Protecting shared sensitive information is a key requirement for today’s distributed applications. Our research uses virtualization technologies to create and maintain trusted data paths across distributed machines, for the services being run and their information exchanges. For trusted data paths, runtime protection methods control what data is visible to which distributed services operating on it, guided by online monitoring that determines the levels of trust inherent in the paths’ machines, services, and service actions. This paper presents a key functional element of trusted data paths, which is the ProtectIT interception mechanism for controlling the data exchanges between the different virtual machines running trusted services. ProtectIT can be applied to any communication and/or I/O performed by virtual machines, and because ProtectIT does not require application, middleware, or operating system modifications, it can be used to construct trusted data paths without the kn...