| CPC G06F 9/45558 (2013.01) [G06F 9/45545 (2013.01); G06F 12/1408 (2013.01); G06F 12/145 (2013.01); G06F 2009/45583 (2013.01); G06F 2009/45587 (2013.01)] | 20 Claims |
|
1. A method comprising:
identifying, by a hypervisor running on a host computer system, an encrypted guest memory location of a memory of a virtual machine (VM), the encrypted guest memory location associated with a virtual device;
copying, by the hypervisor, a first set of encrypted data from the encrypted guest memory location to a hypervisor memory that is separate from the memory of the VM to create a copied set of encrypted data in the hypervisor memory;
placing, by a guest operating system of the VM, a request for communication with the virtual device in the encrypted guest memory location to produce a second set of encrypted data at the encrypted guest memory location;
comparing, by the hypervisor, the second set of encrypted data from the encrypted guest memory location with the copied set of encrypted data in the hypervisor memory; and
responsive to detecting a difference between the second set of encrypted data and the copied set of encrypted data, requesting, by the hypervisor, unencrypted data comprising the request for communication with the virtual device by the guest operating system, the unencrypted data comprising a decrypted version of the second set of encrypted data.
|