This section describes approaches that could be employed, but are not necessarily approaches that have been previously conceived or employed. Hence, unless explicitly specified otherwise, any approaches described in this section are not prior art to the claims in this application, and any approaches described in this section are not admitted to be prior art by inclusion in this section.
“Virtualization” is a technique for emulating one or more physical machines using software-based executable code, where each emulation is referred to as an instance of a “virtual machine” (VM). One or more virtual machines can be executed by a hypervisor that is executed within a host operating system (OS) such as Linux; the host OS (e.g., Linux) can provide a virtualization infrastructure that optimizes hypervisor operations, for example by providing a kernel-based virtual machine (KVM) that provides improved emulation operations. The hypervisor controls the access by a virtual machine to the one or more CPUs executing the software-based executable code that includes the host OS, the hypervisor, and the virtual machines.
Use of virtual machines exposes the one or more CPUs to attack by flawed (“buggy”) or malicious software code executed within any one of the virtual machines, the hypervisor, and/or the host OS. Virtual machines also can threaten native operations in a computing device: for example, a network router device that natively executes network routing operations in a computing network may encounter disastrous network failures if attacked by a virtual machine executed in the network router device.