1. Field of the Invention
The present invention relates to a data processing system which forms an improved architecture of secure networking on a virtualized hardware platform.
2. Description of the Related Art
The following documents are referred to in the description: [RFC 4301] S. Kent, K. Seo. December 2005. Security Architecture for the Internet Protocol; [RFC 4302] S. Kent. December 2005. IP Authentication Header; [RFC 4303] S. Kent. Dec. 2005. IP Encapsulating Security Payload (ESP); [OSI model] J. D. Day, H. Zimmerman. 1983. The OSI reference model. 
Secure Internet Protocols (IP) are specified by the Internet Protocol Security Architecture (IPsec). These specifications define two mechanisms for protecting data transiting through the Ethernet network: authentication and confidentiality. IPsec architecture is specified in [RFC 4301], authentication in [RFC 4302], and confidentiality in [RFC 4303]. These protocols are usually supplied by an IP networking stack, as additional protocols to the IP protocols.
IPsec configuration is specified through cryptographic and traffic rules. Secure communication channels are so defined between endpoint hosts, more precisely between the IP addresses of these hosts.
In this context, the goal of hardware virtualization is to provide multiple Operating System (OS) execution environments on a single hardware platform. Based on this principle, virtual Ethernet networks can be instantiated on the platform to connect different IP networking stacks supported by different OSs. As in the case of typical networks, a virtual network can also be bridged to another virtual network, or to a physical network external to the platform.
The present invention is concerned with creating an improved architecture for secure networking which provides secure IP execution environments to applications of virtualized operating systems. The architecture of the present invention applies to both IPv4 and IPv6 protocols.