While hosting computing workloads as virtual machines is rapidly becoming the norm in business enterprises, security remains a major concern for highly sensitive workloads. By definition, a virtualized environment is a multi-tenant environment and consequently has additional vulnerabilities when compared to a traditional deployment model where resources are dedicated to the workload. For instance, in a virtualized deployment, both hardware and software resources are shared across workloads and one virtual machine could compromise another virtual machine by leaking or affecting sensitive information. In such a scenario, consider a physical platform that is hosting both a web based infrastructure and a payroll application at the same time. During use, any vulnerabilities (e.g., viruses, keystroke programs, PIN stealing malware, etc.) introduced by the web based infrastructure can potentially impact the payroll application since the two share a same computing device. (Namely, a hypervisor coupled with a management domain multiplexes the hardware resources (e.g., processor, memory, disk storage, etc.) and software resources (e.g., I/O drivers) amongst the two virtual machines.) Given the significant amount of a software stack that is shared across the workloads (all of the management domain and the physical I/O infrastructure is shared), even in situations with no compromise it is difficult to prove that there has not been an information leak from one workload to the other.
Accordingly, a need exists in the art of computing for securely hosting workloads in a provably secure fashion. The need further contemplates a system that can maintain flexibility offered in virtual environments, including wide ranging hosting options with varied levels of workload isolation. Even more, the need should extend to using the virtualization infrastructure to mimic the traditional hosting infrastructure. Any improvements along such lines should further contemplate good engineering practices, such as simplicity, ease of implementation, unobtrusiveness, stability, etc.