A virtual machine malware detection service caches contents that correspond to operating system registries. By caching the content of important registers, the malware detector is able to efficiently traverse virtual machine memory contents to identify important operating system properties. Examples of such operating system properties include a list of running processes. The malware detector replaces agent-based threat detection for compute endpoints. The malware detector detects cryptocurrency miners and malware by scanning guest virtual machine (VM) memories. The guest VM memory may be scanned according to the guest physical address. According to some examples, the memories of guest user processes may be scanned one by one, using the page table address for each guest process to efficiently locate its memory.

An insider attack resistant system for providing cloud services integrity checking is disclosed. In particular, the system utilizes an automated integrity checking script and virtual machines to check the integrity of a service. The system may utilize the integrity checking script and virtual machines to execute a set of operations associated with the service so as to check the integrity of the service. When executing the set of operations, the system may only have access to the minimum level of access to peripherals that is required for each operation in the set of operations to be executed. After each operation is executed, the system may log each result for each operation, and analyze each result to determine if a failure exists for any of the operations. If a failure exists, the system may determine that a change in an expected system behavior associated with the service has occurred.

A processor comprises a core, a cache, and a ZCM manager in communication with the core and the cache. In response to an access request from a first software component, wherein the access request involves a memory address within a cache line, the ZCM manager is to (a) compare an OTAG associated with the memory address against a first ITAG for the first software component, (b) if the OTAG matches the first ITAG, complete the access request, and (c) if the OTAG does not match the first ITAG, abort the access request. Also, in response to a send request from the first software component, the ZCM manager is to change the OTAG associated with the memory address to match a second ITAG for a second software component. Other embodiments are described and claimed.

A system is provided that includes one management cluster to manage network function virtualization infrastructure (NFVI) resources lifecycle in more than one edge POD locations, where resources include hardware and/or software, and where software resources lifecycle includes software development, upgrades, downgrades, logging, monitoring etc. Methods are provided for decoupling storage from compute and network functions in each virtual machine (VM)-based NFVI deployment location and moving it to a centralized location. Centralized storage could simultaneously interact with more than one edge PODs, and the security is built-in with periodic key rotation. Methods are provided for increasing NFVI system viability by dedicating (fencing) CPU core pairs for specific controller operations and workload operations, and sharing the CPU cores for specific tasks.

An apparatus to facilitate provenance audit trails for microservices architectures is disclosed. The apparatus includes one or more processors to: obtain, by a microservice of a service hosted in a datacenter, provisioned credentials for the microservice based on an attestation protocol; generate, for a task performed by the microservice, provenance metadata for the task, the provenance metadata including identification of the microservice, operating state of at least one of a hardware resource or a software resource used to execute the microservice and the task, and operating state of a sidecar of the microservice during the task; encrypt the provenance metadata with the provisioned credentials for the microservice; and record the encrypted provenance metadata in a local blockchain of provenance metadata maintained for the hardware resource executing the task and the microservice.

A system-on-a-chip sharing a graphics processing unit supporting multi-master is provided. A system on chip (SoC) comprises a plurality of central processing units (CPUs) for executing at least one operating system, a graphics processing unit (GPU) that is connected to each of the plurality of CPUs via a bus interface and communicates with each of the plurality of CPUs, and at least one state monitoring device that is selectively connected to at least one CPU among the plurality of CPUs and transmits execution state information of at least one operating system executed in the connected CPU to the GPU. The GPU is shared by at least one operating system and controls a sharing operation by the at least one operating system based on the execution state information of the at least one operating system.

A method and system may provide virtual port communications. A data frame, containing a destination identifier in a destination field and payload, may be modified by inserting a first virtual machine tag therein. The first virtual machine tag may include a first virtual port identifier for identifying a first logical interface of a first virtual machine on a virtual machine host.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

A system may include a host computer, a VCI running on the host computer, a virtualization layer executing in the host computer to support the VCI, and an in-guest agent executing in the VCI. The virtualization layer receives a message including metadata about a first memory region to be copied and an indication of loading of an upgraded version of the in-guest agent. Further, the virtualization layer copies data from the first memory region to a second memory region. Furthermore, the virtualization layer receives information about an entry point of the upgraded version from the in-guest agent. Also, the virtualization layer receives a request to register the entry point from the upgraded version and verifies the request based on the information about the entry point. Upon verifying the request, the virtualization layer enables the upgraded version to copy the data from the second memory region.

A method includes generating, by a computing device, a probe; deploying, by the computing device, the probe into a virtual machine hosting a cloud application; increasing, by the computing device, resource consumption by the probe; collecting, by the computing device, performance data from the cloud application; and training, by the computing device, a machine learning model using the performance data.