System and method for security and privacy aware virtual machine checkpointing
First Claim
1. A checkpointing method for creating a file representing a restorable state of a virtual machine in a computing system, comprising:
- at least one of;
(a) identifying processes executing within the virtual machine that may store confidential data; and
marking memory pages and files that potentially contain data stored by the identified processes; and
(b) providing an application programming interface for marking memory regions and files within the virtual machine that contain confidential data stored by processes; and
creating a checkpoint file, by capturing memory pages and files representing a current state of the computing system, which excludes information from all of the marked memory pages and files.
2 Assignments
0 Petitions
Accused Products
Abstract
A checkpointing method for creating a file representing a restorable state of a virtual machine in a computing system, comprising identifying processes executing within the virtual machine that may store confidential data, and marking memory pages and files that potentially contain data stored by the identified processes; or providing an application programming interface for marking memory regions and files within the virtual machine that contain confidential data stored by processes; and creating a checkpoint file, by capturing memory pages and files representing a current state of the computing system, which excludes information from all of the marked memory pages and files.
1486 Citations
18 Claims
-
1. A checkpointing method for creating a file representing a restorable state of a virtual machine in a computing system, comprising:
-
at least one of; (a) identifying processes executing within the virtual machine that may store confidential data; and
marking memory pages and files that potentially contain data stored by the identified processes; and(b) providing an application programming interface for marking memory regions and files within the virtual machine that contain confidential data stored by processes; and creating a checkpoint file, by capturing memory pages and files representing a current state of the computing system, which excludes information from all of the marked memory pages and files. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A checkpointing system, adapted to create a file representing a restorable state of a virtual machine in a computing system, comprising an automated processor configured to at least one of:
- (a) identify processes executing within the virtual machine that may store confidential data; and
marking memory pages and files that potentially contain data stored by the identified processes; and
(b) provide an application programming interface for marking memory regions and files within the virtual machine that contain confidential data stored by processes; and
to create a checkpoint file, by capturing memory pages and files representing a current state of the computing system, which excludes information from all of the marked memory pages and files; and
a memory configured to store the checkpoint file.
- (a) identify processes executing within the virtual machine that may store confidential data; and
-
18. A nontransitory computer readable medium which stores instructions to control a programmable processor to creating a checkpoint file representing a restorable state of a virtual machine in a computing system, comprising:
-
instructions to control the automated processor to at least one of; (a) identify processes executing within the virtual machine that may store confidential data; and
mark memory pages and files that potentially contain data stored by the identified processes; and(b) provide an application programming interface for marking memory regions and files within the virtual machine that contain confidential data stored by processes; and instructions to control the automated processor to create a checkpoint file, by capturing memory pages and files representing a current state of the computing system, which excludes information from all of the marked memory pages and files.
-
Specification