-
公开(公告)号:US20210216357A1
公开(公告)日:2021-07-15
申请号:US16822054
申请日:2020-03-18
Applicant: VMWARE, INC.
Inventor: VIVEK MOHAN THAMPI , ALOK NEMCHAND KATARIA , MARTIM CARBONE , DEEP SHAH
Abstract: Techniques for supporting invocations of the RDTSC (Read Time-Stamp Counter) instruction, or equivalents thereof, by guest program code running within a virtual machine (VM), including guest program code running within a secure hardware enclave of the VM, are provided. In one set of embodiments, a hypervisor can activate time virtualization heuristics for the VM, where the time virtualization heuristics cause accelerated delivery of system clock timer interrupts to a guest operating system (OS) of the VM. The hypervisor can further determine a scaling factor to be applied to timestamps generated by one or more physical CPUs, where the timestamps are generated in response to invocations of a CPU instruction made by guest program code running within the VM, and where the scaling factor is based on the activated time virtualization heuristics. The hypervisor can then program the scaling factor into the one or more physical CPUs.
-
公开(公告)号:US20230082141A1
公开(公告)日:2023-03-16
申请号:US18047450
申请日:2022-10-18
Applicant: VMware, Inc.
Inventor: VIVEK MOHAN THAMPI , ALOK NEMCHAND KATARIA , MARTIM CARBONE , DEEP SHAH
Abstract: Techniques for supporting invocations of the RDTSC (Read Time-Stamp Counter) instruction, or equivalents thereof, by guest program code running within a virtual machine (VM), including guest program code running within a secure hardware enclave of the VM, are provided. In one set of embodiments, a hypervisor can activate time virtualization heuristics for the VM, where the time virtualization heuristics cause accelerated delivery of system clock timer interrupts to a guest operating system (OS) of the VM. The hypervisor can further determine a scaling factor to be applied to timestamps generated by one or more physical CPUs, where the timestamps are generated in response to invocations of a CPU instruction made by guest program code running within the VM, and where the scaling factor is based on the activated time virtualization heuristics. The hypervisor can then program the scaling factor into the one or more physical CPUs.
-
公开(公告)号:US20200344210A1
公开(公告)日:2020-10-29
申请号:US16442579
申请日:2019-06-17
Applicant: VMWARE, INC.
Inventor: SHIRISH VIJAYVARGIYA , ALOK NEMCHAND KATARIA , DEEP SHAH
Abstract: Techniques for implementing a secure enclave-based guest firewall are provided. In one set of embodiments, a host system can load a policy enforcer for a firewall into a secure enclave of a virtual machine (VM) running on the host system, where the secure enclave corresponds to a region of memory in the VM's guest memory address space that is inaccessible by processes running in other regions of the guest memory address space (including privileged processes that are part of the VM's guest operating system (OS) kernel). The policy enforcer can then, while running within the secure enclave: (1) obtain one or more security policies from a policy manager for the firewall, (2) determine that an event has occurred pertaining to a new or existing network connection between the VM and another machine, and (3) apply the one or more security policies to the network connection.
-
-
Search Results
3
records
(took 0.009 seconds)
