The present invention relates in general to data processing systems, and in particular, to a method and a system for processing a guest event in a hypervisor-controlled system.
Customer adoption of public Clouds is limited to non-mission critical data. Very often, core business data is an essential asset to a customer, and data confidentiality is critical for business success. As long as customers do not trust Cloud environments, Cloud adoption of those business sensitive environments stays minimal. Among the main concerns of customers are lack of trust in the Cloud provider and the security of the Cloud.
Trust in the Cloud provider is critical since an administrator of the provider has the capability to fully inspect the customer's workload and data. This potential for a data breach is the reason that many customers are hesitant to utilize public Clouds. Another security threat with respect to public Clouds relates to the threat of a hypervisor breach, i.e. if an attacker gains access to the hypervisor, the customer's workload and data are at risk again.
Current approaches to guarantee confidentiality and privacy are limited to input/output (I/O) protections: network encryption like secure sockets layer (SSL) can be used to encrypt socket connections and disk encryption tools like dm-crypt in LINUX can be used to encrypt data on a disk device. A trusted platform module (TPM) has also been developed to ensure that a boot chain is valid at the time the customer runs its workload, yet not deployed in a Cloud environment. Also, TPMs do not ensure privacy but integrity of the setup at best.
All of these technologies, even if used, do not address the issue that a hypervisor can always fully inspect its guests, where guests may in general be virtual machines on a hypervisor-controlled system, and read memory contents with potentially sensitive data of the image running in the guest. U.S. Patent Publication No. 2011/0302400 A1 describes a method that generally includes receiving, by a trust anchor on a central processing unit (CPU) having a plurality of processing cores, a virtual machine (VM) image. As received, the VM image is encrypted using a VM image encryption key. The method also includes obtaining the VM image encryption key and configuring a first encrypt/decrypt block with the VM image encryption key. The method also includes generating a memory session key and configuring a second encrypt/decrypt block with the memory session key. The method also includes fetching one or more pages of the VM image into a memory accessible by the plurality of processing cores. Each fetched page is decrypted by the first encrypt/decrypt block using the VM image encryption key and subsequently encrypted by the second encrypt/decrypt block using the memory session key.