Privacy-preserving Virtual Machines

This project investigates ways to cleanly isolate, track, and process/exclude the footprint of confidential applications in virtualized clouds. For instance, Virtual Machine (VM) checkpointing enables a user to capture a snapshot of a running VM on persistent storage. VM checkpoints can be used to roll back the VM to a previous "good" state in order to recover from a VM crash or to undo a previous VM activity. Although VM checkpointing eases systems administration and improves usability, it can also increase the risks of exposing sensitive information. This is because the checkpoint may store VM's physical memory pages that contain confidential information such as clear text passwords, credit card numbers, patients' health records, tax returns, etc. We have designed and implemented techniques for privacy-preserving VM checkpointing that selectively exclude/process application memory that contain sensitive data from being checkpointed. Ongoing research involves the investigation of VM Cloning mechanisms for lightweight and transparent privacy-preserving virtual machines.


  1. Tianlin Li, Yaohui Hu, Ping Yang, Kartik Gopalan, Privacy-preserving Virtual Machines, 31th Annual Computer Security Applications Conference (ACSAC), 2015, Los Angeles, CA. [pdf] [bibtex]
  2. Mikhail Gofman, Ruiqi Luo, Chad Wyszynski, Yaohui Hu, Ping Yang, and Kartik Gopalan, Privacy-preserving Virtual Machine Checkpointing Mechanism, In Special Issue on Information Assurance and System Security in Cloud Computing, Journal of Cloud Computing, 3(3), pages 245--266, 2014. [pdf] [bibtex]
  3. Yaohui Hu, Tianlin Li, Ping Yang, and Kartik Gopalan, An Application-Level Approach for Privacy-preserving Virtual Machine Checkpointing, In the 6th IEEE International Conference on Cloud Computing, research track, 2013. [pdf] [bibtex]
  4. Mikhail Gofman, Ruiqi Luo, Ping Yang, and Kartik Gopalan, SPARC: A Security and Privacy Aware Virtual Machine Checkpointing Mechanism, Proc. of the 10th annual ACM Workshop on Privacy in the Electronic Society (WPES), In conjunction with the ACM Conference on Computer and Communications Security (CCS), full paper, Chicago, IL, 2011. [pdf] [bibtex]