Systems, methods, and apparatus for securing virtual machine control structures
First Claim
1. A processor with technology to secure a virtual machine control data structure, the processor comprising:
- virtualization technology that enables the processor to;
execute host software in root mode; and
execute guest software in non-root mode in a virtual machine (VM), wherein the VM is based at least in part on a virtual machine control data structure (VMCDS) for the VM; and
a root security profile that specifies access restrictions to be imposed when the host software attempts to read the VMCDS in root mode.
1 Assignment
0 Petitions
Accused Products
Abstract
A data processing system with technology to secure a VMCS comprises random access memory (RAM) and a processor in communication with the RAM. The processor comprises virtualization technology that enables the processor to (a) execute host software in root mode and (b) execute guest software from the RAM in non-root mode in a virtual machine (VM) that is based at least in part on a virtual machine control data structure (VMCDS) for the VM. The processor also comprises a root security profile to specify access restrictions to be imposed when the host software attempts to read the VMCDS in root mode. Other embodiments are described and claimed.
15 Citations
20 Claims
-
1. A processor with technology to secure a virtual machine control data structure, the processor comprising:
-
virtualization technology that enables the processor to; execute host software in root mode; and execute guest software in non-root mode in a virtual machine (VM), wherein the VM is based at least in part on a virtual machine control data structure (VMCDS) for the VM; and a root security profile that specifies access restrictions to be imposed when the host software attempts to read the VMCDS in root mode. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A data processing system with technology to secure a virtual machine control data structure, the data processing system comprising:
-
random access memory (RAM); a processor in communication with the RAM; virtualization technology in the processor that enables the processor to; execute host software in root mode; and execute guest software from the RAM in non-root mode in a virtual machine (VM), wherein the VM is based at least in part on a virtual machine control data structure (VMCDS) for the VM; and a root security profile in the processor to specify access restrictions to be imposed when the host software attempts to read the VMCDS in root mode. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for securing a virtual machine control data structure in a data processing system, the method comprising:
-
establishing a key domain (KD) in random access memory (RAM) of a data processing; loading a virtual machine control data structure (VMCDS) for a virtual machine (VM) into the KD; executing guest software in the VM in the KD in non-root mode; receiving a request from a virtual machine monitor (VMM) executing in root mode in the data processing system, wherein the request involves accessing the VMCDS; in response to receiving the request from the VMM in root mode, automatically using a root security profile to determine whether or not to allow the VMM to access the VMCDS. - View Dependent Claims (18, 19, 20)
-
Specification