Title: Privacy-preserving virtual machine checkpointing mechanism

Authors: Mikhail I. Gofman; Ruiqi Luo; Chad Wyszynski; Yaohui Hu; Ping Yang; Kartik Gopalan

Addresses: Computer Science Department, California State University at Fullerton, Fullerton, CA 92831, USA ' Computer Science Department, State University of New York at Binghamton, Binghamton, NY 13902, USA ' Computer Science Department, California State University at Fullerton, Fullerton, CA 92831, USA ' Computer Science Department, State University of New York at Binghamton, Binghamton, NY 13902, USA ' Computer Science Department, State University of New York at Binghamton, Binghamton, NY 13902, USA ' Computer Science Department, State University of New York at Binghamton, Binghamton, NY 13902, USA

Abstract: Virtual machines (VMs) have been widely adopted in cloud platforms to improve server consolidation and reduce operating costs. VM checkpointing is used to capture a persistent snapshot of a running VM and to later restore the VM to a previous state. Although VM checkpointing eases system administration, such as in recovering from a VM crash or undoing a previous VM activity, it can also increase the risk of exposing users' confidential data. This is because the checkpoint may store a VM's physical memory pages and disk contents that contain confidential data such as clear text passwords and credit card numbers. This paper presents the design and implementation of SPARC, a Security and Privacy AwaRe virtual machine Checkpointing mechanism. SPARC enables users to selectively exclude users' confidential data within a VM from being checkpointed. We describe the design challenges in effectively tracking and excluding process-specific memory and disk contents from the checkpoint file for a VM running on the commodity Linux operating system. We also present techniques to track process dependencies due to inter-process communication and to account for such dependencies in SPARC.

Keywords: virtual machine checkpointing; privacy preservation; privacy protection; cloud security; cloud computing; virtual machines.

DOI: 10.1504/IJCC.2014.064766

International Journal of Cloud Computing, 2014 Vol.3 No.3, pp.245 - 266

Received: 16 Feb 2013
Accepted: 22 Oct 2013

Published online: 27 Sep 2014 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article