Fault-tolerant computer systems are being used increasingly in such applications as e-commerce, banking, and stock trading, where privacy and integrity of data are as important as the uninterrupted operation of the service pro-vided. While much attention has been paid to the protection of data explicitly communicated over the Internet, there are also other sources of information leakage that must be addressed. This paper addresses one such source of information leakage caused by checkpointing, which is a common method used to provide continued operation in the presence of faults.

Checkpointing requires communication of memory state information, which may contain sensitive data, over the network to a reliable backing store. Although the method of encrypting all of this memory state information can protect the data, such a simplistic method is an overkill that can result in a significant slowdown of the target application. This paper examines ways to combine the operations required to perform incremental checkpointing with those required to encrypt this memory state data. Analysis and experimentation on an actual system are used to show that the proposed secure checkpointing schemes are feasible and require a relatively low level of overhead.