Hardware buses are commonly used in computing environments to communicate data internally between computing components and externally between computing devices. Many hardware bus protocols are unprotected, however, which poses a security risk to a host computing device when used externally to communicate with untrusted computing devices. For example, an unprotected hardware bus can be used to communicate unsafe data packets from an untrusted computing device to the host device resulting in an escalation of privileges for the untrusted computing device, an unauthorized access to information on the host device, or a system fault notification being received by the host device, which can cause a reboot of the host device.
Unprotected hardware buses pose particular danger when used in a virtual machine environment. In general, a virtual machine environment allows multiple operating system instances or application instances to exist simultaneously on a same host computing device and in isolation from one another. Virtualization also enables multiple operating system instances to share the host computing device's resources, such as to share storage devices, processing devices (e.g., graphics processing units (“GPUs”)), networking devices, and so forth. These advances have led to the centralization of many computing resources, enabling various computing tasks to be performed “over the cloud.” Thus, with the centralization of computing resources, if unsafe data packets are communicated to the host computing device, not only is the host computing device at risk, but each of the multiple operating system instances are also at risk.
This background provides context for the disclosure. Unless otherwise indicated, material described in this section is not prior art to the claims in this disclosure and is not admitted to be prior art by inclusion in this section.