Most commonly, virtual machine checkpointing captures full system memory and state, which can include sensitive information such as passwords, financial data like credit card numbers, as well as personal records. These checkpoints store this information and can expose confidential data if accessed or restored, creating significant security and privacy risks in virtualized environments.
The system uses a hypervisor-assisted approach to exclude memory from selected processes when creating virtual machine checkpoints. It tracks process-related memory, including cache, buffers, and communication data, and removes sensitive content before saving. The system coordinates between guest and host components to gather memory details and replaces excluded data with neutral values while ensuring the VM can be restored correctly.
• Prevents sensitive information from being stored in VM checkpoints
• Enables fine-grained exclusion of specific applications and processes
• Maintains a sanitized system functionality after checkpoint restoration
• Enhances privacy and limits data lifetime
• Reduces risk of data exposure during backup and recovery
• Preserves system usability while protecting confidential content
• United States 9,069,782 Issued 6/30/2015
• United States 9,552,495 Issued 1/24/2017
• United States 10,324,795 Issued 6/18/2019
Implemented as a working prototype inside VirtualBox hypervisor + Linux VM. Real system testing conducted.
This technology is available for licensing.
Strong potential for cloud service providers, virtualization platform developers, and enterprise IT security vendors seeking enhanced privacy protection and secure checkpointing capabilities in virtualized environments.
Prototype implementation and system testing details available upon request.