An Application-Level Approach for Privacy-Preserving Virtual Machine Checkpointing

Virtualization has been widely adopted in recent years in the cloud computing platform to improve server consolidation and reduce operating cost. Virtual Machine (VM) checkpointing refers to the act of saving a persistent snapshot (or checkpoint) of a VM's state at any instant. VM checkpointing can drastically prolong the lifetime and vulnerability of confidential or private user data in applications that execute within VMs. Simply encrypting the checkpoint does not reduce the lifetime of confidential data that should be quickly discarded after its use. In this paper, we present an application-level approach, called Privacy-preserving Checkpointing (PPC), which excludes confidential data from VM checkpoints, instead of encrypting such data. PPC enables an application programmer to register memory locations that represent the origins of confidential data. During the VM's execution, PPC performs information flow analysis to automatically track the propagation of confidential data through the application and various components of the VM, including the guest operating system. During VM checkpointing, the locations identified during the information flow analysis are excluded from the persistent checkpoint. We present the design and implementation of the PPC system in VirtualBox VMs running the commodity Linux operating system. We demonstrate the use of our system using the vim and gedit text editors. We also show that PPC introduces acceptable performance overhead.