Abstract: A computing system includes a guest domain access control register (DACR), and guest first and second level page tables, the page tables containing domain identifiers used to obtain domain access information and access permission information, and the domain access information and the access permission information providing an effective guest access permission. The computing system provides a shadow page table, in which domain identifiers are used to identify domain access information in a processor DACR that are mapped from domain access information in the guest DACR, and in which access permissions are mapped from effective access permission information in the guest page tables and guest DACR. A memory management unit in the processor traverses the shadow page table, accesses the processor DACR, and combines the mapped domain access information in the processor with the mapped access permission in the shadow page table to reflect the guest intended effective access permissions.

Abstract: An application management agent running on a wireless communications device restricts access to device functionality (e.g., applications and device features) unless the application management agent has determined that a particular configuration profile has been installed on the device (after which the application management agent permits access to device functionality, and an operating system of the device enforces policy settings specified in the configuration profile). The application management agent confirms the presence of the configuration profile by initiating an SSL handshake with a client certificate request for a client SSL certificate embedded in the configuration profile. Validation against the embedded client SSL certificate implicitly confirms the presence of the configuration profile and validates the content of the configuration profile.

Abstract: In a virtualized computer system operable in more than two hierarchical privilege levels, components of a hypervisor, which include a virtual machine kernel and virtual machine monitors (VMMs), are assigned to different privilege levels. The virtual machine kernel operates at a low privilege level to be able to exploit certain features provided by the low privilege level, and the VMMs operate at a high privilege level to support execution of virtual machines. Upon determining that a context switch from the virtual machine kernel to a VMM is to be performed, the computer system exits the low privilege level, and enters the high privilege level to execute a trampoline that supports context switches to VMMs, such as state changes, and then the VMM. The trampoline is deactivated after execution control is switched to the VMM.

Abstract: A secure mode of a computer system is used to provide simulated devices. In operation, if an instruction executing in a non-secure mode accesses a simulated device, then a resulting exception is forwarded to a secure monitor executing in the secure mode. Based on the address accessed by the instruction, the secure monitor identifies the device and simulates the instruction. The secure monitor executes independently of other applications included in the computer system, and does not rely on any hardware virtualization capabilities of the computer system.

Abstract: In a virtualized computer system operable in more than two hierarchical privilege levels, components of a hypervisor, which include a virtual machine kernel and virtual machine monitors (VMMs), are assigned to different privilege levels. The virtual machine kernel operates at a low privilege level to be able to exploit certain features provided by the low privilege level, and the VMMs operate at a high privilege level to support execution of virtual machines. Upon determining that a context switch from the virtual machine kernel to a VMM is to be performed, the computer system exits the low privilege level, and enters the high privilege level to execute a trampoline that supports context switches to VMMs, such as state changes, and then the VMM. The trampoline is deactivated after execution control is switched to the VMM.

Abstract: In a virtualized computer system operable in more than two hierarchical privilege levels, components of a hypervisor, which include a virtual machine kernel and virtual machine monitors (VMMs), are assigned to different privilege levels. The virtual machine kernel operates at a low privilege level to be able to exploit certain features provided by the low privilege level, and the VMMs operate at a high privilege level to support execution of virtual machines. Upon determining that a context switch from the virtual machine kernel to a VMM is to be performed, the computer system exits the low privilege level, and enters the high privilege level to execute a trampoline that supports context switches to VMMs, such as state changes, and then the VMM. The trampoline is deactivated after execution control is switched to the VMM.

Abstract: A computing device employs a cooperative memory management technique to dynamically balance memory resources between host and guest systems running therein. According to this cooperative memory management technique, memory that is allocated to the guest system is dynamically adjusted up and down according to a fairness policy that takes into account various factors including the relative amount of readily freeable memory resources in the host and guest systems and the relative amount of memory allocated to hidden applications in the host and guest systems.

Abstract: One embodiment of the present invention provides a system that facilitates user-mode system-level virtualization in a mobile device. During operation, a hypervisor intercepts a virtual machine's attempt to access a privileged resource. The hypervisor manages the virtual machine and runs on a host system in a user mode. Furthermore, the hypervisor emulates the privileged resource using a user-mode system call provided by the host system. In addition, the hypervisor provides access to the emulated privileged resource to the virtual machine, thereby allowing the virtual machine to operate with the emulated privileged resource without directly accessing actual privileged resources on the host system.

Abstract: In an example, a method of creating a secured workspace in a mobile device includes installing an application management agent on the mobile device, wherein the application management agent is configured to communicate with a remote server to obtain a security policy. The method further includes installing a wrapped enterprise application to the mobile device. The wrapped enterprise application includes code injected therein that, when executed by the mobile device, causes the mobile device to intercept at least a portion of instructions being executed by the wrapped enterprise application and to interpose alternative instructions that comply with the security policy. The method further includes communicating among the wrapped enterprise application, the application management agent, and other wrapped enterprise applications through pasteboard and uniform resource locator (URL) handlers provided by an operating system of the mobile device.

Abstract: An application management agent running on a wireless communications device restricts access to device functionality (e.g., applications and device features) unless the application management agent has determined that a particular configuration profile has been installed on the device (after which the application management agent permits access to device functionality, and an operating system of the device enforces policy settings specified in the configuration profile). The application management agent confirms the presence of the configuration profile by initiating an SSL handshake with a client certificate request for a client SSL certificate embedded in the configuration profile. Validation against the embedded client SSL certificate implicitly confirms the presence of the configuration profile and validates the content of the configuration profile.

Abstract: An application management agent running on a wireless communications device restricts access to device functionality (e.g., applications and device features) unless the application management agent has determined that a particular configuration profile has been installed on the device (after which the application management agent permits access to device functionality, and an operating system of the device enforces policy settings specified in the configuration profile). The application management agent confirms the presence of the configuration profile by using a validation certificate to validate against a root certificate embedded in a configuration profile installed on the device. The configuration profile is configured to be non-removable, so it cannot be remove or updated, except by another configuration profile signed by the same authority.

Abstract: A computing system includes a guest domain access control register (DACR), and guest first and second level page tables, the page tables containing domain identifiers used to obtain domain access information and access permission information, and the domain access information and the access permission information providing an effective guest access permission. The computing system provides a shadow page table, in which domain identifiers are used to identify domain access information in a processor DACR that are mapped from domain access information in the guest DACR, and in which access permissions are mapped from effective access permission information in the guest page tables and guest DACR. A memory management unit in the processor traverses the shadow page table, accesses the processor DACR, and combines the mapped domain access information in the processor with the mapped access permission in the shadow page table to reflect the guest intended effective access permissions.

Abstract: An application management agent running on a wireless communications device restricts access to device functionality (e.g., applications and device features) unless the application management agent has determined that a particular configuration profile has been installed on the device (after which the application management agent permits access to device functionality, and an operating system of the device enforces policy settings specified in the configuration profile). The application management agent confirms the presence of the configuration profile by using a validation certificate to validate against a root certificate embedded in a configuration profile installed on the device. The configuration profile is configured to be non-removable, so it cannot be remove or updated, except by another configuration profile signed by the same authority.

Abstract: An application management agent running on a wireless communications device restricts access to device functionality (e.g., applications and device features) unless the application management agent has determined that a particular configuration profile has been installed on the device (after which the application management agent permits access to device functionality, and an operating system of the device enforces policy settings specified in the configuration profile). The application management agent confirms the presence of the configuration profile by initiating an SSL handshake with a client certificate request for a client SSL certificate embedded in the configuration profile. Validation against the embedded client SSL certificate implicitly confirms the presence of the configuration profile and validates the content of the configuration profile.

Abstract: In a computing system including a processor and virtualization software including a guest operating system (OS) that utilizes a guest domain access control register (DACR) containing domain access information and guest page tables including first level page tables (L1 page tables) and second level page tables (L2 page tables), which guest page tables contain: (a) domain identifiers used to obtain domain access information from the guest DACR and (b) access permission information, wherein the domain access information and the access permission information are combined to provide an effective guest access permission, in accordance with one embodiment, a method for providing shadow page tables and processor DACR settings that virtualize processor memory protection includes: the virtualization software providing a shadow page table wherein: (a) domain identifiers in the shadow page table are used to identify domain access information in the processor DACR that are mapped from the domain access information in the

Abstract: A computing device employs a cooperative memory management technique to dynamically balance memory resources between host and guest systems running therein. According to this cooperative memory management technique, memory that is allocated to the guest system is dynamically adjusted up and down according to a fairness policy that takes into account various factors including the relative amount of readily freeable memory resources in the host and guest systems and the relative amount of memory allocated to hidden applications in the host and guest systems.

Abstract: Particular embodiments provide a method to authenticate a user of an application running on a mobile operating system (OS) installed on a mobile device, wherein the mobile OS invokes callback methods of the application upon making changes to an execution state of the application. Code embedded into the application causes the application to communicate with a management agent installed in the mobile OS upon invocation of a hooked callback method. Upon invocation of the hooked callback method, the embedded code assesses whether the user should be provided an authentication challenge prior to enabling the application to run in the foreground, and presents the authentication challenge if necessary. Finally, the embedded code returns execution control from the management agent back to the application wherein the application executes the at least one callback method prior to running in the foreground.

Abstract: Methods for providing shadow page tables that virtualize processor memory protection. In one embodiment, two shadow L2 page tables are maintained for each section, for example, each 1 MB section, of guest address space covered by a shadow L1 descriptor.

Abstract: One embodiment of the present invention provides a system that facilitates storing an image file of a virtual machine on a potentially unprotected flash storage exhibiting sub-optimal non-sequential write performance on a mobile phone. During operation, the system stores in the flash storage data in a log-structured format and in a protected storage meta-data associated with the data stored in the flash storage. The system also checks integrity of the data stored in the flash storage using the meta-data in the protected storage.

Abstract: One embodiment of the present invention provides a system for managing storage space in a mobile device. During operation, the system detects a decrease in available disk space in a host file system, wherein an image file for a guest system is stored in the host file system. In response to the detected decrease, the system increases a size of a balloon file in a storage of a guest system. The system then receives an indication of a TRIM or discard communication and intercepts the TRIM or discard communication. Next, the system determines that at least one block is free based on the intercepted TRIM or discard communication. Subsequently, the system frees a physical block corresponding to the at least one block in a storage of the host system and reduces a size of the image file for the guest system in accordance with the intercepted TRIM or discard communication.