Securing anti-virus software with virtualization
First Claim
1. A secured anti-virus system comprising:
- a processor; and
a memory, the memory coupled to the processor, the memory having stored thereon instructions that when run on the processor cause the processor to;
run a first virtual machine that supports an anti-virus scanning component; and
run a second virtual machine that supports a user environment, the second virtual machine interdepending upon the first virtual machine such that the anti-virus component securely protects the integrity of the user environment, the first virtual machine including an append only log file that retains entries related to file system operations performed by the second virtual machine, the append only log file being configured as a persistent file, the append only log file configured to be scanned by the anti-virus scanning component a plurality of times, the anti-virus component of the first virtual machine configured to observe file system activity in the user environment in the second virtual machine, and the first virtual machine including file system employed by the user environment in the second virtual machine and the second virtual machine includes a stub interface to the file system.
2 Assignments
0 Petitions
Accused Products
Abstract
The subject disclosure relates to systems and methods that secure anti-virus software through virtualization. Anti-virus systems can be maintained separate from user applications and operating system through virtualization. The user applications and operating system run in a guest virtual machine while anti-virus systems are isolated in a secure virtual machine. The virtual machines are partially interdependent such that the anti-virus systems can monitor user applications and operating systems while the anti-virus systems remain free from possible malicious attack originating from a user environment. Further, the anti-virus system is secured against zero-day attacks so that detection and recovery may occur post zero-day.
-
Citations
17 Claims
-
1. A secured anti-virus system comprising:
-
a processor; and a memory, the memory coupled to the processor, the memory having stored thereon instructions that when run on the processor cause the processor to; run a first virtual machine that supports an anti-virus scanning component; and run a second virtual machine that supports a user environment, the second virtual machine interdepending upon the first virtual machine such that the anti-virus component securely protects the integrity of the user environment, the first virtual machine including an append only log file that retains entries related to file system operations performed by the second virtual machine, the append only log file being configured as a persistent file, the append only log file configured to be scanned by the anti-virus scanning component a plurality of times, the anti-virus component of the first virtual machine configured to observe file system activity in the user environment in the second virtual machine, and the first virtual machine including file system employed by the user environment in the second virtual machine and the second virtual machine includes a stub interface to the file system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for safeguarding anti-virus software integrity, comprising:
-
means for isolating user applications in a first virtualized environment; means for supporting an anti-virus scanning component in a second virtualized environment; means for retaining entries in the second virtualized environment, said entries relating to file system operations in the first virtualized environment, wherein the anti-virus scanning component scans each entry in the means for retaining entries a plurality of times, the means for retaining entries being append only and persistent; and means for enabling the anti-virus scanning component to verify the security of the user applications in the second virtualized environment, the anti-virus component of the first virtualized environment configured to observe file system activity in the user environment in the second virtualized environment, and the first virtualized environment including a file system employed by the user environment in the second virtualized environment and the second virtualized environment includes a stub interface to the file system.
-
-
14. A computer readable storage medium device having stored thereon instructions the instructions comprising instruction for:
-
running a first virtual machine that supports an anti-virus scanning component; and running a second virtual machine that supports a user environment, the second virtual machine interdepending upon the first virtual machine such that the anti-virus component securely protects the integrity of the user environment, wherein the first virtual machine includes an append only log file that retains entries related to file system operations performed by the second virtual machine, the append only log file being configured as a persistent file, each entry on the append only log file being configured to be scanned by the anti-virus scanning component a plurality of times, the anti-virus component of the first virtual machine configured to observe file system activity in the user environment in the second virtual machine, and the first virtual machine including a file system employed by the user environment in the second virtual machine and the second virtual machine includes a stub interface to the file system. - View Dependent Claims (15, 16, 17)
-
Specification