SPARC: a security and privacy aware virtual machinecheckpointing mechanism

Virtual Machine (VM) checkpointing enables a user to capture a snapshot of a running VM on persistent storage. VM checkpoints can be used to roll back the VM to a previous "good" state in order to recover from a VM crash or to undo a previous VM activity. Although VM checkpointing eases systems administration and improves usability, it can also increase the risks of exposing sensitive information. This is because the checkpoint may store VM's physical memory pages that contain confidential information such as clear text passwords, credit card numbers, patients' health records, tax returns, etc. This paper presents the design and implementation of SPARC, a security and privacy aware checkpointing mechanism. SPARC enables users to selectively exclude processes and terminal applications that contain sensitive data from being checkpointed. Selective exclusion is performed by the hypervisor by sanitizing memory pages in the checkpoint file that belong to the excluded applications. We describe the design challenges in effectively tracking and excluding process-specific memory contents from the checkpoint file in a VM running the commodity Linux operating system. Our preliminary results show that SPARC imposes only 1% - 5.3% of overhead if most pages are dirty before checkpointing is performed.

[1]  S. Yajnik,et al.  Checkpointing in CosMiC: a user-level process migration environment , 1997, Proceedings Pacific Rim International Symposium on Fault-Tolerant Systems.

[2]  Sherri Davidoff Cleartext Passwords in Linux Memory , 2008 .

[3]  Samuel T. King,et al.  ReVirt: enabling intrusion analysis through virtual-machine logging and replay , 2002, OPSR.

[4]  Paul Schuster,et al.  A transparent checkpoint facility on NT , 1998 .

[5]  Fred B. Schneider,et al.  Hypervisor-based fault tolerance , 1996, TOCS.

[6]  Thomas J. LeBlanc,et al.  Debugging Parallel Programs with Instant Replay , 1987, IEEE Transactions on Computers.

[7]  Jason Nieh,et al.  SWAP: A Scheduler with Automatic Process Dependency Detection , 2004, NSDI.

[8]  Miron Livny,et al.  Checkpoint and Migration of UNIX Processes in the Condor Distributed Processing System , 1997 .

[9]  Tal Garfinkel,et al.  Data lifetime is a systems problem , 2004, EW 11.

[10]  Jong-Deok Choi,et al.  Deterministic replay of Java multithreaded applications , 1998, SPDT '98.

[11]  Samuel T. King,et al.  Debugging Operating Systems with Time-Traveling Virtual Machines (Awarded General Track Best Paper Award!) , 2005, USENIX Annual Technical Conference, General Track.

[12]  Min Xu ReTrace : Collecting Execution Trace with Virtual Machine Deterministic Replay , 2007 .

[13]  刘锋,et al.  Kernel-based virtual machine事件跟踪机制的设计与实现 , 2008 .

[14]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[15]  M. Bozyigit,et al.  User-level process checkpoint and restore for migration , 2001, OPSR.

[16]  Min Xu,et al.  A "flight data recorder" for enabling full-system multiprocessor deterministic replay , 2003, ISCA '03.

[17]  Samuel T. King,et al.  MAVMM: Lightweight and Purpose Built VMM for Malware Analysis , 2009, 2009 Annual Computer Security Applications Conference.

[18]  Jason Nieh,et al.  Proceedings of the 5th Symposium on Operating Systems Design and Implementation , 2022 .

[19]  Wenke Lee,et al.  Ether: malware analysis via hardware virtualization extensions , 2008, CCS.

[20]  Adrian Perrig,et al.  SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes , 2007, SOSP.

[21]  Shigeru Chiba,et al.  HyperSpector: virtual distributed monitoring environments for secure intrusion detection , 2005, VEE '05.

[22]  Shyhtsun Felix Wu,et al.  Protecting Kernel Code and Data with a Virtualization-Aware Collaborative Operating System , 2009, 2009 Annual Computer Security Applications Conference.

[23]  Greg Kroah-Hartman,et al.  Linux Device Drivers , 1998 .

[24]  Xuxian Jiang,et al.  Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing , 2008, RAID.

[25]  Greg Kroah-Hartman,et al.  Linux Device Drivers, 3rd Edition , 2005 .

[26]  James P. Anderson,et al.  A Guide to Understanding Object Reuse in Trusted Systems , 1992 .

[27]  Tal Garfinkel,et al.  A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.

[28]  Xiaoxin Chen,et al.  Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems , 2008, ASPLOS.

[29]  Tal Garfinkel,et al.  Shredding Your Garbage: Reducing Data Lifetime Through Secure Deallocation , 2005, USENIX Security Symposium.

[30]  Jason Nieh,et al.  Transparent Checkpoint-Restart of Multiple Processes on Commodity Operating Systems , 2007, USENIX Annual Technical Conference.

[31]  Andy Oram,et al.  Understanding the Linux Kernel, Second Edition , 2002 .

[32]  Wenke Lee,et al.  Lares: An Architecture for Secure Active Monitoring Using Virtualization , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[33]  Peter M. Chen,et al.  Execution replay of multiprocessor virtual machines , 2008, VEE '08.

[34]  Young Won Lim,et al.  Inter-Process Communication , 2011, Encyclopedia of Parallel Computing.

[35]  王慨 Hyper-V Server 2008 R2的服务器虚拟化应用研究 , 2011 .

[36]  Krishna P. Gummadi,et al.  Towards Trusted Cloud Computing , 2009, HotCloud.

[37]  Daniel Pierre Bovet,et al.  Understanding the Linux Kernel , 2000 .

[38]  Richard Wolski,et al.  The Eucalyptus Open-Source Cloud-Computing System , 2009, 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid.

[39]  Tal Garfinkel,et al.  When Virtual Is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments , 2005, HotOS.

[40]  Brian Hayes,et al.  What Is Cloud Computing? , 2019, Cloud Technologies.

[41]  Tal Garfinkel,et al.  Understanding data lifetime via whole system simulation , 2004 .

[42]  Samuel T. King,et al.  Detecting past and present intrusions through vulnerability-specific predicates , 2005, SOSP '05.

[43]  Marco Cesati,et al.  Understanding the Linux Kernel, Third Edition , 2005 .

[44]  Mark Russinovich,et al.  Inside Microsoft Windows 2000 , 2000 .

[45]  Jason Nieh,et al.  Transparent, lightweight application execution replay on commodity multiprocessor operating systems , 2010, SIGMETRICS '10.