Trusted threat-aware microvisor

What is claimed is: 1 . A system comprising: a central processing unit (CPU) adapted to execute a module and a trusted microvisor; and a memory configured to store the trusted microvisor as a trusted computing base (TCB), the trusted microvisor configured to enforce a first security property that prevents alteration of a first state related to the first security property of the trusted microvisor by the module, wherein trustedness of the trusted microvisor provides a predetermined level of confidence that the first security property is implemented by the trusted microvisor, and wherein the trusted microvisor is configured to generate a capability violation in response to the module issuing a first instruction having an argument configured to alter the first state related to the first security property of the trusted microvisor such that the first instruction is prevented from execution by the microvisor. 2 . The system of claim 1 wherein the CPU is further adapted to execute a virtual machine monitor (VMM), and the VMM configured to: determine whether the first instruction is suspicious; and in response to determining that the first instruction is suspicious, spawn a micro-virtual machine (micro-VM) that executes the first instruction, the micro-VM configured to monitor a second instruction that attempts to alter a second state related to the first security property of the trusted microvisor to detect whether the module is classified in a group consisting of malware and exploit. 3 . The system of claim 1 wherein the trusted microvisor is configured to enforce a second security property different from the first security property, wherein trustedness of the trusted microvisor provides the predetermined level of confidence that the second security property is implemented by the trusted microvisor, and wherein the CPU is further adapted to execute a virtual machine monitor (VMM) configured to: determine whether the first instruction is suspicious; and in response to determining that the first instruction is suspicious, spawn a micro-virtual machine (micro-VM) that executes the first instruction, the micro-VM configured to monitor a second instruction that attempts to alter a second state related to the second security property of the trusted microvisor to detect whether the module is classified in a group consisting of malware and exploit. 4 . The system of claim 3 wherein the CPU is further adapted to execute the VMM to, in response to the module being classified in the group consisting of malware and exploits, send an alert. 5 . The system of claim 1 wherein the module is external to the TCB. 6 . The system of claim 1 wherein the CPU is further adapted to execute a root task stored in the memory, wherein the root task is configured to cooperate with the trusted microvisor to load and initialize the module, wherein the module is external to the TCB, and wherein the trusted microvisor is a first software entity loaded during a boot process. 7 . The system of claim 1 wherein the CPU is further adapted to execute a root task stored in the memory, wherein the module is external to the TCB, wherein the root task is configured to cooperate with the microvisor to shift a privilege level of the module such that the module executes under control of the trusted microvisor, wherein during a chain of loading the module is loaded prior to the trusted microvisor, and wherein the trusted microvisor is authenticated prior to launch. 8 . The system of claim 1 wherein the trusted microvisor is configured to implement the first security property such that no module external to the TCB modifies a state related to security of the trusted microvisor without authorization. 9 . The system of claim 3 wherein the trusted microvisor is configured to implement the second security property such that no module of the TCB modifies a state related to security of the trusted microvisor without authorization. 10 . The system of claim 1 wherein the first security property enforces a security policy, and wherein the security policy provides that components of the TCB are immutable. 11 . A method comprising: enforcing, by a trusted microvisor executing on an endpoint of a network, a first security property that prevents alteration of a first state related to the first security property of the trusted microvisor by a module, wherein trustedness of the trusted microvisor provides a predetermined level of confidence that the first security property is implemented by the trusted microvisor; generating, by the trusted microvisor, a capability violation in response to the module issuing a first instruction having an argument configured to alter the first state related to the first security property of the trusted microvisor; and preventing, by the trusted microvisor, execution of the first instruction. 12 . The method of claim 11 further comprising: determining, by a virtual machine monitor (VMM) executing on the endpoint, whether the first instruction is suspicious; and in response to determining that the first instruction is suspicious, spawning, by the VMM, a micro-virtual machine (micro-VM) that executes the first instruction, the micro-VM configured to monitor a second instruction that attempts to alter a second state related to the first security property of the trusted microvisor to detect whether the module is classified in a group consisting of malware and exploit. 13 . The method of claim 11 further comprising: determining, by a virtual machine monitor (VMM) executing on the endpoint, whether the first instruction is suspicious; and in response to determining that the first instruction is suspicious, spawning, by the VMM, a micro-virtual machine (micro-VM) that executes the first instruction, the micro-VM configured to monitor a second instruction that attempts to alter a second state related to the first security property of the trusted microvisor to detect whether the module is classified in a group consisting of malware and exploit, wherein the trusted microvisor is configured to enforce a second security property different from the first security property, wherein trustedness of the trusted microvisor provides the predetermined level of confidence that the second security property is implemented by the trusted microvisor. 14 . The method of claim 13 further comprising: in response to the module being classified in the group consisting of malware and exploits, sending, by the VMM, an alert. 15 . The method of claim 11 wherein the module is external to the TCB. 16 . The method of claim 11 further comprising: loading and initializing, by a root task executing on the endpoint, the module, wherein the module is external to the TCB, and wherein the trusted microvisor is a first software entity loaded during a boot process. 17 . The method of claim 11 further comprising: loading and initializing, by a root task executing on the endpoint, the module, wherein the module is external to the TCB, wherein during a chain of loading the module is loaded prior to the trusted microvisor, wherein the trusted microvisor is authenticated prior to launch; and shifting a privilege level of the module such that the module executes under control of the trusted microvisor. 18 . The method of claim 11 wherein the trusted microvisor is configured to implement the first security property such that no module external to the TCB modifies a state related to security of the trusted microvisor without authorization. 19 . The method o