System and method for security and privacy aware virtual machine checkpointing
First Claim
1. A method of preventing restoration of private information from a checkpoint creation within a virtual machine, comprising:
- (a) identifying all memory occupied by data from at least one application executing under control of a hypervisor of the virtual machine in a memory space of a computer, with a guest process;
(b) determining inter-process dependencies with the guest process;
(c) identifying kernel state memory pages which represent an internal kernel state of a kernel;
(d) upon initiation of checkpoint creation, requesting from the guest process the identified physical identifying memory addresses of the memory pages that belong to the at least one of;
memory pages that belong to the at least one application, by the guest process,memory pages the belong to processes that depend on the at least one application based on the determined inter-process dependencies, by the guest process, andkernel state memory pages, and providing the requested identified physical memory addresses of the memory pages that belong to the at least one application to the hypervisor;
(e) at least one of obscuring and segregating at least a portion of information in the memory pages corresponding to the received identification of the memory addresses;
(f) persistently storing a checkpoint file representing a state of the hypervisor with the at least a portion of the memory pages corresponding to the received identification of the memory addresses at least one of obscured and segregated; and
(g) restoring a prior state of the hypervisor from the persistently stored checkpoint file, wherein the restored prior state of the hypervisor is sufficient to resume operation of the virtual machine, other than the at least one application and the processes that depend on the at least one application.
2 Assignments
0 Petitions
Accused Products
Abstract
A checkpointing method for creating a file representing a restorable state of a virtual machine in a computing system, comprising identifying processes executing within the virtual machine that may store confidential data, and marking memory pages and files that potentially contain data stored by the identified processes; or providing an application programming interface for marking memory regions and files within the virtual machine that contain confidential data stored by processes; and creating a checkpoint file, by capturing memory pages and files representing a current state of the computing system, which excludes information from all of the marked memory pages and files.
-
Citations
20 Claims
-
1. A method of preventing restoration of private information from a checkpoint creation within a virtual machine, comprising:
-
(a) identifying all memory occupied by data from at least one application executing under control of a hypervisor of the virtual machine in a memory space of a computer, with a guest process; (b) determining inter-process dependencies with the guest process; (c) identifying kernel state memory pages which represent an internal kernel state of a kernel; (d) upon initiation of checkpoint creation, requesting from the guest process the identified physical identifying memory addresses of the memory pages that belong to the at least one of; memory pages that belong to the at least one application, by the guest process, memory pages the belong to processes that depend on the at least one application based on the determined inter-process dependencies, by the guest process, and kernel state memory pages, and providing the requested identified physical memory addresses of the memory pages that belong to the at least one application to the hypervisor; (e) at least one of obscuring and segregating at least a portion of information in the memory pages corresponding to the received identification of the memory addresses; (f) persistently storing a checkpoint file representing a state of the hypervisor with the at least a portion of the memory pages corresponding to the received identification of the memory addresses at least one of obscured and segregated; and (g) restoring a prior state of the hypervisor from the persistently stored checkpoint file, wherein the restored prior state of the hypervisor is sufficient to resume operation of the virtual machine, other than the at least one application and the processes that depend on the at least one application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of preserving privacy of information during a checkpoint restoration process of a virtual machine, comprising:
-
(a) monitoring an input-output data stream communication from non-program memory sources during a computing session prior to creation of a checkpoint file, and storing data representing a series of states representing activities of at least one application executing on the virtual machine with respect to their associated input-output data stream communications; (b) at least one of searching and cross correlating a created checkpoint file with the data from the monitored input-output data stream communication; (c) tagging instances of data within the created checkpoint file based on at least one of a match and a cross correlation of portions of the created checkpoint file with the data from the monitored input-output data stream communication; and (d) restoring the virtual machine to substantially resume operation, based on the created checkpoint file, wherein a state of the at least one application is rolled back to a state prior to a respective monitored input-output data stream communication based on at least the tagged instances of data. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A method of checkpoint creation by a hypervisor of a virtual machine having at least one transaction processing application executing in the virtual machine under control of the hypervisor, comprising:
-
(a) identifying memory pages occupied by; (i) data from the at least one application, by a guest process; (ii) data from processes having inter-process dependencies with the at least one application, by the guest process; and (iii) data which represents an internal kernel state of a kernel; (b) at least one of obscuring and segregating at least a portion of information in the identified memory pages representing data associated with particular user sessions of use of the at least one application; (c) persistently storing a checkpoint file representing a state of the virtual machine with the at least a portion of the memory pages corresponding to the received identification of the memory pages at least one of obscured and segregated; and (d) restoring a prior state of the virtual machine from the persistently stored checkpoint file, wherein the restored prior state of the hypervisor is sufficient to resume operation of the virtual machine, other than the particular user sessions of use of the at least one application. - View Dependent Claims (20)
-
Specification