SOFTWARE ISOLATION OF VIRTUAL MACHINE RESOURCES

Organization Name

Microsoft Technology Licensing, LLC

Inventor(s)

Jin Lin of Seattle WA (US)

David Alan Hepkin of Redmond WA (US)

Michael Bishop Ebersol of Woodinville WA (US)

Stephanie Sumyi Luck of Redmond WA (US)

Jonathan Edward Lange of Seattle WA (US)

Bruce J. Sherwin, Jr. of Woodinville WA (US)

Kevin Michael Broas of Kirkland WA (US)

Wen Jia Liu of New York NY (US)

Xin David Zhang of Duvall WA (US)

Alexander Daniel Grest of Redmond WA (US)

SOFTWARE ISOLATION OF VIRTUAL MACHINE RESOURCES - A simplified explanation of the abstract

This abstract first appeared for US patent application 17837688 titled 'SOFTWARE ISOLATION OF VIRTUAL MACHINE RESOURCES

Simplified Explanation

The patent application describes a method for isolating resources of a virtual machine (VM) guest from a host operating system. Here is a simplified explanation of the abstract:

• The computer system receives a request from a guest partition of a VM, which is an isolated VM.
• The request includes information about a specific memory page in the guest partition and a memory page visibility class.
• The computer system checks if the physical memory page that corresponds to the guest memory page meets the specified memory page visibility class.
• If the physical memory page meets the class, the computer system changes the page acceptance indication for the guest memory page from unaccepted to accepted.

Potential applications of this technology:

• Virtualization platforms: This technology can be used in virtualization platforms to enhance the isolation and security of VM guests from the host operating system.
• Cloud computing: It can be applied in cloud computing environments to ensure the isolation of resources between different VMs running on the same physical server.

Problems solved by this technology:

• Resource isolation: The technology solves the problem of effectively isolating the resources of a VM guest from the host operating system, preventing unauthorized access or interference.
• Security vulnerabilities: By ensuring that only memory pages meeting specific visibility classes are accepted, the technology helps mitigate security vulnerabilities that could arise from improper memory access.

Benefits of this technology:

• Enhanced security: The technology improves the security of virtualized environments by isolating resources and preventing unauthorized access.
• Efficient resource allocation: By effectively managing memory page acceptance, the technology allows for efficient allocation of resources within a virtualized environment.

Original Abstract Submitted

Isolating resources of a virtual machine (VM) guest from a host operating system. A computer system receives an acceptance request from a guest partition corresponding to an isolated VM. The acceptance request identifies a guest memory page that is mapped into a guest physical address space of the guest partition, and a memory page visibility class. The computer system determines whether a physical memory page that is mapped to the guest memory page meets the memory page visibility class. The computer system sets a page acceptance indication for the guest memory page from an unaccepted state to an accepted state based on the physical memory page meeting the memory page visibility class.