Guarded Execution of Privileged Code in the Guest
Allowing a guest to have direct, privileged access to hardware can enhance its performance and functionality. Privileged access to hardware and the VMM also enables and improves the performance of virtualization services by allowing portions of their implementations to be hoisted into the guest, even uncooperatively. However, granting such privilege currently requires that the entire guest be trusted. The authors present a software technique, guarded execution of privileged code, that allows the VMM to inject code modules into the guest that enjoy unrestrained access to specific hardware and VMM resources.