Field of the Invention
This invention relates generally to the field of computer processors. More particularly, the invention relates to a method and apparatus for allowing secure guest access to extended page tables (EPTs).
Description of the Related Art
The development of electronic technology has led to the proliferation and integration of various types of electronic devices. The functionality typically provided by stationary computing devices is now available in mobile and even handheld devices. This evolution has led to users becoming reliant upon their electronics for personal and/or business-related transactions. For example, users may interact with other users and transmit data that may contain information of a sensitive and/or confidential nature (e.g., such as personal identification information, home or work contact information, account numbers, etc.). Some of the information needed to perform the above activities may be stored on the user's device, and thus, may present an attractive target to those would attempt to steal such information.
Various software solutions have been devised to prevent unauthorized access to devices. These software solutions are typically implemented at the same privilege level as the operating system of the device, and thus, may be vulnerable to attacks from malicious software (malware) on the device operating at a higher privilege level. As software developers attempt to strengthen their defenses against being compromised, attackers continue to devise means of compromising these defenses by introducing malicious code at lower levels within the operational hierarchy of the device. For example, malware such as rootkits may attack a device at a higher privilege level than existing malware detection and/or protection measures can accommodate. To combat this threat, equipment manufacturers are beginning to develop hardware-based protection schemes implemented at the lowest operational level/highest privilege level of a device. These protection measures may be designed to provide a secure operating environment in the device by deploying when device operations initiate. However, the integration of such low-level protection measures with existing/emerging operating systems may prove problematic without special provisions.