As networks expand, it becomes increasingly difficult to manage and maintain network policies for the different machines of the network. Various security applications are used to provide security for a network, including firewalls, antivirus and malware detection, etc.
In virtualized networks in particular, security and authorization for network requests to and from the guest machines becomes increasingly complex and difficult. Virtual hosting networks often have multiple entry points to the network, increasing the need for security and authorization at each of the end machines. In addition, security policies have become increasingly complex, allowing an administrator to make security policy decisions based on context information (e.g., application and/or user information, etc.) and connection information (e.g., source/destination addresses, etc.)
One of the challenges in today's hosting system networks is providing efficient and secure context-based authorization for network requests of virtual machines operating on host machines in a network. In some cases, the end machines may become compromised and cannot be fully trusted to maintain the security of the network. In other cases, network request packets may be modified as they are processed through the end machines, and attempts to apply security policies to the network request packets may fail when the packets change before or after the security decision is attempted.