Hypervisor assisted virtual memory obfuscation

摘要

Remote computing resource service providers allow customers to execute one or more applications in a virtual environment on computer systems provided by the computing resource service provider. The virtual machines may be managed by a hypervisor executing on computer systems operated by the service provider. The virtual machines' memory may be protected by a memory obfuscation service and the hypervisor. The memory obfuscation service may enable the virtual machines to maintain at least a portion of sensitive information in an obfuscated format. The virtual machines may request access to the virtual machines' memory, the memory obfuscation service may obtain the requested memory in an obfuscated format and un-obfuscate the memory such that it may be used by the virtual machines.

主权项

1. A computer-implemented method, comprising:
under the control of one or more computer systems configured with executable instructions,
instantiating a virtual machine managed by a hypervisor by at least loading obfuscated memory associated with the virtual machine into memory of a host computer system;receiving at the hypervisor a page fault corresponding to an attempt, by the virtual machine, to access at least one memory page stored in obfuscated memory and at least partially referenced in a page table;transmitting a command to a memory obfuscation service, the command causing the memory obfuscation service to un-obfuscate the at least one memory page and load the un-obfuscated at least one memory page into a virtual cache associated with the virtual machine;updating the page table to include information corresponding to the un-obfuscated at least one memory page and the virtual cache; andproviding the virtual machine with access to the un-obfuscated at least one memory page.