SECURE IDENTIFICATION OF EXECUTION CONTEXTS

摘要

A virtual-machine-based system that identifies an application or process in a virtual machine in order to locate resources associated with the identified application. Access to the located resources is then controlled based on a context of the identified application. Those applications without the necessary context will have a different view of the resource.

主权项

1. In a computer system comprising a virtual machine monitor (VMM) running on system hardware and supporting a virtual machine (VM) having a first execution context running therein, a method of facilitating a guest operating system (OS) running in the VM to respond to a first event occurrence issued from the first execution context comprising:
(1) the VMM intercepting the first event occurrence and taking control from the first execution context; (2) the VMM saving a state of the first execution context in a first memory space provided for the first execution context; (3) the VMM redirecting control to a dispatch handler program; (3A) the dispatch handler program creating a second event occurrence as a function of the first event occurrence and issuing the second event occurrence to the guest OS; (4) the VMM intercepting the second event occurrence, saving a state of the dispatch handler, modifying control return information of the second event occurrence and forwarding the modified second event occurrence to the guest OS; (5) the guest OS processing the second event occurrence and returning control as a function of the modified control return information; (6) the VMM restoring the state of the saved dispatch handler and the dispatch handler processing data returned by the guest OS in response to the modified second event occurrence; (7) the dispatch handler requesting the VMM to resume execution of the first execution context; and (8) the VMM restoring the state of the first execution context saved in step (2) and returning control to the first execution context.