The present invention relates to virtual machines, and more specifically, to virtual machine access controls.
With mobile virtualization and the movement to “bring your own device” (BYOD) computing, mobile phones, tablets, laptops or other mobile devices can run a plurality of virtual machines whereby each of the virtual machines on a given device is contextualized for different roles or personas (e.g., a personal persona and a corporate persona). In such cases, aspects of a user interface of a particular mobile device will include the interface layout, context independent data, such as certain contact entries and device identification and ownership data that can be viewed in accordance with any persona at any given time, and context dependent data. Such context dependent data would be available only in accordance with the persona corresponding to the context dependent data being used at a given time.
As such, where a mobile device has a host operating system and one or more virtual machines installed to run within the host operating system, it is often important to ensure that those virtual machines are secured or otherwise not privy to security vulnerabilities. For example, a mobile tablet may be brought home by an individual who works for a given corporation and the tablet may have a store-bought operating system and a virtual machine that allows the individual to conduct his corporate business at corporate headquarters or his house. In such a case, even if the individual might log out of sensitive corporate applications at his house, he might not completely turn off the virtual machine. If he then hands the tablet to a child and the child accidentally visits a website containing malware, this malware could obtain access to sensitive corporate information.