Abstract: A processing system includes a processor that implements registers to define a state of a virtual machine (VM) running on the processor. The processor detects exit conditions of the VM. The processing system also includes a memory element to store contents of the registers in a first data structure that is isolated from a hypervisor of the VM in response to the processor detecting an exit condition. The VM is to selectively expose contents of a subset of the registers to the hypervisor.

Abstract: A processing system includes a processor that implements registers to define a state of a virtual machine (VM) running on the processor. The processor detects exit conditions of the VM. The processing system also includes a memory element to store contents of the registers in a first data structure that is isolated from a hypervisor of the VM in response to the processor detecting an exit condition. The VM is to selectively expose contents of a subset of the registers to the hypervisor.

Abstract: A method, system, and apparatus for verifying integrity and execution state of an untrusted computer. In one embodiment, the method includes placing a verification function in memory on the untrusted computer; invoking the verification function from a trusted computer; determining a checksum value over memory containing both the verification function and the execution state of a processor and hardware on the untrusted computer; sending the checksum value to the trusted computer; determining at the trusted computer whether the checksum value is correct; and determining at the trusted computer whether the checksum value is received within an expected time period.

Abstract: Methods and apparatus are provided, as an aspect of a combined CPU/APD architecture system, for discovering and reporting properties of devices and system topology that are relevant to efficiently scheduling and distributing computational tasks to the various computational resources of a combined CPU/APD architecture system. The combined CPU/APD architecture unifies CPUs and APDs in a flexible computing environment. In some embodiments, the combined CPU/APD architecture capabilities are implemented in a single integrated circuit, elements of which can include one or more CPU cores and one or more APD cores. The combined CPU/APD architecture creates a foundation upon which existing and new programming frameworks, languages, and tools can be constructed.

Abstract: Methods and apparatus are provided, as an aspect of a combined CPU/APD architecture system, for discovering and reporting properties of devices and system topology that are relevant to efficiently scheduling and distributing computational tasks to the various computational resources of a combined CPU/APD architecture system. The combined CPU/APD architecture unifies CPUs and APDs in a flexible computing environment. In some embodiments, the combined CPU/APD architecture capabilities are implemented in a single integrated circuit, elements of which can include one or more CPU cores and one or more APD cores. The combined CPU/APD architecture creates a foundation upon which existing and new programming frameworks, languages, and tools can be constructed.

Abstract: A method for caching of page translations for virtual machines includes managing a number of virtual machines using a guest page table of a guest operating system, which provides a first translation from a guest-virtual memory address to a first guest-physical memory address or an invalid entry, and a host page table of a host operating system, which provides a second translation from the first guest-physical memory address to a host-physical memory address or an invalid entry, and managing a cache page table, wherein the cache page table selectively provides a third translation from the guest-virtual memory address to the host-physical memory address, a second guest-physical memory address or an invalid entry.

Abstract: A method for caching of page translations for virtual machines includes managing a number of virtual machines using a guest page table of a guest operating system, which provides a first translation from a guest-virtual memory address to a first guest-physical memory address or an invalid entry, and a host page table of a host operating system, which provides a second translation from the first guest-physical memory address to a host-physical memory address or an invalid entry, and managing a cache page table, wherein the cache page table selectively provides a third translation from the guest-virtual memory address to the host-physical memory address, a second guest-physical memory address or an invalid entry.

Abstract: A method of hypervisor based power management, includes: allocating resources to a plurality of partitions defined within a virtual machine environment; monitoring performance of the plurality of partitions with respect to a service level agreement (SLA); tracking power consumption in the plurality of partitions; scaling power consumption rates of the plurality of partitions based on the allocated resources, wherein the power consumption rate of physical resources is scaled by adjusting resource allocations to each partition; identifying partitions that are sources of excessive power consumption based on the SLA; and adjusting the allocation of resources based on the power consumption of the plurality of partitions, the performance of the plurality of partitions, and the SLA.

Abstract: A solution for evaluating trust in a computer infrastructure is provided. In particular, a plurality of computing devices in the computer infrastructure evaluate one or more other computing devices in the computer infrastructure based on a set of device measurements for the other computing device(s) and a set of reference measurements. To this extent, each of the plurality of computing devices also provides a set of device measurements for processing by the other computing device(s) in the computer infrastructure.

Abstract: A method, system and computer program product for implementing general purpose PCRs with extended semantics (referred to herein as “ePCRs”) in a trusted, measured software module. The module is designed to run in one of a hypervisor context, an isolated partition, or under other isolated configurations. Because the software module is provided using trusted (measured) code, the software implementing the PCRs is able to run as a simple software process in the operating system (OS), as long as the software is first measured and logged. The software-implemented ePCRs are generated as needed to record specific measurements of the software and hardware elements on which an application depends, and the ePCRs are able to ignore other non-dependencies.

Abstract: The present invention provides a computer-implemented method system and program product for remotely verifying (e.g., analytic) integrity of a system. Specifically, at startup of the system an access control policy that sets forth information flows within the system is read and a set of trusted subjects that interact with a target application in the system is determined. Based on the access information flows and the set of trusted subjects, an information flow graph of the system is constructed. At runtime of the target application, runtime information and program code loaded into the set of trusted subjects are measured. Measuring the program code that is loaded allows the remote party to verify that the program code is “expected” program code for the set of trusted subjects.

Abstract: A trusted platform module is presented that is capable of creating, dynamically, multiple virtual trusted platform modules in a hierarchical organization. A trusted platform module domain is created. The trusted platform module creates virtual trusted platform modules, as needed, in the trusted platform module domain. The virtual trusted platform modules can inherit the permissions of a parent trusted platform module to have the ability to create virtual trusted platform modules themselves. Each virtual trusted platform module is associated with a specific partition. Each partition is associated with an individual operating system. The hierarchy of created operating systems and their privilege of spawning new operating systems is reflected in the hierarchy of trusted platform modules and the privileges each of the trusted platform modules has.

Abstract: A method, system and computer program product for enhancing the functionality of the existing core root of trust measurement (CRTM). The CRTM is extended to allow platform manufacturer controlled and certified code to be incorporated into the function of the CRTM, wherein the manufacturer may define the policy for accepting a new function into the CRTM. When a firmware or software module image is compiled, the build process generates a hash value of the compiled firmware or software image, wherein the hash value reflects a fingerprint (or short hand) representation of the compiled image. A determination is made as to whether the hash value of the firmware or software image is to be a CRTM extension. If so, a digital signature of the module is created using the CRTM extension private key. This signature value is added to the firmware or software module.

Abstract: A method for repairing a failed network connection between a client system and a network is disclosed. In a first aspect, the method preferably includes collecting real time connectivity information by the client system and utilizing the real time connectivity information by the client system to establish a connection with the network.

Abstract: A method for a service provider to be able to work with a client under an engagement relationship to repair a failed network connection between a client system and a network is disclosed. In a first aspect, the method preferably includes collecting real time connectivity information by the client system and utilizing the real time connectivity information by the client system to establish a connection with the network. In a second aspect, a computer system coupled to a network includes at least one network adapter for monitoring and collecting real time connectivity information from the network, memory for storing the real time connectivity information, and a processor coupled to the memory and to the at least one network adapter, where the processor is configured to execute program instructions for utilizing the real time connectivity information to repair a failed network connection between the computer system and the network.

Abstract: A system and method for providing attestation and/or integrity of a server execution environment are described. One or more parts of a server environment are selected for measurement. The one or more parts in a server execution environment are measured, and the measurements result in a unique fingerprint for each respective selected part. The unique fingerprints are aggregated by an aggregation function to create an aggregated value, which is determinative of running programs in the server environment. A measurement parameter may include the unique fingerprints, the aggregated value or a base system value and may be sent over a network interface to indicate the server environment status or state.

Abstract: Methods, apparatus and program products which monitor wireless access points (12,16) through which data can be exchanged with a network (10), identify an unauthorized access point (16), and respond to monitored data flow in a variety of manners including determining the location of the identified unauthorized access point, establishing filtering, and controlling accounting for access services.