Abstract: Some embodiments of a system and a method to notify applications of lost computing resources have been presented. For instance, a processing device running on a client machine can monitor a computing resource used by an application, which also runs on the client machine. If the computing resource is lost, then the processing device can notify the application of the loss and provides details about the lost computing resource to the application so that the application can take appropriate action in response to the loss.

Abstract: A computing system calculates a hash value of binary of a component of the computing system using a hash function and determines whether a signature that is associated with the binary of the component is valid. A trusted platform module in the computing system extends a platform configuration register value in the trusted platform module using a known value that is associated with the binary if the signature is valid.

Abstract: A computing device identifies a data packet received at a computing device. The computing device allocates memory having a fixed size to store the network data packet. A latency reducer identifies a free space in the memory allocation, the free space comprising a difference between the fixed size of the memory allocation and a size of the network data packet. The latency reducer creates a socket buffer list for the network data packet in the free space, the socket buffer list comprising a plurality of entries to serve as socket queue objects for a plurality of applications.

Abstract: A method and system for sending data in a file system that uses cryptographic signatures to protect data integrity. A computer system calculates a signature based on the content of a page of a memory. The memory is shared by processes that run on the computer system. The computer system write-protects the page while the page is used for calculation of the signature. When a first process attempts to modify the page, a page fault is triggered. In response to the page fault, the content of the page in memory is copied to a new page in the memory. The new page is accessible by the processes. Access to the page by the first process is redirected to the new page. Subsequent to the page fault, access to the page by the second process is also redirected to the new page.

Abstract: A system configures page tables to cause an operating system to copy original page data in a data store when any one of the application processes makes a first write request for the original page data. The system detects a page fault from a memory management unit receiving a first write request from one of the application processes and creates the copy in physical memory to allow the application process to modify the page data copy. The other application processes have read access to the original page data. The system replaces the original page data in the data store with the page data copy in response to receiving a first synchronization request from the application process and updates a page table for one of the other application processes to configure access to the replaced page data in response to receiving a second synchronization request from the one other application process.

Abstract: In response to a request received at an authentication server from a client to enter a network, the authentication server transmits a network access control (NAC) request to the client using a NAC protocol. The NAC request includes an identifier (ID) identifying a trusted platform (TP) credential that represents integrity of at least a portion of software and hardware configurations of the client. In response to a NAC response from the client, the authentication server compares the first TP credential with a second TP credential stored in a storage associated with the authentication server. The authentication server allows the client to enter the network if the first and second TP credentials are matched; otherwise, the client is prevented from entering the network.

Abstract: A computing system calculates a hash value of binary of a component of the computing system using a hash function and determines whether a signature that is associated with the binary of the component is valid. A trusted platform module in the computing system extends a platform configuration register value in the trusted platform module using a known value that is associated with the binary if the signature is valid.

Abstract: A request is received from a client for accessing a resource provided in a network, the request including credential data representing system integrity of at least one component running on the client. In response to the request, one or more credential identifiers identifying the credential data is transmitted to a management server that provisioned the client. Credential reference data is received from the management server based on the one or more credential identifiers. The client is authenticated based on a comparison of the credential data received from the client and credential reference data received from the management server.

Abstract: A virtual trusted platform module (VTPM) requests a security state from a virtual machine manager. The security state is indicative of the integrity of at least a portion of software and hardware configurations of the virtual machine manager. The VTPM then receives, from the virtual machine manager, a signed security state comprising trusted platform credentials, and communicates the security state with the authentication server. The VTPM also, based on a secret received from the authentication server, initializes a process using the secret.

Abstract: A method and system for sending data in a file system that uses cryptographic signatures to protect data integrity. A computer system calculates a signature based on the content of a page of a memory. The memory is shared by processes that run on the computer system. The computer system write-protects the page while the page is used for calculation of the signature. When a first process attempts to modify the page, a page fault is triggered. In response to the page fault, the content of the page in memory is copied to a new page in the memory. The new page is accessible by the processes. Access to the page by the first process is redirected to the new page. Subsequent to the page fault, access to the page by the second process is also redirected to the new page.

Abstract: A host rule mapping module in a firewall server may receive an update notification from a name server. The update notification may indicate a change to an address associated with a host name of a host machine. In response to receiving the update notification, the host rule mapping module may request a record corresponding to the host name identified in the update notification. The host rule mapping module may receive a contents of the record in response to the request from the name server, and update a firewall rule corresponding to the address identified in the update notification to include the contents of the record.

Abstract: A method and system for sending data in a file system that uses cryptographic signatures to protect data integrity. A computer system calculates a signature based on the content of a page of a memory. The memory is shared by processes that run on the computer system. The computer system write-protects the page while the page is used for calculation of the signature. When a first process attempts to modify the page, a page fault is triggered. In response to the page fault, the content of the page in memory is copied to a new page in the memory. The new page is accessible by the processes. Access to the page by the first process is redirected to the new page. Subsequent to the page fault, access to the page by the second process is also redirected to the new page.

Abstract: A computing device identifies a data packet received at a computing device. The computing device allocates memory having a fixed size to store the network data packet. A latency reducer identifies a free space in the memory allocation, the free space comprising a difference between the fixed size of the memory allocation and a size of the network data packet. The latency reducer creates a socket buffer list for the network data packet in the free space, the socket buffer list comprising a plurality of entries to serve as socket queue objects for a plurality of applications.

Abstract: A computing device receives a first data packet at a network interface card. The network interface card asserts a hard interrupt request on a first processing device based on a interrupt affinity value. A latency reduction module consults a data structure to identify a second processing device and schedules a soft interrupt request for the first data packet on the second processing device. The latency reduction module determines if an affinity threshold is met, and if the affinity threshold is met, updates the interrupt affinity value to reflect the second processing device.

Abstract: A host rule mapping module in a firewall server may receive an update notification from a name server. The update notification may indicate a change to an address associated with a host name of a host machine. In response to receiving the update notification, the host rule mapping module may request a record corresponding to the host name identified in the update notification. The host rule mapping module may receive a contents of the record in response to the request from the name server, and update a firewall rule corresponding to the address identified in the update notification to include the contents of the record.

Abstract: A method and system for sending data in a file system that uses cryptographic signatures to protect data integrity. A computer system calculates a signature based on the content of a page of a memory. The memory is shared by processes that run on the computer system. The computer system write-protects the page while the page is used for calculation of the signature. When a first process attempts to modify the page, a page fault is triggered. In response to the page fault, the content of the page in memory is copied to a new page in the memory. The new page is accessible by the processes. Access to the page by the first process is redirected to the new page. Subsequent to the page fault, access to the page by the second process is also redirected to the new page.

Abstract: A request is received from a client for accessing a resource provided in a network, the request including credential data representing system integrity of at least one component running on the client. In response to the request, one or more credential identifiers identifying the credential data is transmitted to a management server that provisioned the client. Credential reference data is received from the management server based on the one or more credential identifiers. The client is authenticated based on a comparison of the credential data received from the client and credential reference data received from the management server.

Abstract: In response to a request received at an authentication server from a client to enter a network, the authentication server transmits a network access control (NAC) request to the client using a NAC protocol. The NAC request includes an identifier (ID) identifying a trusted platform (TP) credential that represents integrity of at least a portion of software and hardware configurations of the client. In response to a NAC response from the client, the authentication server compares the first TP credential with a second TP credential stored in a storage associated with the authentication server. The authentication server allows the client to enter the network if the first and second TP credentials are matched; otherwise, the client is prevented from entering the network.

Abstract: A system configures page tables to cause an operating system to copy original page data in a data store when any one of the application processes makes a first write request for the original page data. The system detects a page fault from a memory management unit receiving a first write request from one of the application processes and creates the copy in physical memory to allow the application process to modify the page data copy. The other application processes have read access to the original page data. The system replaces the original page data in the data store with the page data copy in response to receiving a first synchronization request from the application process and updates a page table for one of the other application processes to configure access to the replaced page data in response to receiving a second synchronization request from the one other application process.

Abstract: Some embodiments of a system and a method to notify applications of lost computing resources have been presented. For instance, a processing device running on a client machine can monitor a computing resource used by an application, which also runs on the client machine. If the computing resource is lost, then the processing device can notify the application of the loss and provides details about the lost computing resource to the application so that the application can take appropriate action in response to the loss.