Int. J. of Cloud Computing   »   2014 Vol.3, No.3

 

 

Title: Privacy-preserving virtual machine checkpointing mechanism

 

Authors: Mikhail I. Gofman; Ruiqi Luo; Chad Wyszynski; Yaohui Hu; Ping Yang; Kartik Gopalan

 

Addresses:
Computer Science Department, California State University at Fullerton, Fullerton, CA 92831, USA
Computer Science Department, State University of New York at Binghamton, Binghamton, NY 13902, USA
Computer Science Department, California State University at Fullerton, Fullerton, CA 92831, USA
Computer Science Department, State University of New York at Binghamton, Binghamton, NY 13902, USA
Computer Science Department, State University of New York at Binghamton, Binghamton, NY 13902, USA
Computer Science Department, State University of New York at Binghamton, Binghamton, NY 13902, USA

 

Abstract: Virtual machines (VMs) have been widely adopted in cloud platforms to improve server consolidation and reduce operating costs. VM checkpointing is used to capture a persistent snapshot of a running VM and to later restore the VM to a previous state. Although VM checkpointing eases system administration, such as in recovering from a VM crash or undoing a previous VM activity, it can also increase the risk of exposing users' confidential data. This is because the checkpoint may store a VM's physical memory pages and disk contents that contain confidential data such as clear text passwords and credit card numbers. This paper presents the design and implementation of SPARC, a Security and Privacy AwaRe virtual machine Checkpointing mechanism. SPARC enables users to selectively exclude users' confidential data within a VM from being checkpointed. We describe the design challenges in effectively tracking and excluding process-specific memory and disk contents from the checkpoint file for a VM running on the commodity Linux operating system. We also present techniques to track process dependencies due to inter-process communication and to account for such dependencies in SPARC.

 

Keywords: virtual machine checkpointing; privacy preservation; privacy protection; cloud security; cloud computing; virtual machines.

 

DOI: 10.1504/IJCC.2014.064766

 

Int. J. of Cloud Computing, 2014 Vol.3, No.3, pp.245 - 266

 

Submission date: 15 Feb 2013
Date of acceptance: 22 Oct 2013
Available online: 14 Sep 2014

 

 

Editors Full text accessAccess for SubscribersPurchase this articleComment on this article