1 / 18

Cloud-based Anti-Virus

Final Presentation 4/21/2010. Cloud-based Anti-Virus . By Guofu Xiong, Yuli Deng. Outline. Project Goal Roadmap System Configuration Technical Solutions Demo Summary. Project Goal. Build a demonstrative system to study the concept of Cloud-Based Anti-Virus

daphne
Download Presentation

Cloud-based Anti-Virus

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Final Presentation 4/21/2010 Cloud-based Anti-Virus By Guofu Xiong, Yuli Deng

  2. Outline • Project Goal • Roadmap • System Configuration • Technical Solutions • Demo • Summary

  3. Project Goal • Build a demonstrative system to study the concept of Cloud-Based Anti-Virus • Learn the Cloud-Based Anti-Virus pros and cons • Complete deploying the system • Integrate the SSE into our project to enable the white/black list function

  4. Roadmap

  5. System Configuration • Hardware • 2 virtual machines running on the mobicloud. • Software • Ubuntu 10.10 • HAVP • Squid3 • C-ICAP • Clamav scan engine with its library • AVG scan engine • CURL library

  6. Technical Solutions • Client software + Server side code + 3rd party cloud scan engines • (Anti-virus proxy) Squid + C-ICAP + Clamav • (Anti-virus proxy) HAVP + Clamav & AVG • (Anti-virus proxy) Squid + C-ICAP & SSE + HAVP + Clamav & AVG

  7. Solution 1 : Workflow • Features: • A simple server utilizes current online Cloud AV engines • (Symantec, Trend,..) • An windows client program • C++ is expected to be used for coding Steps: User enters a URL; Agent sends the URL to the server; (3) Server downloads the target file and send it to the 3rd party scan engines; (4) Scan engines return result; (5) Server sends result to the user agent; (6) User agent decides action.

  8. Solution 1 : Pros and Cons Pros: • Workflow is simple, easy to develop and deploy. Cons: • The process of transferring a file from the server to the 3rd party scan engines is time-consuming. • Hard to retrieve various types of URL address from mobile phone and download them.

  9. * .This solution is first implemented by Zhibin, Xinyi and Tianyi Solution 2 : Workflow Steps: User browsed/download the URL in their agent; User agent sends requests to Internet through squid proxy; Squid gets data from the Internet, C-ICAP gets them and hands to scan clamav; Clamav reports result; Squid reports results to the users.

  10. Solution 2 : Pro and Cons Pros: • Able to utilize anti-virus scan engine and black/white function at the same time. • Effective. • Easy for end users to configure. Cons: • Unable to utilize different scan engines at the same time. (Only Clamav is used). • Buffered data in squid will not be scanned if users try to access this data again in some conditions.

  11. Solution 3 : Workflow Steps: User browses/downloads a URL in their agent; User agent sends requests through proxy (user-> HAVP -> Internet); HAVP receives data from the Internet and sends them to scan engines; HAVP sends data to the user at the same time but holds the end section of data; If scan engines report virus, stop sending data to client and report to the user.

  12. Solution 3 : Pros and Cons Pros: • Efficient, almost no delay in user browsing. • Able to utilize different scans engines at the same time. • Easy for users to configure. Cons: • Can’t integrate SSE. • Can’t buffer internet traffic. • Weaknesses in HAVP: File bigger than “hold back data” would be ignored by HAVP.

  13. Final Solution : Workflow Steps: User browses/downloads a URL in their agent; User agent sends requests through proxy (user -> Squid -> HAVP -> Internet); C-ICAP gets the URL and send to SSE, if phishing, send back result; HAVP receives data from the Internet and send them to scan engines; HAVP sends data to the user at the same time but holds the end section of data; If scan engines report virus, stop sending data to client and report to the user.

  14. Final Solution : Pros and Cons Pros: • Utilized various kinds of scan engines. • Enabled the white/black list function with SSE. • Squid(with its components) and HAVP(with its components) can be located in different machines. • Easy for end users to configure. • Enable to buffer data to increase the speed. Cons: • The scan/filter procedure decreases the speed of browsing and downloading. (The speed is most affected by the slowest component) • HAVP has weaknesses (Addressed before). • Buffered data in squid will not be scanned if accessed by users in some conditions.

  15. Demo Time

  16. Summary • Cloud-based anti-virus is a promising trend for the security field for its advantages; • There are many existing modules available for us to utilize; • More functions will lead to the decrease in the speed of browsing the Internet; • The hardware require for cloud-based anti-virus is very high.

  17. Acknowledgements • Thanks for Zhibin and Xinyi’sprevious solution. Part of our final solution is based on their work. • Thanks for Tianyi on providing mobicloud platform for our project; • Thanks for Dr. Huang who give us the instructions and the opportunity to learn and practice.

  18. Thank you! Any Question?

More Related