180 likes | 368 Vues
Final Presentation 4/21/2010. Cloud-based Anti-Virus . By Guofu Xiong, Yuli Deng. Outline. Project Goal Roadmap System Configuration Technical Solutions Demo Summary. Project Goal. Build a demonstrative system to study the concept of Cloud-Based Anti-Virus
E N D
Final Presentation 4/21/2010 Cloud-based Anti-Virus By Guofu Xiong, Yuli Deng
Outline • Project Goal • Roadmap • System Configuration • Technical Solutions • Demo • Summary
Project Goal • Build a demonstrative system to study the concept of Cloud-Based Anti-Virus • Learn the Cloud-Based Anti-Virus pros and cons • Complete deploying the system • Integrate the SSE into our project to enable the white/black list function
System Configuration • Hardware • 2 virtual machines running on the mobicloud. • Software • Ubuntu 10.10 • HAVP • Squid3 • C-ICAP • Clamav scan engine with its library • AVG scan engine • CURL library
Technical Solutions • Client software + Server side code + 3rd party cloud scan engines • (Anti-virus proxy) Squid + C-ICAP + Clamav • (Anti-virus proxy) HAVP + Clamav & AVG • (Anti-virus proxy) Squid + C-ICAP & SSE + HAVP + Clamav & AVG
Solution 1 : Workflow • Features: • A simple server utilizes current online Cloud AV engines • (Symantec, Trend,..) • An windows client program • C++ is expected to be used for coding Steps: User enters a URL; Agent sends the URL to the server; (3) Server downloads the target file and send it to the 3rd party scan engines; (4) Scan engines return result; (5) Server sends result to the user agent; (6) User agent decides action.
Solution 1 : Pros and Cons Pros: • Workflow is simple, easy to develop and deploy. Cons: • The process of transferring a file from the server to the 3rd party scan engines is time-consuming. • Hard to retrieve various types of URL address from mobile phone and download them.
* .This solution is first implemented by Zhibin, Xinyi and Tianyi Solution 2 : Workflow Steps: User browsed/download the URL in their agent; User agent sends requests to Internet through squid proxy; Squid gets data from the Internet, C-ICAP gets them and hands to scan clamav; Clamav reports result; Squid reports results to the users.
Solution 2 : Pro and Cons Pros: • Able to utilize anti-virus scan engine and black/white function at the same time. • Effective. • Easy for end users to configure. Cons: • Unable to utilize different scan engines at the same time. (Only Clamav is used). • Buffered data in squid will not be scanned if users try to access this data again in some conditions.
Solution 3 : Workflow Steps: User browses/downloads a URL in their agent; User agent sends requests through proxy (user-> HAVP -> Internet); HAVP receives data from the Internet and sends them to scan engines; HAVP sends data to the user at the same time but holds the end section of data; If scan engines report virus, stop sending data to client and report to the user.
Solution 3 : Pros and Cons Pros: • Efficient, almost no delay in user browsing. • Able to utilize different scans engines at the same time. • Easy for users to configure. Cons: • Can’t integrate SSE. • Can’t buffer internet traffic. • Weaknesses in HAVP: File bigger than “hold back data” would be ignored by HAVP.
Final Solution : Workflow Steps: User browses/downloads a URL in their agent; User agent sends requests through proxy (user -> Squid -> HAVP -> Internet); C-ICAP gets the URL and send to SSE, if phishing, send back result; HAVP receives data from the Internet and send them to scan engines; HAVP sends data to the user at the same time but holds the end section of data; If scan engines report virus, stop sending data to client and report to the user.
Final Solution : Pros and Cons Pros: • Utilized various kinds of scan engines. • Enabled the white/black list function with SSE. • Squid(with its components) and HAVP(with its components) can be located in different machines. • Easy for end users to configure. • Enable to buffer data to increase the speed. Cons: • The scan/filter procedure decreases the speed of browsing and downloading. (The speed is most affected by the slowest component) • HAVP has weaknesses (Addressed before). • Buffered data in squid will not be scanned if accessed by users in some conditions.
Summary • Cloud-based anti-virus is a promising trend for the security field for its advantages; • There are many existing modules available for us to utilize; • More functions will lead to the decrease in the speed of browsing the Internet; • The hardware require for cloud-based anti-virus is very high.
Acknowledgements • Thanks for Zhibin and Xinyi’sprevious solution. Part of our final solution is based on their work. • Thanks for Tianyi on providing mobicloud platform for our project; • Thanks for Dr. Huang who give us the instructions and the opportunity to learn and practice.
Thank you! Any Question?