Hypervisor assisted virtual memory obfuscation

摘要

Remote computing resource service providers allow customers to execute one or more applications in a virtual environment on computer systems provided by the computing resource service provider. The virtual machines may be managed by a hypervisor executing on computer systems operated by the service provider. The virtual machines' memory may be protected by a memory obfuscation service and the hypervisor. The memory obfuscation service may enable the virtual machines to maintain at least a portion of sensitive information in an obfuscated format. The virtual machines may request access to the virtual machines' memory, the memory obfuscation service may obtain the requested memory in an obfuscated format and un-obfuscate the memory such that it may be used by the virtual machines.

主权项

1. A computer-implemented method, comprising:
under the control of a host computer system that executes executable instructions,
instantiating a virtual machine by at least loading obfuscated memory associated with the virtual machine into memory of the host computer system;receiving a request to access at least one memory page stored in obfuscated memory and at least partially referenced in a page table, where a memory management unit of the host computer system determines that the at least one memory page stored in obfuscated memory is at least partially referenced in the page table and the page table is provided by the memory management unit;transmitting a command to a memory obfuscation service, the command causing the memory obfuscation service to un-obfuscate the at least one memory page and load the at least one memory page into a virtual cache associated with the virtual machine; andproviding the virtual machine with access to the at least one memory page.