Abstract: In some embodiments, the invention involves saving limited context information when transitioning between virtual machines. A predetermined set of instructions and events cause a trap. A bit or flag is set to indicate that the event has occurred within a virtual machine. The virtual machine monitor determines whether specific register sets must be saved or restored upon a context switch, based on whether the flag has been set. Other embodiments are described and claimed.

Abstract: A method and apparatus for granting access to a hardware interface shared between multiple software drivers are described. In one embodiment, the apparatus includes an interface to provide access to a hardware function or a resource. As described herein, the hardware function or resource is shared between at least two software entities, such as, for example, device drivers. In one embodiment, access verification logic denies an access request for the hardware function, unless the key associated with the access request matches a stored key semaphore. In one embodiment, a key size may be relatively large to provide a very low probability that a malicious software entity could accidentally or maliciously gain access to the software. Other embodiments are described and claimed.

Abstract: In some embodiments, the invention involves protecting network communications in a virtualized platform. An embodiment of the present invention is a system and method relating to protecting network communication flow using packet encoding/certification and the network stack. One embodiment uses a specialized engine or driver in the network stack to encode packets before being sent to physical network controller. The network controller may use a specialized driver to decode the packets, or have a hardware implementation of a decoder. If the decoded packet is certified, the packet is transmitted. Otherwise, the packet is dropped. An embodiment of the present invention utilizes virtualization architecture to implement the network communication paths. Other embodiments are described and claimed.

Abstract: A method includes performing a file system integrity validation on a host machine having a hypervisor architecture when a file system of a second process is mounted on a file system of a first process. The file system integrity validation occurs independently of booting the host machine.

Abstract: A method, apparatus and system for virtualized proxy services are disclosed herein. Specifically, on one embodiment, a virtual proxy may be implemented in a virtual machine host. The virtual proxy may reside within a dedicated or shared virtual partition and may include a set of access restrictions. In one embodiment, a network including virtual machine hosts having virtual proxies may also provide additional peer-to-peer services. More specifically, a virtual proxy on a virtual host may be configured to broadcast/multicast content requests to other virtual hosts on the network prior to accessing the content from a remote location. If the content has previously been downloaded by another virtual host on the network, the virtual proxy on the requesting host may copy the content from the peer virtual host, instead of downloading the content from the remote location again. A variety of security measures may be implemented in one embodiment to ensure data integrity.

Abstract: A processor-based system accessing a performance profile for a program executing on a predetermined data set, executing the program on the predetermined data set, and governing processor speed in a predictive manner based at least in part on the performance profile.

Abstract: A method and system for selecting network connections in a multi-network environment is described.

Abstract: A system and method for optimizing data store selection for write operations are described herein. In one embodiment the method includes receiving a first request to perform a write operation on one of a plurality of multi-master data stores, wherein the one of the plurality of multi-master data stores is undetermined, and wherein the first request includes an optimization technique identifier. The method also includes creating a second request, wherein the second request requests performance of the write operation. The method further includes determining the one of the plurality of multi-master data stores to which the second request will be transmitted, and wherein the determining includes using an optimization technique associated with the optimization technique identifier. The method further includes transmitting the second request to the one of the plurality of multi-master data stores.

Abstract: A method and system for enabling applications to optimize communications in a network environment is described. The method includes determining a set of application parameters for an application on a user device, determining one or more communications pathways coupled to the user device, determining a plurality of pathway parameters associated with each communications pathway, and selecting the communications pathway with pathway parameters that best match the application parameters of the application.

Abstract: The present disclosure relates to the authenticating a client against a pool of servers utilizing a secure authentication protocol, and, more specifically, to the authenticating a client against a pool of servers providing a common service, utilizing the Kerberos secure authentication protocol.

Abstract: A document may be received over a network that contains a link to a resource. Various contexts, including Internet browsers, can operate more effectively, and make better use of available bandwidth, by caching network resources so that repeated requests for cached resources can be satisfied from a local cache and avoid a duplicative transfer from a server. Instead of utilizing typical cache operations, such as taught in Request For Comments (RFC) 2616, where the server hosting the resource is queried to resolve cache correctness, instead a link to a resource is constructed so that it contains all information necessary to make a cache correctness decision without having to query the server hosting the linked resource. In addition, the link may be constructed so that the cache determination is made with respect to the contents of the linked resource, rather than with respect to metadata about the resource, e.g., name, creation date, location, etc.