| 摘要 |
A method of processing data using a memory having a plurality of memory regions, a given memory region having an associated owning process having exclusive rights to control access to the given memory region, comprises: receiving at a security controller a request to initialise a guest execution environment; claiming one or more regions of memory to be owned by the security controller; storing executable program code of the guest execution environment within the one or more regions of memory; and transferring ownership of the one or more regions to the guest execution environment. This facilitates the conception of a blind hypervisor, which still manages the virtual machines and controls which portions of the address space they can access, but does not necessarily have visibility of all the data associated with a given virtual machine, i.e. a process running at a higher privilege level may not have permission to access addresses used by a process running at a lower privilege level. Potentially secret data of a guest execution environment can thus be protected from access by other processes, including the hypervisor. |
