北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2018, Vol. 41 ›› Issue (2): 50-55.doi: 10.13190/j.jbupt.2017-192

• 论文 • 上一篇    下一篇

一种基于虚拟化的文件杀毒实现方法

尹学渊1, 陈兴蜀2, 李辉1, 陈林1   

  1. 1. 四川大学 计算机学院, 成都 610065;
    2. 四川大学 网络空间安全研究院, 成都 610065
  • 收稿日期:2017-09-20 出版日期:2018-04-28 发布日期:2018-03-17
  • 作者简介:尹学渊(1988-),男,博士生;陈兴蜀(1968-),女,教授,博士生导师,E-mail:chenxsh@scu.edu.cn.
  • 基金资助:
    国家科技支撑计划项目(2012BAH18B05);国家自然科学基金项目(61272447)

A Method to Implement File Antivirus Based on Virtualization

YIN Xue-yuan1, CHEN Xing-shu2, LI Hui1, CHEN Lin1   

  1. 1. College of Computer Science, Sichuan University, Chengdu 610065, China;
    2. Cybersecurity Research Institute, Sichuan University, Chengdu 610065, China
  • Received:2017-09-20 Online:2018-04-28 Published:2018-03-17

摘要: 针对云计算环境下因虚拟机杀毒和病毒库更新等引发的性能开销及资源占用问题,提出了一种基于虚拟化的云杀毒实现框架——HyperAV,HyperAV能够在较低性能开销的情况下对虚拟机文件进行杀毒,并提供扇区级别的访问控制和隔离机制.通过获取虚拟机运行过程中的扇区更改信息,HyperAV优化了文件病毒的扫描方式,对虚拟机杀毒过程起到了显著加速效果.HyperAV实现了控制-杀毒相互分离的前后端框架,杀毒所需数据可以导入专用杀毒服务集群,从而避免了病毒库的重复更新,解决了因杀毒而使虚拟机运行缓慢的问题.在基于内核的虚拟机虚拟化平台下实现了原型系统.实验结果表明,HyperAV能够在虚拟机较低负载开销的情况下为虚拟机文件提供病毒扫描防护能力.

关键词: 云计算, 虚拟化, 虚拟机, 杀毒

Abstract: To solve the performance overhead and resource consumption brought by an antivirus software when performing operations of virus scanning and virus database updating, an antivirus framework named HyperAV based on virtualization was proposed. HyperAV was able to provide antivirus capability for virtual machine files with low performance overhead, a mechanism of access control and isolation at the granularity of sector level was also provided. The process of virus scanning was optimized by monitoring the sector change information of a running virtual machine, which had a significant acceleration effect to the virus scanning process of virtual machines. HyperAV was constructed by a front and a rear end with each used as a controller and an antivirus worker, the data needed by antivirus software was redirected to server clusters so that duplications of virus database updating could be avoided, and performance overload brought by antivirus software running inside virtual machines was avoided. A prototype system based on kernel-based virtual machine virtualization platform was realized, the results showed that HyperAV was able to provide antivirus capability with low performance overload for virtual machines.

Key words: cloud computing, virtualization, virtual machine, antivirus

中图分类号: