Security and Privacy Aware Virtual Machine Checkpointing
Virtual Machine (VM) checkpointing enables a user to capture a snapshot of a running VM on persistent storage. VM checkpoints can be used to roll back the VM to a previous “good” state in order to recover from a VM crash or to undo a previous VM activity. Although VM checkpointing eases systems administration and improves usability, it can also violate a fundamental principle of information security: minimizing the amount of time that sensitive information is stored on the system. This is because the checkpoint stores the VM’s physical memory pages. Such pages may contain clear text passwords, credit card numbers, patients’ health records, tax returns, and other confidential information.
This invention presents the design and implementation of SPARC , a security and privacy aware checkpointing mechanism. SPARC enables users to selectively exclude processes and terminal applications that contain sensitive data from being checkpointed. Selective exclusion is performed by the hypervisor by sanitizing those memory pages in the checkpoint file that belong to the excluded applications. We describe the design challenges in effectively tracking and excluding process-specific memory contents from the checkpoint file in a VM running the commodity Linux operating system. Our preliminary results show that SPARC poses only 1:02% - 5:29% of overhead if most pages are dirty before checkpointing is performed.
US 9,069,782; 9,552,495