A hardware-assisted paravirtualized hardware watchdog is described that is used to detect and recover from computer malfunctions. A computing device determines that a hardware-implemented watchdog of the computing device does not comply with predetermined watchdog criteria, where the hardware-implemented watchdog is configured to send a reset signal when a first predetermined amount of time elapses without receipt of a first refresh signal. If the hardware-implemented watchdog does not comply with the predetermined watchdog criteria, a runtime watchdog service is initialized using a second predetermined amount of time. The runtime watchdog service is directed to periodically send the refresh signal to the hardware-implemented watchdog before an expiration of the first predetermined amount of time that causes the hardware-implemented watchdog to expire. The hardware-implemented watchdog is directed to send the reset signal when the second predetermined amount of time elapses without receipt of a second refresh signal.

A method securely manages smart card transactions. A processing entity receives a smart card identifier from a smart card, where the smart card is a virtual card on a mobile computing device that comprises a processor, where the smart card identifier is a transaction-specific identifier for a transaction. A protected application is received at the mobile computing device, where a received protected application initially cannot be utilized by an operating system for execution by the processor. A security object is received at the mobile computing device, where the security object is used to convert the received protected application into an executable application that can be utilized by the operating system for execution by the processor. The processor executes the executable application to act as the virtual card, where the virtual card provides a functionality of a predefined physical electronic card.

Described embodiments provide systems and methods for running virtual machines based by probing installation media. A media probe executing on one or more processors may identify an installation media for configuring a virtual machine on a type of operating system. The media probe may detect the type of operating system from the installation media. A virtualization manager executing on the one or more processors may determine a virtualization mode for configuration of the virtual machine based on the type of operating system detected from the installation media. The virtualization manager may create the virtual machine in accordance with the virtualization mode determined based on the type of operating system.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

The present disclosure relates generally to computer architecture and infrastructure for guest operating systems executing on a host operating system. A method of allowing command sessions in a guest operating system includes receiving, by a host operating system, a request to invoke a command session by a guest operating system; receiving, by the host operating system, a request to invoke a bash interceptor; and loading bash code into a secure sandbox on the host operating system.

The present disclosure relates generally to computer architecture and infrastructure for guest operating systems executing on a host operating system. A method of creating a guest-native executable includes receiving, by a host operating system, a call from a guest operating system to construct an executable from a guest-native source; creating an ecosystem for the guest-native source in a secure sandbox running on a host operating system; receiving the guest-native source; and executing the guest-native source in the ecosystem on the host operating system.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

Methods, apparatus and articles of manufacture for dynamically extending a cloud management system by adding endpoint adapter types are disclosed. An example cloud management system includes: an interface to communicate with an external device; a host to manage requests and allocate resources through one or more virtual machines; and an endpoint registry to include an endpoint adapter and metadata defining the endpoint adapter, the endpoint adapter to specify communication between at least one of the host or the external device and an endpoint. In the example cloud management system, the host is to at least enable, via the interface, the external device to access the endpoint registry a) to register an endpoint adapter configuration with the endpoint registry and b) to retrieve the endpoint adapter configuration from the endpoint registry.

Systems and methods for enabling a user space process of a guest operating system to initiate hardware operations in a security-enhanced manner. An example method may comprise: configuring a storage unit to store resource requests of one or more user space processes, wherein the storage unit is accessible to a hypervisor and to a user space process managed by a guest operating system; determining, by a processing device, that the user space process managed by the guest operating system is authorized to store a resource request at the storage unit; and receiving, by the hypervisor, a signal from the user space process, wherein the signal is associated with the storage unit and initiates execution of the resource request.

Systems and methods for managing host virtual addresses in a hypercall are disclosed. In one implementation, a processing device may receive, by a hypervisor managing a virtual machine (VM), a hypercall initiated by the VM, wherein a first parameter of the hypercall specifies a guest physical address (GPA) of a memory buffer and a second parameter of the hypercall specifies a host virtual address (HVA) of the memory buffer. The processing device may also translate the GPA to a first host physical address (HPA) and may translate the HVA to a second HPA. The processing device may further compare the first HPA to the second HPA and responsive to determining that the first HPA matches the second HPA, the processing device may execute the hypercall using the HVA.