Abstract: A method and apparatus for load step, or instantaneous current spike, mitigation are provided. In the method and apparatus, load steps are mitigated if a computer system a whole is lightly load, which may be determined by the power consumption of the computer system. Further, load steps are mitigated if a number of processor cores capable of inducing a load step is higher than a threshold. The Advanced Configuration and Power Interface (ACPI) performance state of the cores is used to determine a core's potential for generating a load step. A processor core is instructed to mitigate load steps if conditions are met for the mitigation.

Abstract: Reducing an amount of memory used by a virtual machine. A system includes multiple virtual machines that share common pages of memory. The number of private pages associated with each virtual machine is minimized by ensuring that pages that a guest operating system regards as now free or zeroed are efficiently mapped by the hypervisor to a shared zero page. Upon a hypervisor determining that one or more guest physical frame numbers are assigned to free memory pages, the hypervisor updates mapping data to map the one or more guest physical frame numbers to a shared zero page within the machine frame.

Abstract: Representing a non-executing virtual machine with a graphical representation. Resource consumption on a hardware device is monitored. A policy that considers at least a present level of resource consumption and an amount of available resources of the hardware device is consulted. An operational state of a particular virtual machine that resides on the hardware device is changed to a non-executing state. An image that represents the virtual machine is displayed. The image is based upon the state of the virtual machine immediately prior to the virtual machine entering the non-executing state.

Abstract: Approaches for executing untrusted software on a client without compromising the client using micro-virtualization to execute untrusted software in isolated contexts. A template for instantiating a virtual machine on a client is identified in response to receiving a request to execute an application. After the template is identified, without human intervention, a virtual machine is instantiated, using the template, in which the application is to be executed. The template may be selected from a plurality of templates based on the nature of the request, as each template describe characteristics of a virtual machine suitable for a different type of activity. When the client determines that the application has ceased to execute, the client ceases execution of the virtual machine without human intervention.

Abstract: Approaches for transferring data to a client by safely receiving the data in or more virtual machines. In response to the client determining that digital content is to be received or processed by the client, the client identifies one or more virtual machines, executing or to be executed on the client, into which the digital content is to be stored. In doing so, the client may consult policy data that defines one or more policies for determining into which virtual machine the digital content should be stored. In this way, digital content, such as executable code or interpreted data, of unknown trustworthiness may be safely received by the client without the possibility of any malicious code therein from affecting any undesirable consequence upon the client.

Abstract: Approaches for ensuring a document does not inadvertently link or contain to any malicious content. A request from a document embedded within a parent web page itself, or comprised within a window launched by the parent web page, is received. The request is executed in a memory address space separate from a memory address space in which the parent web page resides. The execution of the request is performed using a parent proxy that represents the parent web page. Any malicious actions resulting from the performance of the request affect the parent proxy rather than the parent web page. The parent proxy provides at least a portion of the results of executing the request to a child proxy, which in turn determines what, if any, content within the results should be sent to the web browser rendering the parent web page.

Abstract: Mitigating eviction of the memory pages of virtualized machines. Upon detecting that a request to perform an I/O operation has been issued against a block stored a disk, a determination is made as to whether a pristine copy of the contents of the block is stored in memory. If a pristine copy of the contents of the block is stored in memory, then the request may be performed by updating mapping data that maps a page of memory to a location in memory at which the pristine copy is stored. In this way, the request is performed without performing the I/O operation against the block stored on disk. Various approaches for resharing memory, including memory of a template virtual machine, are discussed.

Abstract: Approaches for executing untrusted software on a client without compromising the client using micro-virtualization to execute untrusted software in isolated contexts. A template for instantiating a virtual machine on a client is identified in response to receiving a request to execute an application. After the template is identified, without human intervention, a virtual machine is instantiated, using the template, in which the application is to be executed. The template may be selected from a plurality of templates based on the nature of the request, as each template describe characteristics of a virtual machine suitable for a different type of activity. When the client determines that the application has ceased to execute, the client ceases execution of the virtual machine without human intervention.

Abstract: Approaches for executing untrusted software on a client without compromising the client using micro-virtualization to execute untrusted software in isolated contexts. A template for instantiating a virtual machine on a client is identified in response to receiving a request to execute an application. After the template is identified, without human intervention, a virtual machine is instantiated, using the template, in which the application is to be executed. The template may be selected from a plurality of templates based on the nature of the request, as each template describe characteristics of a virtual machine suitable for a different type of activity. Selected resources such as files are displayed to the virtual machines according to user and organization policies and controls. When the client determines that the application has ceased to execute, the client ceases execution of the virtual machine without human intervention.

Abstract: Approaches for transferring a file using a virtualized application. A virtualized application executes within a virtual machine residing on a physical machine. When the virtualized application is instructed to download a file stored external to the physical machine, the virtualized application displays an interface which enables at least a portion of a file system, maintained by a host OS, to be browsed while preventing files stored within the virtual machine to be browsed. Upon the virtualized application receiving input identifying a target location within the file system, the virtualized application stores the file at the target location. The virtualized application may also upload a file stored on the physical machine using an interface which enables at least a portion of a file system of a host OS to be browsed while preventing files in the virtual machine to be browsed.

Abstract: Approaches for transferring a file using a virtualized application. A virtualized application executes within a virtual machine residing on a physical machine. When the virtualized application is instructed to download a file stored external to the physical machine, the virtualized application displays an interface which enables at least a portion of a file system, maintained by a host OS, to be browsed while preventing files stored within the virtual machine to be browsed. Upon the virtualized application receiving input identifying a target location within the file system, the virtualized application stores the file at the target location. The virtualized application may also upload a file stored on the physical machine using an interface which enables at least a portion of a file system of a host OS to be browsed while preventing files in the virtual machine to be browsed.

Abstract: A processor power limiter and method is provided. The processor includes a first programmable location configured to store a processor power target. A power monitor is configured to estimate a power dissipation due to processor load. A power controller is configured to adjust a processor power parameter based on the power target and the power dissipation. The processor may include an interface for an operating system. A second programmable location may be configured to store a software processor power target accessible by the operating system. The processor may also include a sideband interface for an external agent. A third programmable location may be configured to store an agent processor power target accessible by the external agent. The power controller may be configured to adjust a processor core voltage and/or frequency such that the power dissipation stays below the processor power target, software processor power target and the agent processor power target.

Abstract: Approaches for transferring data to a client by safely receiving the data in or more virtual machines. In response to the client determining that digital content, originating from an external source, is to be received or processed by the client, the client identifies, without human intervention, one or more virtual machines, executing or to be executed on the client, into which the digital content is to be stored. In doing so, the client may consult policy data to determine a placement policy, a containment policy, and a persistence policy for any virtual machine to receive the digital content. In this way, digital content, such as executable code or interpreted data, of unknown trustworthiness may be safely received by the client without the possibility of any malicious code therein from affecting any undesirable consequence upon the client.

Abstract: A processor is configured to support a plurality of performance states and idle states. The processor includes a first programmable location associated with a first idle state and configured to store first entry performance state (P-State) information. The first entry P-State information identifies a first entry P-State. The processor is configured to receive a request to enter the first idle state, retrieve the first entry P-State information and enter the first entry P-State. The processor may include a second programmable location associated with the first idle state and configured to store first exit P-State information. The first exit P-State information identifies a first exit P-State. The processor may be configured to receive a request to exit the first idle state, retrieve the first exit P-State information and enter the first exit P-State.

Abstract: Described are a circuit and a method of analyzing and correcting a fault occurring in operation of the circuit during a power gating sequence. The method includes executing a modification of the power gating sequence that includes maintaining operation of a trace capture buffer (TCB); recording, in the TCB, events occurring during the executing; and correcting the fault based on analysis of the events recorded in the TCB. The circuit includes a plurality of components including a TCB, and a switch configured to maintain power to the TCB in a first state and turn off power to the TCB in a second state.

Abstract: Approaches for providing a guest operating system to a virtual machine. A read-only copy of one or more disk volumes, including a boot volume, is created. A copy of a master boot record (MBR) for the one or more disk volumes is also stored. The read-only copy may be, but need not be, made using a Volume Shadow Copy Service (VSS). A virtual disk, for use by the virtual machine, is created based on the read-only copy of the one or more disk volumes and the copy of the master boot record (MBR), wherein the virtual disk comprises the guest operating system used by the virtual machine. In this way, a single installed operating system may provide both the host operating system and the guest operating system.

Abstract: Approaches for transferring data to a client by safely receiving the data in or more virtual machines. In response to the client determining that digital content, originating from an external source, is to be received or processed by the client, the client identifies, without human intervention, one or more virtual machines, executing or to be executed on the client, into which the digital content is to be stored. In doing so, the client may consult policy data to determine a placement policy, a containment policy, and a persistence policy for any virtual machine to receive the digital content. In this way, digital content, such as executable code or interpreted data, of unknown trustworthiness may be safely received by the client without the possibility of any malicious code therein from affecting any undesirable consequence upon the client.

Abstract: Described are a circuit and a method of analyzing and correcting a fault occurring in operation of the circuit during a power gating sequence. The method includes executing a modification of the power gating sequence that includes maintaining operation of a trace capture buffer (TCB); recording, in the TCB, events occurring during the executing; and correcting the fault based on analysis of the events recorded in the TCB. The circuit includes a plurality of components including a TCB, and a switch configured to maintain power to the TCB in a first state and turn off power to the TCB in a second state.

Abstract: A central processing unit (processor) having multiple cores and a method for controlling the performance of the processor. The processor includes a first storage location configured to store a first threshold associated with a first boost performance state (P-State). The processor also includes logic circuitry configured to increase performance of active processor cores when an inactive processor core count meets or exceeds the first threshold. The processor may also include a second storage location configured to store a second threshold associated with a second boost P-State. The logic circuitry may be configured to compare the inactive processor core count to the first and second thresholds, select one of the first and second boost P-States and increase performance of active processor cores based on the selected boost P-State.

Abstract: A processor power limiter and method is provided. The processor includes a first programmable location configured to store a processor power target. A power monitor is configured to estimate a measured power dissipation within the processor. A power controller is configured to adjust a processor power parameter based on the power target and the measured power dissipation. The processor may include an interface for an operating system. A second programmable location may be configured to store a software processor power target accessible by the operating system. The processor may also include a sideband interface for an external agent. A third programmable location may be configured to store an agent processor power target accessible by the external agent. The power controller may be configured to adjust a processor core voltage and/or frequency such that the measured dissipation stays below the processor power target, software processor power target and the agent processor power target.