Abstract: Memory access control in a virtualization environment is provided. Sets of page tables are maintained, with each set corresponding to a given hypervisor application and guest virtual machine (VM), and each set including mappings to a subset of the guest VM memory to thereby limit an amount of the quest VM memory that is accessible Presentation of these sets is controlled to present just one of the sets at any given time for hypervisor processing to access guest VM memory.

Abstract: Memory access control in a virtualization environment is provided by maintaining sets of page tables each corresponding to a given hypervisor application and guest virtual machine (VM), and controlling presentation of the sets of page tables to selectively present just one of the sets at any given time for hypervisor processing to access guest VM memory, where access to guest VM memory is controlled by controlling a page table base address presented in hardware of the computer system, and controlling presentation includes, based on a request for hypervisor processing for a guest VM: identifying a hypervisor application to service the request for hypervisor processing, identifying the set that corresponds to the combination of that guest VM and that hypervisor application, and presenting that identified set for guest VM memory access by the identified hypervisor application and the microkernel hypervisor.

Abstract: Process core isolation for execution of multiple operating systems on a multicore computer system includes booting first and second operating systems (OSs) on a computer system that includes a plurality of processor cores across physical central processing unit(s) (CPUs). Booting the first OS boots the first OS on a first subset of the processor cores. Booting the second OS, different from the first OS, boots the second OS on a second subset of the processor cores. The first and second subsets are mutually exclusive, where a first processor core of a physical CPU of the physical CPUs is included in the first subset and a second processor core of the physical CPU is included in the second subset, and where the first and second OSs execute concurrently on the computer system, and each of the first and second OS executes on only its respective subset of processor core(s).

Abstract: Dedicating hardware devices to virtual machines includes dedicating, by a hypervisor executing on a computer system, a set of hardware devices of the computer system to a first virtual machine of the hypervisor, the first virtual machine executing a guest operating system, and the set of hardware devices for use by the guest operating system in execution of the guest operating system, and dedicating network device hardware of the computer system to a second virtual machine of the hypervisor, the second virtual machine being a different virtual machine than the first virtual machine, wherein network communication between the guest operating system and a network to which the computer system is connected via the network device hardware occurs via the second virtual machine.

Abstract: Process core isolation for execution of multiple operating systems on a multicore computer system includes booting first and second operating systems (OSs) on a computer system that includes a plurality of processor cores across physical central processing unit(s) (CPUs). Booting the first OS boots the first OS on a first subset of the processor cores. Booting the second OS, different from the first OS, boots the second OS on a second subset of the processor cores. The first and second subsets are mutually exclusive, where a first processor core of a physical CPU of the physical CPUs is included in the first subset and a second processor core of the physical CPU is included in the second subset, and where the first and second OSs execute concurrently on the computer system, and each of the first and second OS executes on only its respective subset of processor core(s).

Abstract: A method provides a graphical interface for a computer system and includes receiving window information from each domain of multiple domains in which applications execute. Based on the received window information, the method builds the graphical interface on a graphics device of the computer system from graphics data provided from the multiple domains to the graphics device. The graphics device includes a GPU and graphics memory having multiple graphics memory portions, where each domain is dedicated a respective different graphics memory portion and is given write access thereto. The building issues commands to the graphics device that instruct the GPU to composition together graphics data from graphics memory portion(s) to thereby composition together graphics data from each of two of more domains of the multiple domains. The method also includes issuing commands to the graphics device to output the graphical interface to a set of one or more display devices.

Abstract: A method provides a graphical interface for a computer system and includes receiving window information from each domain of multiple domains in which applications execute. Based on the received window information, the method builds the graphical interface on a graphics device of the computer system from graphics data provided from the multiple domains to the graphics device. The graphics device includes a GPU and graphics memory having multiple graphics memory portions, where each domain is dedicated a respective different graphics memory portion and is given write access thereto. The building issues commands to the graphics device that instruct the GPU to composition together graphics data from graphics memory portion(s) to thereby composition together graphics data from each of two of more domains of the multiple domains. The method also includes issuing commands to the graphics device to output the graphical interface to a set of one or more display devices.

Abstract: Dedicating hardware devices to virtual machines includes dedicating, by a hypervisor executing on a computer system, a set of hardware devices of the computer system to a first virtual machine of the hypervisor, the first virtual machine executing a guest operating system, and the set of hardware devices for use by the guest operating system in execution of the guest operating system, and dedicating network device hardware of the computer system to a second virtual machine of the hypervisor, the second virtual machine being a different virtual machine than the first virtual machine, wherein network communication between the guest operating system and a network to which the computer system is connected via the network device hardware occurs via the second virtual machine.

Abstract: Verification of trustworthiness of a computing platform is provided. The trustworthiness of the computing platform is dynamically assessed to determine whether a root of trust exists on the computing platform. Responsive to determining existence of the root of trust, data is unsealed from a sealed storage facility. The sealed storage facility is unsealed responsive to a root of trust being determined to exist on the computing platform. The data can be used to attest to the trustworthiness of the computing platform to other device on a network.

Abstract: User interaction with multiple domains is facilitated while preventing cross-domain transfer of data from those domains. A compositioning domain facilitates this interaction in a secure manner in which cross-domain transfer of data is prevented. This includes obtaining pixel information from the domains via one or more read-only communication paths, providing a user interface to the user, which includes providing a display buffer including at least some of the pixel information obtained from each domain of the domains for display to the user, and maintaining an in-focus domain state. The in-focus domain state indicates which domain of the domains is currently in-focus. User input from the user based on the user interface is provided by a user input handler directly to the currently in-focus domain indicated by the in-focus domain state absent transfer of the user input to the compositioning domain.

Abstract: Verification of trustworthiness of a computing platform is provided. The trustworthiness of the computing platform is dynamically assessed to determine whether a root of trust exists on the computing platform. Responsive to determining existence of the root of trust, data is unsealed from a sealed storage facility. The sealed storage facility is unsealed responsive to a root of trust being determined to exist on the computing platform. The data can be used to attest to the trustworthiness of the computing platform to other device on a network.