摘要 |
Shown and depicted is preventing sensitive data from being exfiltrated from an organization using hypervisors. A Data Loss Prevention system is composed using virtual machines or domains to segment memory between domains which are assumed to be untrusted and domains which are known to be trusted. Sensitive data is cypher text when observed by software in Untrusted Domains, and clear text when observed by software in Trusted Domains. Sensitive data is unencrypted when it is in the address space of a protected process running inside a trusted domain. |