According to aspects of the disclosure a method is provided, comprising: generating a live execution trace log corresponding to a live execution of a computer program, the live execution being performed by using both hardware emulation and hardware acceleration; generating a first trace entry corresponding to a replay execution of the computer program, the replay execution being performed by using hardware emulation without hardware acceleration, the replay execution being performed based on a set of events that are recorded during the live execution of the computer program; detecting whether the first trace entry is valid based on the live execution trace log; and in response to detecting that the first trace entry is not valid, transitioning into a safe state.

A multi-core processing environment (MCPE) capable of quantifying shared system resource (SSR) access includes several processing cores, each core having several applications running thereon and accessing SSRs via virtual machines (VM). Each core includes core-specific shared memory and a guest operating system (GOS) for writing timestamped VM data entries to a core-specific data queue, each entry identifying an activated VM and its activation time. Hypervisor-accessible memory stores performance monitor registers (PMR) for monitoring specific MCPE features as well as PMR data queues for each core, the PMR data including timestamped values of the monitored features. The hypervisor writes the VM/PMR data to the corresponding queues and frequently samples PMR data. A correlation module correlates the queued VM/PMR data to determine execution times of each activated VM and (for each execution time) counts of PMR changes, each PMR change corresponding to an SSR access by a core of the MCPE.

Methods and apparatus for task processing in a distributed environment are disclosed and described. An example apparatus includes a task manager and a task dispatcher. The example task manager is to receive a task and create an execution context for the task, the execution context to associate the task with a routine for task execution. The example task dispatcher is to receive a report of task execution progress and provide an update regarding task execution progress, the task dispatcher, upon initiation of task execution, to facilitate blocking of interaction with a resource involved in the task execution. The example task dispatcher is to trigger an indication of task execution progress and, upon task finish, facilitate unblocking of the resource involved in the task execution.

The present disclosure relates to computer-implemented methods, software, and systems for providing extension application mechanisms. Memory is allocated for a virtual environment to run in an address space of an application that is to be extended with extension logic in a secure manner. The virtual environment is configured for execution of commands related to an extension functionality of the application. A virtual processor for an execution of a command of the commands is initialized at the virtual environment. The virtual processor is operable to manage one or more guest operating systems (OS). A first guest OS is loaded at the allocated memory and application logic of the extension functionality is copied into the allocated memory. The virtual environment is started to execute the first guest OS and the application logic of the extension functionality in relation to associated data of the application in the allocated memory.

A virtual multi-Operating System (OS) environment optimized for running multiple image processing applications on a single computing platform using one or more central processing units (CPUs) and one or more graphic processing units (GPUs). According to an exemplary method of video processing, a first video processing application program is operated using a first operating system of a first processor for a computing device. A second video processing application program is simultaneously operated using a second operating system of a second processor for the computing device. Operation of one of the first processor and second processor is dynamically suspended to transfer operation of one of the video processing application programs to the remaining processor.

A secondary pool of VMs is used to run secondary services or jobs, which may be evicted upon failure of a corresponding primary VM. Upon detection of a failure of a primary resource, the secondary services or jobs are evicted from secondary pool resources, and the secondary pool resources can be automatically allocated to the jobs of the failed primary resource. In this regard, a secondary job may be thought of as a preemptible job and comprises services or jobs that are lower priority than the service or job on the primary resource. By using computing resources in the secondary pool to run secondary or preemptible jobs, this technology makes use of what would be otherwise idle resources. This beneficially avoids having to allocate additional and separate computing resources for secondary jobs, leads to more efficient use of network resources, and reduces costs.

A system for securing access to a network asset and including a launcher and a master each configure to generate a new unique and temporary hostname and virtual machines each having an IP address associated to a corresponding generated unique, secret and temporary hostname. Each virtual machine operates either as a server hosting the network asset or a reverse proxy or a firewall between a client device having the launcher stored in the memory thereof and the corresponding network asset. A new virtual machine is created each time a new hostname is generated and is destructed after the corresponding hostname expires. The system also includes a DNS server storing a database of host records each including a public IP address of one of the virtual machines and the corresponding hostname, the database of host records being updated each time a new virtual machine is created in a DNS domain.

Systems, apparatuses and methods may provide for technology that associates a key domain of a plurality of key domains with a customer boot image, receives the customer boot image from the customer, and verifies the integrity of the customer boot image that is to be securely installed at memory locations determined from an untrusted privileged entity (e.g., a virtual machine manager).

Systems and methods are described for providing performance-based hardware emulation in an on-demand network code execution system. A user may generate a task on the system by submitting code. The system may determine, based on the code or its execution, that the code executes more efficiently if certain functionality is available, such as an extension to a processor's instruction set. The system may further determine that it can provide the needed functionality using various computing resources, which may include physical hardware, emulated hardware (e.g., a virtual machine), or combinations thereof. The system may then determine and provide a set of computing resources to use when executing the user-submitted code, which may be based on factors such as availability, cost, estimated performance, desired performance, or other criteria. The system may also migrate code from one set of computing resources to another, and may analyze demand and project future computing resource needs.

Techniques for protecting a computer system against fileless malware are described. One technique includes a virtual machine (VM) locker logic/module implemented by one or more processors receiving information about input/output (I/O) requests associated with injection of data into a process. The logic/module can generate or update an information log to reflect that the process includes data from an external source. The data from the external source can include fileless malware. The technique also includes the logic/module intercepting an execution request by a process (e.g., the process that includes data from an external source, another process, etc.), where an execute privilege located in an operating system mediated access control mechanism approves the request. Next, the logic/module determines that the process requesting execution is included in the log and removes an execute privilege located in a hypervisor mediated access control mechanism to deny the request. Other advantages and embodiments are described.