Privacy-preserving Virtual Machine Tianlin Li ∗ Yaohui Hu ∗ Ping Yang Dept. of Computer Science Dept. of Computer Science Dept. of Computer Science Binghamton University Binghamton University Binghamton University Binghamton, NY, 13902 Binghamton, NY, 13902 Binghamton, NY, 13902
[email protected] [email protected] [email protected] Kartik Gopalan Dept. of Computer Science Binghamton University Binghamton, NY, 13902
[email protected] ABSTRACT 1. INTRODUCTION Cloud computing systems routinely process users’ confidential data, Modern cloud platforms increasingly process and store users’ but the underlying virtualization software in use today is not con- confidential data, such as passwords, financial information, health structed to minimize the exposure of such data. For instance, vir- records, lawyer-client correspondence, and other personally iden- tual machine (VM) checkpointing can drastically prolong the life- tifying information. When using such cloud services, users have time and vulnerability of confidential data without users’ knowl- certain implicit expectations of data privacy, whether or not it is edge by storing such data as part of a persistent snapshot. A key explicitly guaranteed by the cloud provider. Users may expect that requirement for minimizing the exposure of any data is the abil- their confidential information will not be stored beyond its useful ity to cleanly isolate such data for either exclusion or processing. lifetime; for example, credit card numbers will be forgotten after Traditional mechanisms for memory taint tracking are expensive a successful transaction (unless explicitly authorized by the user), whereas those for isolating application footprint in VM-based sand- and passwords will not be stored in decrypted form except in mem- boxes are not transparent.