memory level is identified for a computing environment. The computing environment includes a number of processor resources. Incompatible processor workloads are prohibited from concurrently executing on parallel processor resources. Parallel processor resources share memory at the protected memory level. A number of conflict costs are determined for a processor workload. Each conflict cost is determined based on a measure of compatibility between the processor workload and a parallel processor resource that shares a particular memory with the respective processor resource. The processor workload is assigned to execute on a processor resource associated with a minimum conflict cost.

Abstract: A compositor receives, from each of a plurality of originating devices, compressed and/or encrypted image data portions of a frame of image data, together with portion metadata for each of the compressed and/or encrypted image data portions. Frame metadata for the frame of image data. The compositor then composites the image data portions without decompressing and/or decrypting them, based on the portion and frame metadata, by generating composited frame metadata for the composited image frame and amending the portion metadata for each of the compressed and/or encrypted image data portions to indicate a location of the compressed and/or encrypted image data portions in the composited image frame. The compressed and/or encrypted image data portions, the composited frame metadata and the amended portion metadata are then transmitted by the compositor to a display control device.

Abstract: Disclosed are various embodiments that utilize conflict cost for workload placements in datacenter environments. In some examples, a protected memory level is identified for a computing environment. The computing environment includes a number of processor resources. Incompatible processor workloads are prohibited from concurrently executing on parallel processor resources. Parallel processor resources share memory at the protected memory level. A number of conflict costs are determined for a processor workload. Each conflict cost is determined based on a measure of compatibility between the processor workload and a parallel processor resource that shares a particular memory with the respective processor resource. The processor workload is assigned to execute on a processor resource associated with a minimum conflict cost.

Abstract: A method of emulating nested page table (NPT) mode-based execute control in a virtualized computing system includes: providing NPT mode-based execute control from a hypervisor to a virtual machine (VM) executing in the virtualized computing system; generating a plurality of shadow NPT hierarchies at the hypervisor based on an NPT mode-based execute policy obtained from the VM; configuring a processor of the virtualized computing system to exit from the VM to the hypervisor in response to an escalation from a user privilege level to a supervisor privilege level caused by guest code of the VM; and exposing a first shadow NPT hierarchy of the plurality of shadow NPT hierarchies to the processor in response to an exit from the VM to the hypervisor due to the escalation from the user privilege level to the supervisor privilege level.

Abstract: A compositor receives, from each of a plurality of originating devices, compressed and/or encrypted image data portions of a frame of image data, together with portion metadata for each of the compressed and/or encrypted image data portions. Frame metadata for the frame of image data. The compositor then composites the image data portions without decompressing and/or decrypting them, based on the portion and frame metadata, by generating composited frame metadata for the composited image frame and amending the portion metadata for each of the compressed and/or encrypted image data portions to indicate a location of the compressed and/or encrypted image data portions in the composited image frame. The compressed and/or encrypted image data portions, the composited frame metadata and the amended portion metadata are then transmitted by the compositor to a display control device.

Abstract: Techniques for securely supporting a global view of system memory in a physical/virtual computer system comprising a plurality of physical/virtual CPUs are provided. In one set of embodiments, the physical/virtual computer system can receive an interrupt indicating that a first physical/virtual CPU should enter a privileged CPU operating mode. The physical/virtual computer system can further determine that none of the plurality of physical/virtual CPUs are currently in the privileged CPU operating mode. In response to this determination, the physical/virtual computer system can modify the global view of system memory to include a special memory region comprising program code to be executed while in the privileged CPU operating mode; communicate, to the other physical/virtual CPUs, a signal to enter a stop state in which execution is halted but interrupts are accepted for entering the privileged CPU operating mode; and cause the first physical/virtual CPU to enter the privileged CPU operating mode.