Systems often receive software applications that come from untrusted sources. Such systems would like to know or guarantee that such applications will do no harm to the system if and when installed. One approach involves the use of proof carrying code (PCC) whereby an application provider produces a proof that the application does no harm and conforms to the security policies of a system. The proof is then checked by a trusted third party. A similar approach involves including a type guarantee in the application which is then checked by a trusted third party.
The concept of virtualization, as applied to computer systems and data networks, provides an abstract view of hardware and operating system resources. Virtualization allows multiple computing channels to access shared resources while providing an illusion of exclusivity. With the proliferation of data centers and cloud computing, virtualization is used to execute multiple independent programs on shared servers. Virtualization can be used to run guest operating systems on host ones, to isolate processes or to make applications portable, for platform emulation, and to aid in debugging. Virtualization can also be used to ensure security by restricting the privileges associated with a specific host partition. Although the above arrangements achieve several noteworthy objectives, and are suitable for use in various computer and network designs, such arrangements still leave many vulnerabilities and inefficiencies in place that threaten the security and speed of a host system. In addition, these techniques may still allow applications to access unauthorized data and to perform unauthorized device operations when running on a host system.