The present invention relates in general to data processing systems, and in particular, to a computer system, a method and a computer program product for protecting contents of a memory in a computer system from unauthorized access.
Virtualization extensions to microprocessors along with hypervisor software allow cloud computing providers to run multiple virtual machines (VMs) on a single physical server. Hypervisor-secure virtualization is proposed for security in cloud computing: to protect guest VMs from attacks by a compromised hypervisor. Specifically, the hypervisor initiates VMs and manages resources as usual, but may not be allowed to snoop on any confidential contents of the VM during its lifetime. Memory is the key asset which should be protected as the potentially sensitive, private or proprietary code or data is stored in the memory which has been assigned to a VM. Hardware enhancements can provide a promising solution. Because the hardware is logically located in hierarchy below the hypervisor software, it can store data and have functionality which cannot be altered by the hypervisor. Furthermore, changing functionality implemented by hardware, and probing the microprocessor chip to recover secrets, are difficult. Consequently, hardware enhancements are a good approach for tackling the threat. Already, virtualization extensions to the microprocessor hardware are widely deployed and major microprocessor vendors provide them in their commodity products.