Among threats to processor based platforms are malicious software “worms”, “viruses”, “rootkits”, “malware”. Malicious software propagation combined with the growing intelligence and sophistication of attacks have created a serious threat scenario for corporate and individual property (both intellectual and financial). As software, malicious code is memory-based and therefore, protecting run-time memory from unauthorized accesses has become increasingly important.
Page tables and associated control registers are critical for the functioning of an operating system and applications on many platforms. Therefore, it is important for an unauthorized access or attempt to modify the page tables of a platform by a worm, virus, rootkit, or other malicious entity to be prevented or at least detected.
Some platforms may exist as virtualized machines or virtualized platforms. Virtualization is a technique that enables a processor based host machine with support for virtualization in hardware and software, or in some cases, in software only, to present an abstraction of the host, such that the underlying hardware of the host machine appears as one or more independently operating virtual machines. Each virtual machine may therefore function as a self-contained platform. Often, virtualization technology is used to allow multiple guest operating systems and/or other guest software to coexist and execute apparently simultaneously and apparently independently on multiple virtual machines while actually physically executing on the same hardware platform. A virtual machine may mimic the hardware of the host machine or alternatively present a different hardware abstraction altogether.
Virtualization systems provide guest software operating in a virtual machine with a set of resources (e.g., processors, memory, IO devices) and may map some or all of the components of a physical host machine into the virtual machine, or create fully virtual components. The virtualization system may thus be said to provide a virtual bare machine interface to guest software. In some embodiments, virtualization systems may include a virtual machine monitor (VMM) which controls the host machine. The VMM provides guest software operating in a virtual machine (VM) with a set of resources such as processors, memory, and IO devices. The VMM may map some or all of the components of a physical host machine into the virtual machine, and may create fully virtual components, emulated in software in the VMM, which are included in the virtual machine (e.g., virtual IO devices). The VMM uses facilities in a hardware virtualization architecture to provide services to a virtual machine and to provide protection from and between multiple virtual machines executing on the host machine. Generally, the memory space in which the VMM operates is a part of host physical memory that is not accessible to any of the virtual machines operating within guest physical memory of the VM.
Memory protections for guest software executing within a VM are important, and so, similarly, are protections for memory management software for VMs such as page tables and control registers relating to page and memory management in VMs.