| CPC G06F 21/6218 (2013.01) [G06F 9/45558 (2013.01); G06F 11/0772 (2013.01); G06F 11/301 (2013.01); G06F 21/31 (2013.01); G06F 2009/45562 (2013.01); G06F 2009/45587 (2013.01); G06F 2009/45591 (2013.01); G06F 2009/45595 (2013.01)] | 20 Claims |
|
1. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for applying access restrictions to sensitive memory resources while virtualized execution instances access prohibited data elements, the operations comprising:
identifying a virtualized execution instance configured for execution in a virtual computing environment;
identifying an indication of access to a prohibited data element by the virtualized execution instance;
identifying a memory resource accessible to the virtualized execution instance during execution of the virtualized execution instance; and
applying, in response to a determination that the virtualized execution instance has access to the prohibited data element, the determination being based on the prohibited data element being provisioned to the virtualized execution instance, access restrictions to at least one of the memory resource, the prohibited data element, or the virtualized execution instance;
wherein the access restrictions limit access to the at least one of the memory resource, the prohibited data element, or the virtualized execution instance by at least one of non-privileged processes or processes external to the virtualized execution instance.
|