Hypervisor-based secure container

What is claimed is: 1 . A computer-implemented process for providing a secure computing environment, comprising: using a hypervisor of a computing device to create a hypervisor-based secure container (HSC) comprising a block of memory of the computing device that is associated with and accessible via the hypervisor with a regular computing process, but that is secured from access by any user and any operating system the process runs on; loading data into the HSC and initializing the HSC; and calling functions exposed by the HSC to use the data secured in the HSC when running the process. 2 . The computer-implemented process of claim 1 , further comprising using a HSC manager on the hypervisor to assist in creating and managing the HSC. 3 . The computer-implemented process of claim 1 , wherein code inside of the HSC is run by exposing a set of functions to complete secure computing. 4 . The computer-implemented process of claim 1 wherein the data secured in the HSC is securely used in a computing cloud. 5 . The computer-implemented process of claim 1 , wherein the HSC is signed. 6 . The computer-implemented process of claim 1 , wherein the HSC is sealed after initialization. 7 . The computer-implemented process of claim 1 , wherein the regular process is a banking application. 8 . The computer-implemented process of claim 1 , wherein Second-Level Address Translation (SLAT) is used to securely process the data secured in the HSC when running the regular process. 9 . The computer-implemented process of claim 1 , wherein a Translation Lookaside Buffer missing handler process is used to securely process the data secured in the HSC when running the regular process. 10 . A computer-implemented process for providing a secure computing environment, comprising: using a computing device for: instantiating a hypervisor on a computing device; instantiating a hypervisor secure container manager (HSCM) on the hypervisor; setting up a hypercall page to support hypervisor secure container manager (HSCM) routines for creating and managing a Hypervisor-based Secure Container (HSC); starting the operating system (OS) on the computing device; using the operating system (OS) to map the hypercall page's virtual address to a physical address in the memory; starting a process on the OS; using the process to issue a hypercall (request) to the HSCM to create a HSC; in response to the hypercall, using the HSCM to create a HSC and passing the handle of the HSC to the requesting process; using the process to issue a hypercall to the HSCM (using the handle of the HSC) to load data into the HSC and to initialize the HSC, said data in the HSC can only being accessible by the hypervisor via a request by the process and the HSC itself. 11 . The computer-implemented process of claim 10 , further comprising using the initialized HSC by an application different from the regular process. 12 . The computer-implemented process of claim 10 , wherein the process uses hypercalls via the hypervisor to access the data stored in the HSC. 13 . The computer-implemented process of claim 10 , wherein the OS is host OS and wherein the process runs on the host OS. 14 . The computer-implemented process of claim 10 , wherein the OS is guest OS and wherein the process runs on the guest OS. 15 . The computer-implemented process of claim 10 , wherein multiple HSCs are created for the process using the hypervisor-based secure manager (HSCM). 16 . The computer-implemented process of claim 10 , wherein multiple HSCs are created, one or more for each process of multiple processes. 17 . A system for securing data stored in computer memory, comprising: a computing device having memory, the computing device comprising: a hypervisor; an operating system (OS); one or more hypervisor-based secure containers, comprising blocks of memory that are associated with a process running on the operating system, that are created by the hypervisor in response to a request from the process, wherein the data and code within one HSC can only be accessed by the hypervisor in response to a request from the process and other code that belongs to the same HSC. 18 . The system of claim 17 wherein the operating system is untrusted. 19 . The system of claim 17 wherein the computing device is used by an untrusted user. 20 . The system of claim 12 wherein the HSC can run in user mode or kernel mode securely.