Abstract: Approaches for managing how the passage of time is observed by a software execution environment, such as a virtual machine or a sandbox environment. A computer system maintains a set of physical time sources. A set of virtual time sources are computed based on the set of physical time sources. The virtual time sources operate independently of the set of physical time sources. For example, the virtual time sources may observe time passing faster or slower than the set of physical time sources. The set of virtual time sources are presented to the software execution environment as the set of time sources. Many benefits may be obtained such as higher utilization of allocated resources and avoidance of timeouts.

Abstract: Approaches for managing how the passage of time is observed by a software execution environment, such as a virtual machine or a sandbox environment. A computer system maintains a set of physical time sources. A set of virtual time sources are computed based on the set of physical time sources. The virtual time sources operate independently of the set of physical time sources. For example, the virtual time sources may observe time passing faster or slower than the set of physical time sources. The set of virtual time sources are presented to the software execution environment as the set of time sources. Many benefits may be obtained such as higher utilization of allocated resources and avoidance of timeouts.

Abstract: Approaches for monitoring a host operating system. A threat model is stored and maintained in an isolated execution environment. The threat model identifies for any process executing on a host operating system how trustworthy the process should be deemed based on a pattern of observed behavior. The execution of the process and those processes in a monitoring circle relationship thereto are monitored. The monitoring circle relationship includes a parent process, any process in communication with a member of monitoring circle relationship, and any process instantiated by a present member of monitoring circle relationship. Observed process behavior is correlated with the threat model. Upon determining that a particular process has behaved in a manner inconsistent with a pattern of allowable behavior identified by the threat model for that process, a responsive action is taken.

Abstract: Approaches for composing the display of a virtualized web browser. Upon a host module, executing in a host operating system, of a virtualized web browser being instructed to display a new web page, policy data is consulted to determine if one or more trigger conditions are satisfied. Upon determining that at least one of the one or more trigger conditions is satisfied, the virtualized web browser, transparently to a user, retrieving and rendering the new web page in a location different than where the previous web page was retrieved and rendered by the virtualized web browser. After the new web page has been retrieved and rendered at the location specified by the policy data, the host module displays the new web page. The policy data may operate to specify the behavior of individual tabs of the virtualized web browser.

Abstract: A software module executes in a first isolated execution environment. The module determines the first environment has caused data to the written to a first clipboard maintained by the first environment. The module consults policy data to determine whether the data should additionally be written to a second clipboard maintained by a second isolated execution environment. The policy data does not allow one or more types of clipboard objects to be written to the second clipboard even if they were written to the first clipboard at the initiation of or approved by a user to prevent the user from introducing a potentially hazardous type of object into the second clipboard. Upon the module determining that the policy data allows the data to be written to the second clipboard, the software module causes the data to written to the second clipboard.

Abstract: Embodiments of the invention enable any request to download data to a computer system to be performed such that the requested data is stored in a dedicated virtual machine. A request to transfer data from an external location to the computer system is received. The request may originate from a process in a virtual machine or a host operating system. A connection with the external location using parameters identified in the request. The request is performed by transferring the data from the external location to a dedicated virtual machine which does not have access to the file system and cannot persistently store data on the computer system. One or more dedicated virtual machines may be instantiated as needed. A single dedicated virtual machine may accommodate multiple downloads concurrently.

Abstract: Approaches for monitoring a host operating system. A threat model is stored and maintained in an isolated execution environment. The threat model identifies for any process executing on a host operating system how trustworthy the process should be deemed based on a pattern of observed behavior. The execution of the process and those processes in a monitoring circle relationship thereto are monitored. The monitoring circle relationship includes a parent process, any process in communication with a member of monitoring circle relationship, and any process instantiated by a present member of monitoring circle relationship. Observed process behavior is correlated with the threat model. Upon determining that a particular process has behaved in a manner inconsistent with a pattern of allowable behavior identified by the threat model for that process, a responsive action is taken.

Abstract: Approaches for securely authenticating untrusted operating environments. A software module intercepts a message which requires a first operating environment to authenticate itself to a service or resource provider. The software module executes outside of the first operating environment. The first operating environment lacks access to an authentication mechanism necessary to successfully authenticate to the service or resource provider. The software module notifies a second operating environment of the message. The second operating environment determines that the first operating environment should be permitted to authenticate to the service or resource provider. The second operating environment obtains authentication data generated using the authentication mechanism. The second operating environment provides the authentication data to the first operating environment to allow the first operating environment to authenticate itself to the service or resource provider.

Abstract: Approaches for transferring control to a bit set. Execution of a bit set upon a host operating system is monitored. A determination is made that the execution of the bit set exhibits a suspicious characteristic. In response, the execution of the bit set on the host operating system is ceased. Then, the bit set is copied into an isolated environment and control to the bit set is transferred within the isolated environment. Thereafter, execution analysis upon the bit set is initiated in the isolated environment. The isolated environment may, but need not, reside on a different physical device than upon which executes the host operating system.

Abstract: Approaches for managing how the passage of time is observed by a software execution environment, such as a virtual machine or a sandbox environment. A computer system maintains a set of physical time sources. A set of virtual time sources are computed based on the set of physical time sources. The virtual time sources operate independently of the set of physical time sources. For example, the virtual time sources may observe time passing faster or slower than the set of physical time sources. The set of virtual time sources are presented to the software execution environment as the set of time sources. Many benefits may be obtained such as higher utilization of allocated resources and avoidance of timeouts.

Abstract: Approaches for managing how the passage of time is observed by a software execution environment, such as a virtual machine or a sandbox environment. A computer system maintains a set of physical time sources. A set of virtual time sources are computed based on the set of physical time sources. The virtual time sources operate independently of the set of physical time sources. For example, the virtual time sources may observe time passing faster or slower than the set of physical time sources. The set of virtual time sources are presented to the software execution environment as the set of time sources. Many benefits may be obtained such as higher utilization of allocated resources and avoidance of timeouts.

Abstract: Approaches for performing memory management by a hypervisor. A host operating system and a hypervisor are executed on a device. The host operating system is not configured to access physical memory addressed above four gigabytes. The hypervisor manages memory for a device, including memory addressed above four gigabytes. When the hypervisor instantiates a virtual machine, the hypervisor may allocate memory pages for the newly instantiated virtual machine by preferentially using any unassigned memory addressed above four gigabytes before using memory allocated from the host (and hence addressed below four gigabytes).

Abstract: Approaches for ensuring a file operation is not performed in a malicious manner. Upon being instructed to perform the file operation on a file, a profile for the file is obtained. The profile is data that is signed by a digital signature and identifies a set of resources which said file requires. The profile associated with a particular file may be obtained in a variety of different ways. The file operation is performed in a virtual machine that lacks access to resources of the device or of a network except for those resources identified in the profile.

Abstract: Approaches for managing how the passage of time is observed by a software execution environment, such as a virtual machine or a sandbox environment. A computer system maintains a set of physical time sources. A set of virtual time sources are computed based on the set of physical time sources. The virtual time sources operate independently of the set of physical time sources. For example, the virtual time sources may observe time passing faster or slower than the set of physical time sources. The set of virtual time sources are presented to the software execution environment as the set of time sources. Many benefits may be obtained such as higher utilization of allocated resources and avoidance of timeouts.

Abstract: Approaches for transferring control to a bit set. Execution of a bit set upon a host operating system is monitored. A determination is made that the execution of the bit set exhibits a suspicious characteristic. In response, the execution of the bit set on the host operating system is ceased. Then, the bit set is copied into an isolated environment and control to the bit set is transferred within the isolated environment. Thereafter, execution analysis upon the bit set is initiated in the isolated environment. The isolated environment may, but need not, reside on a different physical device than upon which executes the host operating system.

Abstract: Approaches for monitoring a host operating system. A threat model is stored and maintained in an isolated execution environment. The threat model identifies for any process executing on a host operating system how trustworthy the process should be deemed based on a pattern of observed behavior. The execution of the process and those processes in a monitoring circle relationship thereto are monitored. The monitoring circle relationship includes a parent process, any process in communication with a member of monitoring circle relationship, and any process instantiated by a present member of monitoring circle relationship. Observed process behavior is correlated with the threat model. Upon determining that a particular process has behaved in a manner inconsistent with a pattern of allowable behavior identified by the threat model for that process, a responsive action is taken.

Abstract: Approaches for providing operating environments selective access to network resources. A guest operating system, executing on a device, may issue a request to a network device for access to a set of network resources. Once the guest operating system authenticates itself to the network device, the network device provides, to the guest operating system, access to the set of network resources. Note that the host operating system, executing on the device, does not have access to the set of network resources. A guest operating system may be provided access to an untrusted network in a manner that denies the host operating system access to the untrusted network. In this way, any malicious code inadvertently introduced into the host operating system cannot access the untrusted network for unscrupulous purposes.

Abstract: Migrating support for a web browsing session between a virtual machine and a host operating system. A web session is supported by a first virtual machine which executes on a computer system. Upon receiving a request for the web session to enter an unprotected mode, support for the web session is migrated from the first virtual machine to a host operating system of the computer system. In unprotected mode, web sessions are supported by the host operating system rather than by a virtual machine. After migrating support for the web session to the host operating system, a visual cue indicating that the unprotected mode is active is displayed. After receiving a request to exit the unprotected mode, support for the web session is migrated from the host operating system to a second virtual machine executing on the computer system and the visual cue is removed.

Abstract: Approaches for performing nested virtualization using a hypervisor which does not support nested virtualization. A first hypervisor is loaded upon booting a computing device. The first hypervisor instantiates a first virtual machine, exposes an emulated hardware virtualization support interface to the first virtual machine, and executes a second hypervisor, which does not support nested virtualization, within the first virtual machine. The first hypervisor provides nested virtualization support to the second hypervisor to allow the second hypervisor to execute a third hypervisor within a second virtual machine by the first hypervisor abstracting hardware virtualization support to the third hypervisor.

Abstract: Approaches for ensuring the privacy and integrity of a hypervisor. A host operating system manages a set of resources. The host operating system is prevented from accessing a portion of the resources belonging to or allocated by the hypervisor. The host operating system may be prevented from accessing resources belonging to or allocated by the hypervisor by transferring execution of the host operating system into a virtual machine container that does not have sufficient privilege to access any portion of the memory pages in which the hypervisor is executing. After the host operating system provides a requested resource to the hypervisor, the hypervisor may use a hardware component that establishes and enforces constraints on what portions of memory the host operating system is allowed to access to protect the requested resource from the host operating system.