In computing, a virtual machine (VM) is an emulation of a computer system. VMs are based on a specific computer architecture and provide the functionality of an underlying physical computer system. Their implementations may involve specialized hardware, software, or a combination. A Virtual Machine Monitor (VMM) (also known as a hypervisor) is a software program that enables the creation, management and governance of VMs and manages the operation of a virtualized environment on top of a physical host machine. A VMM is the primary software behind virtualization environments and implementations. When installed over a host machine, VMM facilitates the creation of VMs, each with separate operating systems (OS) and applications. VMM manages the backend operation of these VMs by allocating the necessary computing, memory, storage and other input/output (I/O) resources. VMM also provides a centralized interface for managing the entire operation, status and availability of VMs that are installed over a single host machine or spread across different and interconnected hosts.
To achieve confidential and/or protected VM execution, the memory and the runtime processor state of the host machine must also be protected. It is not sufficient to maintain the confidentiality (and integrity) of just the memory assigned to a VM. It is also desired to prevent a malicious or exploited VMM from performing page remapping attacks for a memory address space via the use of extended page tables (EPT) to alter the final page mappings a VM uses. No complete solution exists to this problem to date.