Abstract: Approaches for ensuring the privacy and integrity of a hypervisor. A host operating system manages a set of resources. The host operating system is prevented from accessing a portion of the resources belonging to or allocated by the hypervisor. The host operating system may be prevented from accessing resources belonging to or allocated by the hypervisor by transferring execution of the host operating system into a virtual machine container that does not have sufficient privilege to access any portion of the memory pages in which the hypervisor is executing. After the host operating system provides a requested resource to the hypervisor, the hypervisor may use a hardware component that establishes and enforces constraints on what portions of memory the host operating system is allowed to access to protect the requested resource from the host operating system.

Abstract: Approaches for synchronizing resources of a virtualized web browser. When a virtualized web browser is instructed to display a web page, a host module executing within a host operating instructs retrieves, from each of one or more virtual machines, contents for a portion of the web page. The virtualized web browser assembles the contents and displays the web page. A web browser executing in the host operating system may, but need not, retrieve any of the content displayed thereby. Instead, the content retrieved by the web browser executing in the host operating system may be retrieved by and rendered within a virtual machine. The behavior of the virtualized web browser may be configured using policy data.

Abstract: Approaches for transferring control to a bit set. At a point of ingress, prior to transferring control to the bit set, a determination is made as to whether the bit set is recognized as being included within a set of universally known malicious bit sets. If the bit set is not so recognized, then another determination is made as to whether the bit set is recognized as being included within a set of locally known virtuous bit sets. If the bit set is recognized as being included within a set of locally known virtuous bit sets, then control is not transferred to the bit set. Upon determining that the bit set is not included within the set of locally known virtuous bit sets, then the bit set is copied into a micro-virtual machine and control is transferred to the bit set within the micro-virtual machine.

Abstract: Approaches for handling network resources in a virtualized computing environment. A first request for network resources is received from a first virtual machine. Policy data is consulted to determine how to service the first request. The first request is processed by providing the first virtual machine with access to only a first portion of network resources. A second request for network resources is received from a second virtual machine. Policy data is consulted to determine how to service the second request. The second request is processed by providing the second virtual machine with access to only a second portion of network resources that is not coextensive with the first portion. In this way, virtual machines may have access to particular resources and/or specific bounded areas of a network.

Abstract: Approaches for managing potentially malicious files using one or more isolated environments. In response to receiving a request to perform an action on a file, a client applies a policy to determine whether the action is deemed trustworthy. The client identifies, without human intervention, an isolated environment, executing or to be executed on the client, in which the action is to be performed based on whether the action is deemed trustworthy. In this way, embodiments allow a user to make use of data deemed untrusted in certain cases without allowing the untrusted data from having unfettered access to the resources of the client. If the requested action is performed in a different isolated environment from which the action was requested, embodiments enable the performance of the action to be performed seamlessly to the user.

Abstract: Approaches for launching an application within a virtual machine. In response to receiving a request to launch an application, a device instantiates, without human intervention and based on a policy, a virtual machine in which the application is to be launched. The policy determines which resources of a device, such as a mobile device or computer system, are accessible to the virtual machine. The policy may, but need not, determine whether the virtual machine has access to a type of resource which obligates the user of the device to make a monetary payment for the user of the resource.

Abstract: Approaches for creating a template virtual machine. An in-memory state of a virtual machine and/or a set of applications executing within the virtual machine are adjusted and/or configured based on the intended use of the template virtual machine. Thereafter, the virtual machine is established as a template virtual machine. The template virtual machine may be used to create one or more virtual machines using a copy-on-write memory process.

Abstract: Approaches for protecting a computing device against malicious code using an attack vector involving a USB device. A computing device prevents a USB device from communicating operational input to the computing device using a USB port residing on or coupled to the computing device unless consent data is stored on the computing device. Consent data is data that affirms consent provided by a user of the computing device to allow the USB device to communicate with the computing device using the USB port. Note that the lack of consent data stored on the computing device does not prohibit the USB device from identifying itself to the computing device. In this way, if the USB device comprises malicious code or has been designed in a malicious manner, the USB device will be unable to submit operational input to the computing device without the consent of the user.

Abstract: Approaches for providing a guest operating system to a virtual machine. A read-only copy of one or more disk volumes, including a boot volume, is created. A copy of a master boot record (MBR) for the one or more disk volumes is also stored. The read-only copy may be, but need not be, made using a Volume Shadow Copy Service (VSS). A virtual disk, for use by the virtual machine, is created based on the read-only copy of the one or more disk volumes and the copy of the master boot record (MBR), wherein the virtual disk comprises the guest operating system used by the virtual machine. In this way, a single installed operating system may provide both the host operating system and the guest operating system.

Abstract: Approaches for synchronizing history data across a virtualized web browser. When a user instructs a virtualized web browser, executing on a host operating system, to display a web page, a host module executing on the host operating system may instruct a guest module executing within a particular virtual machine to retrieve the web page. The host module may provide to the guest module history data for the virtualized web browser. History data describes browsing history for the virtualized web browser, either in the current instance or for previous instances. The guest module performs operations in accordance with the history data. When the host module receives the screen data content from the guest module, the host module instructs the virtualized web browser to display the web page using the screen data content.

Abstract: Approaches for synchronizing cookie data across a virtualized web browser. When a user instructs a virtualized web browser, executing on a host operating system, to display a web page, a host module executing on the host operating system instructs a particular virtual machine to retrieve the web page within the particular virtual machine. The host module provides cookie data for the user to the guest module. The cookie data identifies one or more cookies deemed to be pertinent to the retrieval of the web page. The guest module provides, to the host module, screen data content for use in displaying the web page.

Abstract: Approaches for providing operating environments selective access to network resources. A guest operating system, executing on a device, may issue a request to a network device for access to a set of network resources. Once the guest operating system authenticates itself to the network device, the network device provides, to the guest operating system, access to the set of network resources. Note that the host operating system, executing on the device, does not have access to the set of network resources. A guest operating system may be provided access to an untrusted network in a manner that denies the host operating system access to the untrusted network. In this way, any malicious code inadvertently introduced into the host operating system cannot access the untrusted network for unscrupulous purposes.

Abstract: A software module executes in a first isolated execution environment. The module determines the first environment has caused data to the written to a first clipboard maintained by the first environment. The module consults policy data to determine whether the data should additionally be written to a second clipboard maintained by a second isolated execution environment. The policy data does not allow one or more types of clipboard objects to be written to the second clipboard even if they were written to the first clipboard at the initiation of or approved by a user to prevent the user from introducing a potentially hazardous type of object into the second clipboard. Upon the module determining that the policy data allows the data to be written to the second clipboard, the software module causes the data to written to the second clipboard.

Abstract: Approaches for processing network requests based upon the perceived trustworthiness of the network. A software component renders a judgment, based on a policy that weighs one or more factors, about whether a network accessible to a device should be trusted. If the software component renders a judgment that the network should be trusted, then a network resource identified on a white list of trusted resources is allowed to be retrieved within a host operating system or in a first virtual machine. Conversely, if the software component renders a judgment that the network should not be trusted, then the network resource identified on the white list of trusted resources is prevented from be retrieved within the host operating system or the first virtual machine, and may instead be retrieved within a second virtual machine, which has a more restrictive set of access privileges than the first virtual machine.

Abstract: The present invention is directed towards methods and systems for redirecting an access request to an unsecure virtual machine. A computing device may execute a hypervisor hosting a secure virtual machine and an unsecure virtual machine. A control virtual machine, hosted by a hypervisor executing on the computing device, may intercept a request to access an unsecure resource. The unsecure resource may include one of: a file, an application and an uniform resource locator (URL). The control virtual machine may further determine that the request originates from a secure virtual machine executing on the computing device. The control virtual machine may redirect, responsive to the determination, the request to an unsecure virtual machine executing on the computing device, whereupon the unsecure virtual machine may provide access to the requested unsecure resource.

Abstract: Approaches for executing untrusted software on a client without compromising the client using micro-virtualization to execute untrusted software in isolated contexts. In response to receiving a request to perform an action, an isolated environment (such as but not limited to a virtual machine) is instantiated without receiving an explicit user instruction to do so. To instantiate the isolated environment, one or more templates for use in instantiating the isolated environment are identified using a policy. The one or more templates describe isolated environment characteristics for different types of activity. After the isolated environment has been instantiated using one or more identified templates, the action may be performed in the isolated environment.

Abstract: A software module executes on a first operating system running. The software module determines that the first operating system has caused data to the written to a first clipboard maintained by the first operating system. The software module consults policy data to determine whether the data should additionally be written to a second clipboard maintained by a second operating system. The policy data may only allow the data to be written to the second clipboard if the data was written to the first clipboard at the initiation of or approved by a user. If the software module determines that the policy data allows the data to be written to the second clipboard, then the software module, without human instruction, causes the data to written to the second clipboard.

Abstract: Approaches for transferring control to a bit set. Execution of a bit set upon a host operating system is monitored. A determination is made that the execution of the bit set exhibits a suspicious characteristic. In response, the execution of the bit set on the host operating system is ceased. Then, the bit set is copied into an isolated environment and control to the bit set is transferred within the isolated environment. Thereafter, execution analysis upon the bit set is initiated in the isolated environment. The isolated environment may, but need not, reside on a different physical device than upon which executes the host operating system.

Abstract: Approaches for selectively sharing cookies between virtual machines responsible for retrieving web content. A request to display a web page is received. The web page includes top-level content served by a top-level domain and secondary content served by one or more other domains. A determination that at least a portion of the web page should be retrieved from within a virtual machine is made. A policy is consulted to identify a set of cookies to inject into the virtual machine. The policy considers whether the virtual machine is responsible for retrieving one or more of top-level content and secondary content in identifying the set of cookies to inject into the virtual machine. After injecting the set of cookies into the virtual machine, the portion of the web page is retrieved from within the virtual machine.

Abstract: Approaches for providing operating environments selective access to network resources. A guest operating system, executing on a device, may issue a request to a network device for access to a set of network resources. Once the guest operating system authenticates itself to the network device, the network device provides, to the guest operating system, access to the set of network resources. Note that the host operating system, executing on the device, does not have access to the set of network resources. A guest operating system may be provided access to an untrusted network in a manner that denies the host operating system access to the untrusted network. In this way, any malicious code inadvertently introduced into the host operating system cannot access the untrusted network for unscrupulous purposes.