This technology provides a secure virtual machine checkpointing mechanism that prevents sensitive data from being unintentionally stored in system snapshots. By selectively excluding confidential processes and their memory contents, it reduces the risk of data exposure during backup and recovery. The approach enhances privacy without significantly impacting system performance.
Background: Most commonly, virtual machine checkpointing captures full system memory and state, which can include sensitive information such as passwords, financial data like credit card numbers, as well as personal records. These checkpoints store this information and can expose confidential data if accessed or restored, creating significant security and privacy risks in virtualized environments.
Technology Overview: The system uses a hypervisor-assisted approach to exclude memory from selected processes when creating virtual machine checkpoints. It tracks process-related memory, including cache, buffers, and communication data, and removes sensitive content before saving. The system coordinates between guest and host components to gather memory details and replaces excluded data with neutral values while ensuring the VM can be restored correctly.
Advantages: • Prevents sensitive information from being stored in VM checkpoints • Enables fine-grained exclusion of specific applications and processes • Maintains a sanitized system functionality after checkpoint restoration • Enhances privacy and limits data lifetime • Reduces risk of data exposure during backup and recovery • Preserves system usability while protecting confidential content
Applications: • Cloud infrastructure security • Enterprise virtualization platforms • Virtual desktop infrastructure • Multi-tenant environments • Secure backup and recovery systems • Privacy-preserving virtualized computing environments
Intellectual Property Summary: • United States 9,069,782 Issued 6/30/2015 • United States 9,552,495 Issued 1/24/2017 • United States 10,324,795 Issued 6/18/2019
Stage of Development: Implemented as a working prototype inside VirtualBox hypervisor + Linux VM. Real system testing conducted.
Licensing Status: This technology is available for licensing.
Licensing Potential: Strong potential for cloud service providers, virtualization platform developers, and enterprise IT security vendors seeking enhanced privacy protection and secure checkpointing capabilities in virtualized environments.
Additional Information: Prototype implementation and system testing details available upon request.
Inventors: Ping Yang, Kartik Gopalan