Securing modern computer systems is challenging since applications share resources and information and are open to outside networks. To address the conflict between application isolation and information sharing, IAI and its collaborator, Purdue University, have been awarded a follow-on contract entitled “Policy Guided Isolation and Strategically Shielded Exposure: A Novel Approach to Secure Applications.” This methodology regulates information sharing mechanisms by combining a Policy Machine (PM) technique with virtualization technology. In the first phase, the security-enhanced virtual machine monitor (VMM) was implemented. The application programs and their operating system (OS), called the guest OS, were run inside a virtual machine (VM). A modified VMM architecture with a hypervisor running directly on top of the hardware platform is used to create VMs outfitted with individual VM Managers. The hypervisor intercepts hardware access requests and system calls from a VM and forwards to the VM Manager, which uses semantics mapping, data/process coloring, and kernel code protection to collect information and monitor the execution of the VM. This security-enhanced VMM was effective in preventing information leakage caused by accidents or malware. In the next phase, a lightweight kernel-compatible PM and efficient kernel code protection mechanisms will be integrated with the VMM to automatically reason over security policies used to regulate information sharing mechanisms in the VM. This policy programmable security-enhanced VMM will enable the system administrator to dynamically update security policies without interrupting the VM’s execution. A configuration interface will allow the system administrator to configure the VMM’s functions and capabilities based on application requirements. The effectiveness of this VMM, which can also protect the guest OS against kernel rootkits, will be demonstrated using real application scenarios.