A data processing system may use virtual machines (VMs) to provide distinct execution environments for distinct software stacks. In particular, a VM provides an execution environment that allows a software stack to execute within that environment as if the software stack were executing within an independent data processing system. The software for managing VMs within a data processing system may be referred to as a hypervisor or a virtual machine monitor (VMM). A data processing system that executes a VMM may be referred to as a host. By contrast, the contents of a VM may be referred to as a guest.
A machine that provides VMs may receive the software stacks for those VMs from other machines at different locations. For instance, a server device that provides VMs may receive a software stack from a remote client device, and the server device may then run that software stack within a VM, on behalf of the client device. An entity that operates such server devices may be referred to as a cloud-service provider (CSP) or VM-service provider (VP). Likewise, an entity that operates such client devices may be referred to as a cloud-service consumer (CSC) or VM-service consumer (VC). Also, a server device that provides VMs to execute software stacks from client devices may be referred to as a cloud server or a VM server, and the corresponding client devices may be referred to as cloud clients or VM clients. In addition, the software stack from a VM client may be referred to as guest software, and the VM within which the guest software is executed may be referred to as the guest VM.
A VM server may use a variety of different data structures to manage VMs. For instance, a VM server may use a virtual machine control structure (VMCS) to store data such as guest operating system (OS) state, host OS state, and various types of control and VM exit information for managing VMs.
The data provided by a VM client to a VM server may be referred to as user data. The data generated within a VM for the client may also be considered user data. A VP may own all resources within a VM server, and a conventional VM server may be able to access all of the user data within any VM in the VM server. However, a VC may not want the VP to have access to all of the user data. For instance, the VC may not want the VP to have access to the guest OS state, since the guest OS state may include sensitive information that should only be seen by the guest software within the guest VM.