Abstract: Data-at-rest protection for virtual machines includes operating a data protection component within a first privilege context of a guest partition, and operating a guest operating system (OS) within a second privilege context of the guest partition. The data protection component participates in data input/output operations of the guest OS. Based on a data output operation of the guest OS, the data protection component applies a first data protection operation to first data associated with the data output operation; and initiates storage of a first result of the first data protection operation to a data storage device. Based a data input operation of the guest OS, the data protection component applies a second data protection operation to second data associated with the data input operation; and, based on applying the second data protection operation to the second data, communicates an outcome of the data input operation to the guest OS.

Abstract: A verified stack trace can be generated by utilizing information contained in a shadow stack, such as a hardware protected duplicate stack implemented for malware prevention and computer security. The shadow stack contains return addresses which are obtainable without requiring an unwinding of the traditional call stack. As such, triaging based on return address information can be performed more quickly and more efficiently, and with a reduced utilization of processing resources. Additionally, the generation of a verified stack trace can be performed, with such a verified stack trace containing return addresses that are known to be correct and not corrupted. The return addresses can either be read from the traditional call stack, or derived therefrom, and then verified by comparison to corresponding return addresses from the shadow stack, or they can be read directly from the shadow stack.

Abstract: Methods and systems are provided for isolating resources of a virtual machine (VM) guest from a host operating system (OS). The techniques include receiving, from a guest partition corresponding to an isolated VM guest, an acceptance request that identifies a guest memory page mapped into a guest physical address (GPA) space and a memory page visibility class, e.g., exclusive, shared read-only, or shared read-write. The techniques further include verifying, via a host OS second-level address translation table, that the physical memory page satisfies the specified visibility class by confirming that the host OS has the appropriate access rights. Upon successful verification, the guest memory page is transitioned from an unaccepted state to an accepted state. These techniques enable controlled memory sharing and enhanced isolation between guest VMs and the host OS in virtualized environments.

Abstract: The techniques disclosed herein enable a system to configure a confidential virtual resource unit by provisioning a security component to a tenant's virtual resource unit. The system creates multiple different virtual trust layers within the confidential virtual resource unit. This creation effectively defines security boundaries between the virtual trust layers. The virtual trust layers are associated with different privileges, such that a higher privileged virtual trust layer is provided with more privileges compared to a lower privileged virtual trust layer. In one example, a lower privileged virtual trust layer may include basic virtual resource components (e.g., drivers, applications, processes, functions, workloads executing within a guest operating system) and a higher privileged virtual trust layer is the location to which a virtual security component is provisioned by the system.

Abstract: Isolating resources of a virtual machine (VM) guest from a host operating system. A computer system receives an acceptance request from a guest partition corresponding to an isolated VM. The acceptance request identifies a guest memory page that is mapped into a guest physical address space of the guest partition, and a memory page visibility class. The computer system determines whether a physical memory page that is mapped to the guest memory page meets the memory page visibility class. The computer system sets a page acceptance indication for the guest memory page from an unaccepted state to an accepted state based on the physical memory page meeting the memory page visibility class.

Abstract: A verified stack trace can be generated by utilizing information contained in a shadow stack, such as a hardware protected duplicate stack implemented for malware prevention and computer security. The shadow stack contains return addresses which are obtainable without requiring an unwinding of the traditional call stack. As such, triaging based on return address information can be performed more quickly and more efficiently, and with a reduced utilization of processing resources. Additionally, the generation of a verified stack trace can be performed, with such a verified stack trace containing return addresses that are known to be correct and not corrupted. The return addresses can either be read from the traditional call stack, or derived therefrom, and then verified by comparison to corresponding return addresses from the shadow stack, or they can be read directly from the shadow stack.

Abstract: Detection of malicious direct memory access (DMA) device used for direct device assignment. A virtualization computer system assigns a peripheral device to an operating context within a virtualization environment. The peripheral device is DMA capable. The virtualization computer system monitors a signal source that is affected by DMA operations initiated by the peripheral device while the peripheral device is assigned to the operating context. Based on monitoring the signal source, the virtualization computer system identifies a signal pattern characterizing the DMA operations that are initiated by the peripheral device. Using the signal pattern, the virtualization computer system determines that the DMA operations initiated by the peripheral device are abnormal and the virtualization computer system identifies the peripheral device as malicious.

Abstract: Probation of direct memory access (DMA) device used for direct device assignment. A virtualization computer system identifies a peripheral device as being removed from a direct assignment to a first operating context of a virtualization environment. The peripheral device is DMA capable. The virtualization computer system assigns the peripheral device to a second operating context of the virtualization environment and initiates a device validation against the peripheral device. Based on the device validation indicating that the peripheral device is normal, the virtualization computer system reassigns the peripheral device to a third operating context of the virtualization environment. Based on the device validation indicating that the peripheral device is abnormal, the virtualization computer system excludes the peripheral device from assignment to a third operating context of the virtualization environment.

Abstract: Methods, systems, and computer program products for direct assignment of physical devices to confidential virtual machines (VMs). At a first guest privilege context of a guest partition, a direct assignment of a physical device associated with a host computer system to the guest partition is identified. The guest partition includes the first guest privilege context and a second guest privilege context, which is restricted from accessing memory associated with the first guest privilege context. The guest partition corresponds to a confidential VM, such that a memory region associated with the guest partition is inaccessible to a host operating system. It is determined, based on a policy, that the physical device is allowed to be directly assigned to the guest partition. Communication between the physical device and the second guest privilege context is permitted, such as by exposing the physical device on a virtual bus and/or forwarding an interrupt.

Abstract: Virtual baseboard management controller capability to monitor and manage a virtual machine (VM). A guest firmware is operated within a first guest privilege context of a guest partition operating as a VM. The guest partition also includes a second guest privilege context that is restricted from accessing memory associated with the first guest privilege context, and that operates a guest operating system. The guest firmware establishes a communications channel between the first guest privilege context and a client device, and receives a request for performance of a management operation against the VM. The guest firmware initiates the management operation, which includes changing a power state of the VM; stopping or restarting the guest OS; presenting a graphical or serial console associated with the guest OS; updating a firmware associated with the guest partition; or managing a virtual device presented by the first guest privilege context.

Abstract: Handling a memory fault based on detecting whether a memory pointer was invalidated by a pointer authentication (PA) failure. After an access to a memory pointer causes a memory fault, detecting that the memory pointer was invalidated by a PA failure includes creating a new memory pointer by replacing reserved bits of the memory pointer with a default value, and determining that the new memory pointer corresponds to a memory address that falls within executable memory. This determination includes determining that the memory address is within an executable memory page, determining that a call instruction is stored at a prior memory address that immediately precedes the memory address, and/or determining that the memory address corresponds to a code section of an executable file. The PA failure is handled based on logging the PA failure, terminating the application program, and/or resuming execution at an instruction stored at the memory address.

Abstract: Transparently providing a virtualization feature to an unenlightened guest operating system (OS). A guest partition, corresponding to a virtual machine, is divided into a first guest privilege context and a second guest privilege context. A compatibility component executes within the first guest privilege context, while a guest OS executes within the second guest privilege context. The compatibility component is configured to intercept input/output (I/O) operations associated with the guest operating OS. Based on the compatibility component intercepting an I/O operation associated with the guest OS, the compatibility component processes the I/O operation using a virtualization feature that is unsupported by the guest OS. Examples of the virtualization feature include accelerated access to a hardware device and virtual machine guest confidentiality.

Abstract: Methods, systems, and computer program products for direct assignment of physical devices to confidential virtual machines (VMs). At a first guest privilege context of a guest partition, a direct assignment of a physical device associated with a host computer system to the guest partition is identified. The guest partition includes the first guest privilege context and a second guest privilege context, which is restricted from accessing memory associated with the first guest privilege context. The guest partition corresponds to a confidential VM, such that a memory region associated with the guest partition is inaccessible to a host operating system. It is determined, based on a policy, that the physical device is allowed to be directly assigned to the guest partition. Communication between the physical device and the second guest privilege context is permitted, such as by exposing the physical device on a virtual bus and/or forwarding an interrupt.

Abstract: Data-at-rest protection for virtual machines includes operating a data protection component within a first privilege context of a guest partition, and operating a guest operating system (OS) within a second privilege context of the guest partition. The data protection component participates in data input/output operations of the guest OS. Based on a data output operation of the guest OS, the data protection component applies a first data protection operation to first data associated with the data output operation; and initiates storage of a first result of the first data protection operation to a data storage device. Based a data input operation of the guest OS, the data protection component applies a second data protection operation to second data associated with the data input operation; and, based on applying the second data protection operation to the second data, communicates an outcome of the data input operation to the guest OS.

Abstract: Performing shadow stack functionality for a thread in an audit mode includes initiating execution of a thread at the processor. Execution of the thread includes initiating execution of executable code of an application binary as part of the thread and enabling shadow stack functionality for the thread in an audit mode. Based at least on the execution of the thread in the audit mode, at least a portion of the shadow stack is enabled to be a circular stack. In response to determining that usage of the shadow stack has reached the defined threshold, one or more currently used entries of the shadow stack are overwritten, preventing the shadow stack from overflowing.

Abstract: Isolating resources of a virtual machine (VM) guest from a host operating system. A computer system receives an acceptance request from a guest partition corresponding to an isolated VM. The acceptance request identifies a guest memory page that is mapped into a guest physical address space of the guest partition, and a memory page visibility class. The computer system determines whether a physical memory page that is mapped to the guest memory page meets the memory page visibility class. The computer system sets a page acceptance indication for the guest memory page from an unaccepted state to an accepted state based on the physical memory page meeting the memory page visibility class.

Abstract: The techniques disclosed herein enable a system to configure a confidential virtual resource unit by provisioning a security component to a tenant's virtual resource unit. The system creates multiple different virtual trust layers within the confidential virtual resource unit. This creation effectively defines security boundaries between the virtual trust layers. The virtual trust layers are associated with different privileges, such that a higher privileged virtual trust layer is provided with more privileges compared to a lower privileged virtual trust layer. In one example, a lower privileged virtual trust layer may include basic virtual resource components (e.g., drivers, applications, processes, functions, workloads executing within a guest operating system) and a higher privileged virtual trust layer is the location to which a virtual security component is provisioned by the system.

Abstract: Enforcing shadow stack violations at module granularity, rather than at thread or process granularity. An exception is processed during execution of a thread based on code of an application binary, which is enabled for shadow stack enforcement, that calls an external module. The exception results from a mismatch between a return address popped from the thread's call stack and a return address popped from the thread's shadow stack. Processing the exception includes determining that the exception resulted from execution of an instruction in the external module, and determining whether or not the external module is enabled for shadow stack enforcement. Based at least on these determinations, execution of the thread is terminated when the external module is enabled for shadow stack enforcement, or the thread is permitted to continue executing when the external module is not enabled for shadow stack enforcement.

Abstract: Handling a memory fault based on detecting whether a memory pointer was invalidated by a pointer authentication (PA) failure. After an access to a memory pointer causes a memory fault, detecting that the memory pointer was invalidated by a PA failure includes creating a new memory pointer by replacing reserved bits of the memory pointer with a default value, and determining that the new memory pointer corresponds to a memory address that falls within executable memory. This determination includes determining that the memory address is within an executable memory page, determining that a call instruction is stored at a prior memory address that immediately precedes the memory address, and/or determining that the memory address corresponds to a code section of an executable file. The PA failure is handled based on logging the PA failure, terminating the application program, and/or resuming execution at an instruction stored at the memory address.