Abstract: Approaches for composing the display of a virtualized web browser. Upon a host module, executing in a host operating system, of a virtualized web browser being instructed to display a new web page, policy data is consulted to determine if one or more trigger conditions are satisfied. Upon determining that at least one of the one or more trigger conditions is satisfied, the virtualized web browser, transparently to a user, retrieving and rendering the new web page in a location different than where the previous web page was retrieved and rendered by the virtualized web browser. After the new web page has been retrieved and rendered at the location specified by the policy data, the host module displays the new web page. The policy data may operate to specify the behavior of individual tabs of the virtualized web browser.

Abstract: Managing the guest operating system's eviction of memory pages from a virtual machine. A guest operating system or a hypervisor may cause one or more memory pages within a guest physical frame to become unlikely or ineligible for selection as a candidate for eviction by the guest operating system. Each of the one or more memory pages may also reside, or be intended to reside, in the memory of one or more other virtual machines. In this way, memory pages that are shared across multiple virtual machines may become less likely to be evicted, thereby using memory more efficiently.

Abstract: Approaches for transferring a file using a virtualized application. A virtualized application executes within a virtual machine residing on a physical machine. When the virtualized application is instructed to download a file stored external to the physical machine, the virtualized application displays an interface which enables at least a portion of a file system, maintained by a host OS, to be browsed while preventing files stored within the virtual machine to be browsed. Upon the virtualized application receiving input identifying a target location within the file system, the virtualized application stores the file at the target location. The virtualized application may also upload a file stored on the physical machine using an interface which enables at least a portion of a file system of a host OS to be browsed while preventing files in the virtual machine to be browsed.

Abstract: Approaches for processing a digital file in a manner designed to minimize exposure of any malicious code contained therein. A digital file resides with a virtual machine. When the virtual machine receives an instruction to print or digitally transfer at least a portion of the digital file, the virtual machine converts at least a portion of the digital file from an original format to a different format within the virtual machine. The different format preserves a visual presentation of the digital file without supporting metadata or file format data structures of the original format. The virtual machine instructs the host OS to print or digitally transfer the portion of the digital file. The host OS may consult policy data in determining how to service the instruction to print or digitally transfer the digital file.

Abstract: Approaches for enabling Supervisor Mode Execution Protection (SMEP) for a guest operating system which does not support SMEP. A guest operating system (OS), which does not support SMEP, is executed within a virtual machine. A hypervisor instructs hardware to enable SMEP for the virtual machine executing the guest operating system. When the hypervisor is notified that the hardware has detected the guest operating system instructing a central processing unit (CPU) to execute code stored in virtual memory accessible by user space while the CPU is in supervisor mode, the hypervisor may consult a policy to identify what, if any, responsive action the hypervisor should perform.

Abstract: Programmatically adjusting the operational state of one or more virtual machines based on policy. Resource consumption on a hardware device is monitored. A policy that considers at least a present level of resource consumption and an amount of available resources of the hardware device is consulted. An operational state of a particular virtual machine that resides on the hardware device is changed. The change in operational state may be performed to optimize performance of a virtual machine with which a user is interacting, to enforce behavior constraints upon the virtual machine, or to adjust its execution in view of the available resources on the device.

Abstract: Approaches for an operating system to ascertain whether files stored its file system have been deemed trustworthy. When an operating system receives a request to perform an operation involving a file that is stored within the file system maintained by the operating system, the operating system requests the file from a driver. In turn, the driver consults a set of trust data to identify whether the file has been previously deemed trustworthy. Upon the driver determining that the file has been deemed trustworthy, the driver provides the file to the operating system in a first format. On the other hand, upon the driver determining that the file has not been deemed trustworthy, the driver provides the file to the operating system in a second format that is different than the first format. Advantageously, the file is stored in a single format in the file system.

Abstract: Approaches for preventing unauthorized access of sensitive data within an operating system (OS), e.g., a guest OS used by a virtual machine. Dummy data may be written over physical locations on disk where sensitive data is stored, thereby preventing a malicious program from accessing the sensitive data. Alternately, a delete operation may be performed on sensitive data within an OS, and thereafter the OS is converted into a serialized format to expunge the deleted data. The serialized OS is converted into a deserialized form to facilitate its use. Optionally, a data structure may be updated to identify where sensitive data is located within an OS. When a request to access a portion of the OS is received, the data structure is consulted to determine whether the requested portion contains sensitive data, and if so, dummy data is returned to the requestor without consulting the requested portion of the OS.

Abstract: Approaches for composing the display of a virtualized web browser. A virtualized web browser is instructed to display a web page. The virtualized web browser, in turn, instructs one or more virtual machines to retrieve content for at least a portion of the web page. Each of the one or more virtual machines renders the content retrieved thereby. Upon the virtualized web browser obtaining the rendered screen data content from the one or more virtual machines, the virtualized web browser displays the web page using the rendered content.

Abstract: Approaches for managing potentially malicious files using one or more virtual machines. In response to receiving a request to perform an action on a file, a client applies a policy to determine whether the action is deemed trustworthy. The client identifies, without human intervention, a virtual machine, executing or to be executed on the client, in which the action is to be performed based on whether the action is deemed trustworthy. In this way, embodiments allow a user to make use of data deemed untrusted in certain cases without allowing the untrusted data from having unfettered access to the resources of the client. If the requested action is performed in a different virtual machine from which the action was requested, embodiments enable the performance of the action to be performed seamlessly to the user.

Abstract: Approaches for ensuring the privacy of a controller of a device from a host operating system. A host operating system is prevented from inspecting or modifying data received by a controller of a hardware device. Control of the controller is withdrawn from the host operating system and granted to a hypervisor. A replacement controller for the hardware device is provided to the host operating system. Upon the hypervisor receiving data via the controller, the hypervisor forwards the data to a relevant virtual machine responsible for processing the data. Although the host operating system may operate as if it possessed control of the controller of the hardware device, any malicious code inadvertently residing within the host operating system will be unable to inspect or modify any data received by or sent from the actual controller of the hardware device.

Abstract: Reducing an amount of memory used by a virtual machine. A system includes multiple virtual machines that share common pages of memory. The number of private pages associated with each virtual machine is minimized by ensuring that pages that a guest operating system regards as now free or zeroed are efficiently mapped by the hypervisor to a shared zero page. Upon a hypervisor determining that one or more guest physical frame numbers are assigned to free memory pages, the hypervisor updates mapping data to map the one or more guest physical frame numbers to a shared zero page within the machine frame.

Abstract: Representing a non-executing virtual machine with a graphical representation. Resource consumption on a hardware device is monitored. A policy that considers at least a present level of resource consumption and an amount of available resources of the hardware device is consulted. An operational state of a particular virtual machine that resides on the hardware device is changed to a non-executing state. An image that represents the virtual machine is displayed. The image is based upon the state of the virtual machine immediately prior to the virtual machine entering the non-executing state.

Abstract: A system for optimizing a process of archiving at least one block of a virtual disk image includes a file system analysis component and an archiving component. The file system analysis component executes on a first physical computing device and identifies a plurality of blocks storing data comprising a file in a virtual disk image file. The archiving component executes on the first physical computing device, identifies a difference disk file storing an identification of a modification to the identified plurality of blocks storing data comprising the file, determines whether to archive the file, and transmits, to a second physical computing device, the plurality of blocks storing data comprising the file.

Abstract: Approaches for executing untrusted software on a client without compromising the client using micro-virtualization to execute untrusted software in isolated contexts. A template for instantiating a virtual machine on a client is identified in response to receiving a request to execute an application. After the template is identified, without human intervention, a virtual machine is instantiated, using the template, in which the application is to be executed. The template may be selected from a plurality of templates based on the nature of the request, as each template describe characteristics of a virtual machine suitable for a different type of activity. When the client determines that the application has ceased to execute, the client ceases execution of the virtual machine without human intervention.

Abstract: Approaches for transferring data to a client by safely receiving the data in or more virtual machines. In response to the client determining that digital content is to be received or processed by the client, the client identifies one or more virtual machines, executing or to be executed on the client, into which the digital content is to be stored. In doing so, the client may consult policy data that defines one or more policies for determining into which virtual machine the digital content should be stored. In this way, digital content, such as executable code or interpreted data, of unknown trustworthiness may be safely received by the client without the possibility of any malicious code therein from affecting any undesirable consequence upon the client.

Abstract: Approaches for securing resources of a virtual machine. An application executes on a host operating system. A user instructs the application to display a file. In response, a host module executing on the host operating system instructs a guest module, executing within a virtual machine, to render the file within the virtual machine. The application displays the file using screen data which was created within the virtual machine and defines a rendered representation of the file. The user is prevented from accessing any resource of the virtual machine unrelated to the file. The virtual machine may consult policy data to determine how to perform certain user-initiated actions within the virtual machine. Examples of the file include image, a document, an email, and a web page.

Abstract: Mitigating eviction of the memory pages of virtualized machines. Upon detecting that a request to perform an I/O operation has been issued against a block stored a disk, a determination is made as to whether a pristine copy of the contents of the block is stored in memory. If a pristine copy of the contents of the block is stored in memory, then the request may be performed by updating mapping data that maps a page of memory to a location in memory at which the pristine copy is stored. In this way, the request is performed without performing the I/O operation against the block stored on disk. Various approaches for resharing memory, including memory of a template virtual machine, are discussed.

Abstract: Approaches for performing memory management by a hypervisor. A host operating system and a hypervisor are executed on a device. The host operating system is not configured to access physical memory addressed above four gigabytes. The hypervisor manages memory for a device, including memory addressed above four gigabytes. When the hypervisor instantiates a virtual machine, the hypervisor may allocate memory pages for the newly instantiated virtual machine by preferentially using any unassigned memory addressed above four gigabytes before using memory allocated from the host (and hence addressed below four gigabytes).

Abstract: Approaches for executing untrusted software on a client without compromising the client using micro-virtualization to execute untrusted software in isolated contexts. A template for instantiating a virtual machine on a client is identified in response to receiving a request to execute an application. After the template is identified, without human intervention, a virtual machine is instantiated, using the template, in which the application is to be executed. The template may be selected from a plurality of templates based on the nature of the request, as each template describe characteristics of a virtual machine suitable for a different type of activity. When the client determines that the application has ceased to execute, the client ceases execution of the virtual machine without human intervention.