In computer science, a virtual machine (VM) is a portion of software that, when executed on appropriate hardware, creates a virtualized environment allowing the virtualization of an actual physical computer system. Each VM may function as a self-contained platform, running its own operating system (OS) and software applications (processes). Typically, a virtual machine manager (VMM) manages allocation and virtualization of computer resources and performs context switching, as may be necessary, to cycle between various VMs.
As schematically shown in FIG. 1, two VMs 110 and 120 respectively run OS 112 and OS 122. The OS 112 executes applications 114 and OS 122 runs applications 124. The VMM 130 is a software application that runs directly on a hardware platform 140 and virtualizes its physical resources. These resources include a central processing unit (CPU), a system memory, a storage disk, a network interface card (NIC), a display adapter, and so on. The interface exported to the VMs 110 and 120 is as the interface of each of the hardware's 140 resources of a computer 100. In some prior art VM technologies, such as Xen the virtual machine does not simulate hardware but instead offers a special interface that requires OS modifications.
Historically, due to the complexity and processing requirements of virtualization, this technology has typically been available only on workstations, servers and/or mainframes, targeted for use by sophisticated users. However, as CPU technology advances, virtualization is currently being made available for the desktop environment (e.g., PCs with x86 processor architecture) for use by novice users. In the related art, techniques for x86 processor architecture virtualization may be found, for example, in U.S. Pat. Nos. 6,397,242, 6,496,847 and 6,961,941 that are incorporated herein by reference merely for the useful understanding of the background of the invention.
Virtualization techniques, such as those discussed in the above cited references are not executed in full privileged permissions, and therefore, the functionality and performance of applications run by the VMs is limited. For example, the VMs 110 and 120 cannot use enhanced features provided by resources of the hardware platform 140. Enabling one or more VMs to perform privileged operation may cause a security breach. As an example, a VM having privileged permissions may access to a memory space of other VMs.
It would be therefore advantageous to provide a method that allows the execution of a VM with privileged permissions in a secured environment.