Conventional hypervisors (or: virtual machine monitors, VMM) have an application programming interface (API) for the guest system. Such application programming interfaces typically permit a guest system to use a utility program library of the hypervisor in order to interact with it. For example, the existing art includes utility program libraries that enable a query of the status of further guest systems or of the hypervisor itself. The guest system can also be permitted to issue certain commands to the hypervisor.
Strictly speaking, this interaction can be regarded as a violation of a paradigm of strict isolation, according to which any interaction between the hypervisor and the guest systems is to be refused. Therefore, each use of the application programming interface requires a strict design justification. In addition, a hypervisor and guest systems must have a common understanding of syntax and semantics.
China Patent Application No. CN1989471A describes a system and method for reducing the external access to hypervisor interfaces in a computer system, whereby the possibility of attacks is to be reduced. In a preferred specific embodiment, the addresses for calls are used to fill a table in which the addresses are specifically selected for a requesting computer. For example, in a specific embodiment a routine can search the adapter type of a requesting computer and can fill the table with calls specific for this type of adapter. Other types of calls are not stored in the table. Instead, these calls are replaced by routines that return an error.