Unless otherwise indicated herein, the materials described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
Multi-level virtualization is a security concept, where each small software component within a machine has independently isolated resource access using virtualization without additional operating systems. The vision for such systems is to have a large number (e.g., thousands) of virtualized containers with individual virtualized containers around each operating system service, application, or web session such that they cannot modify each other or shared resources unless system policies give them the right to do so. Such multi-level virtualization (e.g., micro-virtualization) systems may be powerful and immune to conventional malware.
Conventional multi-level virtualization systems need to use hardware virtualization features, which may not currently be run inside virtual machines because hardware virtualization system events are delivered to the single lowest level virtual machine manager. Thus, multi-level virtualization security cannot be used inside current virtualized environments such as those in datacenter or cloud computing systems unless the datacenters switch back to non-virtualized server operation.