CN102012801B - Hardware acceleration system for antivirus virtual machine - Google Patents
Hardware acceleration system for antivirus virtual machine Download PDFInfo
- Publication number
- CN102012801B CN102012801B CN 201010547730 CN201010547730A CN102012801B CN 102012801 B CN102012801 B CN 102012801B CN 201010547730 CN201010547730 CN 201010547730 CN 201010547730 A CN201010547730 A CN 201010547730A CN 102012801 B CN102012801 B CN 102012801B
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- virus
- ram
- rom
- embedded type
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000002155 anti-virotic effect Effects 0.000 title claims abstract description 142
- 230000001133 acceleration Effects 0.000 title abstract 2
- 210000002845 virion Anatomy 0.000 claims abstract description 16
- 230000006870 function Effects 0.000 claims abstract description 10
- 230000004913 activation Effects 0.000 claims description 20
- 238000001514 detection method Methods 0.000 claims description 6
- 230000002093 peripheral effect Effects 0.000 abstract 1
- 241000700605 Viruses Species 0.000 description 5
- 238000000034 method Methods 0.000 description 3
- 230000008485 antagonism Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000009467 reduction Effects 0.000 description 2
- 230000003612 virological effect Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of computer security and anti-virus and provides a hardware acceleration system for an antivirus virtual machine. The system comprises an embedded central processing unit (CPU), a read only memory (ROM) and a random-access memory (RAM) and can be installed on a peripheral component interconnect (PCI) or PCI Express integrated circuit board; when the ROM receives an execution system booting signal transmitted by the embedded CPU, firmware on the ROM performs system booting so as to realize an antivirus virtual machine function; when the ROM detects an antivirus virtual machine startup identifier of a specified address in the RAM, the antivirus virtual machine is started; a virion is decrypted and uncoated by the antivirus virtual machine; when the antivirus virtual machine finishes processing, a waiting state is returned and an antivirus virtual machine ending identifier is written into the specified address in the RAM; and a reset circuit receives a reset signal generated by an antivirus engine on a computer when the antivirus virtual machine ending identifier in the RAM is not detected in a specified period of time and resets hardware of the embedded CPU.
Description
Technical field
The present invention relates to computer safety field, particularly anti-virus virtual machine hardware speed technology.
Background technology
The anti-virus virtual machine is the important component part of modern anti-virus engine, and for through encrypting the pleomorphism virus of distortion, virtual machine can be with virus deciphering reduction, and then carries out condition code and scan to resist and encrypt distortion; Add shell with the means of antagonism condition code scanning for present common virus, virtual machine can finish automatic deciphering or shelling is handled.
Because the anti-virus virtual machine need carry out the virtual execution of certain step number to viral code, therefore be part heavier to resource consumption in the anti-virus engine, the speed of the virtual run time version of anti-virus engine can directly influence the performance of anti-virus engine, therefore most of anti-virus engine is when realizing the anti-virus virtual machine, have between the compatibility of the virtual run time version of virtual machine and speed, make a choice, with under the prerequisite of excessive influence anti-virus engine performance not, an antagonism part is encrypted distortion and is added the virus that shell is handled.
Anti-virus virtual machine in the active computer anti-virus engine is all realized by operation CPU on computers, the problem that this mode is brought is, cpu resource on the computing machine can not all be distributed to the anti-virus virtual machine and use, if all x86 architecture cpu instructions are carried out virtual execution, then the speed of the virtual execution of anti-virus virtual machine is very low, has had a strong impact on the performance of anti-virus engine; If only virus a part of x86 architecture cpu instruction commonly used is carried out virtual execution, then can not be instructed by the x86 of virtual execution by viral utilization easily.Simultaneously, required virtual execution step number is handled in shelling and compatible requirement all is higher than the deciphering reduction, and the existing mode that shells automatically by virtual machine all can not satisfy the demands on efficient and compatibility.
Summary of the invention
The invention provides a kind of anti-virus virtual machine hardware accelerating system, solved with software explanation executive mode emulation x86 architecture cpu instruction and carried out brought lower to the virtual execution speed of code, the problem of poor compatibility.
The invention provides a kind of anti-virus virtual machine hardware accelerating system, comprise embedded type CPU, ROM, RAM and reset circuit;
Described embedded type CPU is used for the anti-virus virtual machine is carried out hardware-accelerated, resets by the reset circuit by the control of the anti-virus engine on the computing machine, and sends the executive system pilot signal to ROM;
Described ROM guides according to described executive system pilot signal executive system, set up the memory environment of anti-virus virtual machine work, realize anti-virus virtual machine function, and whether there is the anti-virus virtual machine activation to identify in the assigned address of detection RAM, when detecting anti-virus virtual machine activation sign, start the anti-virus virtual machine, and use the anti-virus virtual machine to visit RAM, virion is decrypted or shells, after deciphering or shelling finish, in the assigned address of RAM, write anti-virus virtual machine end sign.
The virion that anti-virus engine on the described RAM receiving computer writes and anti-virus virtual machine activation sign.
Described reset circuit is used for the reset signal that produces when anti-virus virtual machine that anti-virus engine on the receiving computer do not detect the RAM that states at the appointed time finishes sign, and embedded type CPU is carried out hardware reset.
Described system is installed on PCI or the PCI Express integrated circuit board, is undertaken alternately by the anti-virus engine on PCI or PCI Express bus and the computing machine.
In the described system, described ROM comprises the firmware that is solidificated on the ROM, described firmware executive system guiding, set up the memory environment of anti-virus virtual machine work, realize anti-virus virtual machine function, and whether there is the anti-virus virtual machine activation to identify in the assigned address of detection RAM, when detecting anti-virus virtual machine activation sign, start the anti-virus virtual machine, and use the anti-virus virtual machine to visit RAM, virion is decrypted or shells, after deciphering or shelling finish, write the anti-virus virtual machine in the assigned address of RAM and finish sign.
In the described system, described embedded type CPU is x86 architecture embedded type CPU, non-x86 architecture embedded type CPU or non-x86 architecture embedded MCU.
If described embedded type CPU is x86 architecture embedded type CPU, then ROM is connected with north bridge chips by South Bridge chip with RAM;
If described embedded type CPU right and wrong x86 architecture embedded type CPU or MCU, and inside is integrated with Memory Controller Hub, and then ROM directly is connected with RAM;
If described embedded type CPU right and wrong x86 architecture embedded MCU, and the inside of described non-x86 architecture embedded MCU integrated big capacity ROM, the not external ROM of described non-x86 architecture embedded MCU then.
In the described system, described RAM comprises main memory and RAM Shared.
In the described system, described embedded type CPU and ROM are undertaken by the anti-virus engine on RAM Shared and the computing machine alternately.
In the described system, described RAM Shared is carried out data interaction by the anti-virus engine on PCI or PCI Express bus and the computing machine.
The invention provides a kind of anti-virus virtual machine hardware accelerating system, comprise embedded type CPU, ROM and RAM, described system can be installed on PCI or the PCI Express integrated circuit board, receive the executive system pilot signal of embedded type CPU transmission as described ROM after, firmware executive system guiding on the ROM realizes anti-virus virtual machine function; Described ROM detects anti-virus virtual machine activation when sign among the RAM, starts the anti-virus virtual machine; The anti-virus virtual machine is decrypted virion or shells; After the anti-virus virtual machine disposed, the assigned address in RAM write anti-virus virtual machine end sign; The reset signal that the anti-virus virtual machine of anti-virus engine on the described reset circuit receiving computer in not detecting described RAM produces when finishing sign is carried out hardware reset to embedded type CPU.By additional firmware the anti-virus virtual machine is accelerated, solved with software explain executive mode emulation x86 architecture cpu instruction carry out brought to the lower problem of the virtual execution speed of code.
Description of drawings
In order to be illustrated more clearly in the present invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, the accompanying drawing that describes below only is some embodiment that put down in writing among the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is a kind of anti-virus virtual machine hardware accelerating system synoptic diagram provided by the invention;
Fig. 2 is a kind of anti-virus virtual machine hardware accelerated method process flow diagram provided by the invention.
Embodiment
In order to make those skilled in the art person understand technical scheme in the embodiment of the invention better, and above-mentioned purpose of the present invention, feature and advantage can be become apparent more, below in conjunction with accompanying drawing technical scheme among the present invention is described in further detail.
The invention provides a kind of anti-virus virtual machine hardware accelerating system, solved with software explain executive mode emulation x86 architecture cpu instruction carry out brought to the lower problem of the virtual execution speed of code.
At first introduce a kind of anti-virus virtual machine hardware accelerating system provided by the invention, as shown in Figure 1, comprise embedded type CPU 101, ROM102, RAM103 and reset circuit 104;
Described embedded type CPU 101 is used for the anti-virus virtual machine is carried out hardware-accelerated, resets by the reset circuit by the control of the anti-virus engine on the computing machine, and sends the executive system pilot signal to ROM102;
Described ROM102 guides according to described executive system pilot signal executive system, set up the memory environment of anti-virus virtual machine work, realize anti-virus virtual machine function, and whether there is the anti-virus virtual machine activation to identify in the assigned address of detection RAM103, when detecting anti-virus virtual machine activation sign, start the anti-virus virtual machine, and use the anti-virus virtual machine to visit RAM103, virion is decrypted or shells, to virion be decrypted or shell finish after, write the anti-virus virtual machine in the assigned address of RAM103 and finish sign;
The virion that anti-virus engine on the described RAM103 receiving computer writes and anti-virus virtual machine activation sign;
Described reset circuit 104 is used for the reset signal that produces when anti-virus virtual machine that anti-virus engine on the receiving computer do not detect described RAM at the appointed time finishes sign, and embedded type CPU 101 is carried out hardware reset.
Described system is installed on PCI or the PCI Express integrated circuit board, is undertaken alternately by the anti-virus engine on PCI or PCI Express bus 105 and the computing machine.
In the described system, described ROM comprises the firmware that is solidificated on the ROM, described firmware executive system guiding, set up the memory environment of anti-virus virtual machine work, realize anti-virus virtual machine function, and whether there is the anti-virus virtual machine activation to identify in the assigned address of detection RAM, when detecting anti-virus virtual machine activation sign, start the anti-virus virtual machine, and use the anti-virus virtual machine to visit RAM, virion is decrypted or shells, after deciphering or shelling finish, write the anti-virus virtual machine in the assigned address of RAM and finish sign.
In the described system, described embedded type CPU 101 is x86 architecture embedded type CPU, non-x86 architecture embedded type CPU or non-x86 architecture embedded MCU.
If described embedded type CPU 101 is x86 architecture embedded type CPUs, then ROM102 is connected with north bridge chips by South Bridge chip with RAM103;
If described embedded type CPU 101 right and wrong x86 architecture embedded type CPU or MCU, then ROM102 can directly be connected with RAM103;
If described embedded type CPU 101 right and wrong x86 architecture embedded MCU, and the inside of described non-x86 architecture embedded MCU integrated big capacity ROM, the not external ROM of described non-x86 architecture embedded MCU then.
In the described system, described RAM103 comprises main memory 103-1 and RAM Shared 103-2.
In the described system, described embedded type CPU 101 and ROM102 are undertaken by the anti-virus engine on RAM Shared 103-2 and the computing machine alternately.
In the described system, described RAM Shared 103-2 is undertaken by the anti-virus engine on PCI or PCI Express bus 105 and the computing machine alternately.
More clearly understand the present invention for the ease of those skilled in the art, provide a kind of anti-virus virtual machine hardware accelerated method at system provided by the invention below, be applicable to described anti-virus virtual machine hardware accelerating system, as shown in Figure 2, comprise the steps:
S201: embedded type CPU resets by the anti-virus engine on the computing machine, and sends the executive system pilot signal to ROM;
S202:ROM receives the executive system pilot signal that embedded type CPU sends, and the firmware that is solidificated on the ROM is finished system's guiding, sets up the memory environment of anti-virus virtual machine work, realizes anti-virus virtual machine function, enters ready waiting status;
Whether the assigned address that S203:ROM detects among the RAM has anti-virus virtual machine activation sign, when detecting anti-virus virtual machine activation sign, starts the anti-virus virtual machine;
The virion that anti-virus engine on the S204:RAM receiving computer writes;
Anti-virus engine on the S205:RAM receiving computer writes the anti-virus virtual machine activation sign of assigned address, when ROM detects the startup sign of anti-virus virtual machine, starts the anti-virus virtual machine;
S206: anti-virus virtual machine visit RAM is decrypted or shells virion;
S207: after the anti-virus virtual machine is deciphered virion or shelling finishes, get back to ready waiting status, the assigned address in RAM writes anti-virus virtual machine end sign;
S208: the anti-virus virtual machine whether the anti-virus engine on the computing machine detects at the appointed time in the assigned address of RAM finishes sign, if, then finish deciphering or shelling is handled, otherwise, S209 carried out;
S209: the anti-virus engine on the computing machine produces reset signal, sends to reset circuit, by reset circuit embedded type CPU is carried out hardware reset.
The invention provides a kind of anti-virus virtual machine hardware accelerating system, comprise embedded type CPU, ROM and RAM, described system can be installed on PCI or the PCI Express integrated circuit board, receive the executive system pilot signal of embedded type CPU transmission as described ROM after, firmware executive system guiding on the ROM realizes anti-virus virtual machine function; Described ROM detects anti-virus virtual machine activation when sign among the RAM, starts the anti-virus virtual machine; The anti-virus virtual machine is decrypted virion or shells; After the anti-virus virtual machine disposed, the assigned address in RAM write anti-virus virtual machine end sign; The anti-virus virtual machine of anti-virus engine on the described reset circuit receiving computer in not detecting described RAM produces reset signal when finishing sign, and embedded type CPU is carried out hardware reset.By additional firmware the anti-virus virtual machine is accelerated, solved with software explain executive mode emulation x86 architecture cpu instruction carry out brought to the lower problem of the virtual execution speed of code.
Though described the present invention by embodiment, those of ordinary skills know, the present invention has many distortion and variation and do not break away from spirit of the present invention, wish that appended claim comprises these distortion and variation and do not break away from spirit of the present invention.
Claims (7)
1. an anti-virus virtual machine hardware accelerating system is characterized in that, comprises embedded type CPU, ROM, RAM and reset circuit;
Described embedded type CPU is used for the anti-virus virtual machine is carried out hardware-accelerated, resets by the reset circuit by the control of the anti-virus engine on the computing machine, and sends the executive system pilot signal to ROM;
Described ROM guides according to described executive system pilot signal executive system, set up the memory environment of anti-virus virtual machine work, realize anti-virus virtual machine function, and whether there is the anti-virus virtual machine activation to identify in the assigned address of detection RAM, when detecting anti-virus virtual machine activation sign, start the anti-virus virtual machine, and use the anti-virus virtual machine to visit RAM, virion is decrypted or shells, after deciphering or shelling finish, in the assigned address of RAM, write anti-virus virtual machine end sign;
The virion that anti-virus engine on the described RAM receiving computer writes and anti-virus virtual machine activation sign;
Described reset circuit is used for the reset signal that produces when anti-virus virtual machine that anti-virus engine on the receiving computer do not detect described RAM at the appointed time finishes sign, and embedded type CPU is carried out hardware reset.
2. the system as claimed in claim 1 is characterized in that, described system is installed on PCI or the PCI Express integrated circuit board, is undertaken alternately by the anti-virus engine on PCI or PCI Express bus and the computing machine.
3. the system as claimed in claim 1, it is characterized in that, described ROM comprises the firmware that is solidificated on the ROM, described firmware executive system guiding, set up the memory environment of anti-virus virtual machine work, realize anti-virus virtual machine function, and whether there is the anti-virus virtual machine activation to identify in the assigned address of detection RAM, when detecting anti-virus virtual machine activation sign, start the anti-virus virtual machine, and use anti-virus virtual machine visit RAM, virion is decrypted or shells, after deciphering or shelling finish, in the assigned address of RAM, write anti-virus virtual machine end sign.
4. system according to claim 1 is characterized in that described embedded type CPU is x86 architecture embedded type CPU, non-x86 architecture embedded type CPU or non-x86 architecture embedded MCU;
If described embedded type CPU is x86 architecture embedded type CPU, then ROM is connected with north bridge chips by South Bridge chip with RAM;
If described embedded type CPU right and wrong x86 architecture embedded type CPU or MCU, and inside is integrated with Memory Controller Hub, and then ROM directly is connected with RAM;
If described embedded type CPU right and wrong x86 architecture embedded MCU, and the inside of described non-x86 architecture embedded MCU is integrated with big capacity ROM, the then not external ROM of described non-x86 architecture embedded MCU.
5. the system as claimed in claim 1 is characterized in that, described RAM comprises main memory and RAM Shared.
6. system as claimed in claim 5 is characterized in that, described embedded type CPU and ROM are undertaken by the anti-virus engine on RAM Shared and the computing machine alternately.
7. as claim 5 or 6 described systems, it is characterized in that described RAM Shared is undertaken by the anti-virus engine on PCI or PCI Express bus and the computing machine alternately.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010547730 CN102012801B (en) | 2010-11-17 | 2010-11-17 | Hardware acceleration system for antivirus virtual machine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010547730 CN102012801B (en) | 2010-11-17 | 2010-11-17 | Hardware acceleration system for antivirus virtual machine |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102012801A CN102012801A (en) | 2011-04-13 |
| CN102012801B true CN102012801B (en) | 2013-10-09 |
Family
ID=43842977
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010547730 Active CN102012801B (en) | 2010-11-17 | 2010-11-17 | Hardware acceleration system for antivirus virtual machine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102012801B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1072038A (en) * | 1991-10-30 | 1993-05-12 | 电子科技大学 | A kind of virus immunizing card for solidified operating system |
| CN101141453A (en) * | 2006-05-19 | 2008-03-12 | 美国凹凸微系有限公司 | Anti-virus and firewall system |
-
2010
- 2010-11-17 CN CN 201010547730 patent/CN102012801B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1072038A (en) * | 1991-10-30 | 1993-05-12 | 电子科技大学 | A kind of virus immunizing card for solidified operating system |
| CN101141453A (en) * | 2006-05-19 | 2008-03-12 | 美国凹凸微系有限公司 | Anti-virus and firewall system |
Non-Patent Citations (1)
| Title |
|---|
| 吴晓丹,李曦,陈香兰.嵌入式反病毒虚拟机.《计算机系统应用》.2009, * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102012801A (en) | 2011-04-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3029912B1 (en) | Remote accessing method and corresponding system | |
| US10445154B2 (en) | Firmware-related event notification | |
| KR101845162B1 (en) | Method for capturing oprations for container-based virtualization system and apparatus | |
| US9170832B2 (en) | Virtual machine control apparatus and virtual machine control method | |
| US7809875B2 (en) | Method and system for secure communication between processor partitions | |
| CN101449240A (en) | Launching hypervisor under running operating system | |
| US10810036B1 (en) | Traffic management on an interconnect | |
| CN103942178A (en) | Communication method between real-time operating system and non-real-time operating system on multi-core processor | |
| US10067900B2 (en) | Virtualized I/O device sharing within a distributed processing node system | |
| EP3436947B1 (en) | Secure driver platform | |
| EP2817755B1 (en) | Directed wakeup into a secured system environment | |
| US9779047B2 (en) | Universal intelligent platform management interface (IPMI) host to baseboard management controller (BMC) communication for non-x86 and legacy free systems | |
| WO2023071508A1 (en) | Inter-thread interrupt signal transmission | |
| US7644222B2 (en) | Low latency event communication system and method | |
| US9792437B2 (en) | System and method for securing embedded controller communications by providing a security handshake | |
| EP2255291B1 (en) | Systems and methods of communicatively coupling a host computing device and a peripheral device | |
| CN109154895B (en) | Contextual data control | |
| US10963407B1 (en) | Remote direct memory access based networking gateway | |
| CN102012801B (en) | Hardware acceleration system for antivirus virtual machine | |
| EP3207459B1 (en) | Side channel access through usb streams | |
| CN110716834A (en) | Method for realizing pulse detection of X86 architecture platform | |
| JP2010211339A (en) | Virtual computer system, communication control program of the same, and communication control method of the same | |
| EP3255544B1 (en) | Interrupt controller |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent for invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 100190 Zhongguancun Haidian District street, No. 14, layer, 1 1415-16 Applicant after: Beijing Antiy Electronic Installation Co., Ltd. Address before: 100085, Beijing, 1 Haidian District Nongda South Road, Silicon Valley, bright city, 2-521 Applicant before: Beijing Antiy Electronic Installation Co., Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 100190 Beijing city Haidian District minzhuang Road No. 3, Tsinghua Science Park Building 1 Yuquan Huigu a Patentee after: Beijing ahtech network Safe Technology Ltd Address before: 100190 Zhongguancun Haidian District street, No. 14, layer, 1 1415-16 Patentee before: Beijing Antiy Electronic Installation Co., Ltd. |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Hardware acceleration system for antivirus virtual machine Effective date of registration: 20181119 Granted publication date: 20131009 Pledgee: Shanghai Pudong Development Bank Limited by Share Ltd Harbin branch Pledgor: Beijing ahtech network Safe Technology Ltd Registration number: 2018990001084 Denomination of invention: Hardware acceleration system for antivirus virtual machine Effective date of registration: 20181119 Granted publication date: 20131009 Pledgee: Shanghai Pudong Development Bank Limited by Share Ltd Harbin branch Pledgor: Beijing ahtech network Safe Technology Ltd Registration number: 2018990001084 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20200508 Granted publication date: 20131009 Pledgee: Shanghai Pudong Development Bank Limited by Share Ltd Harbin branch Pledgor: BEIJING ANTIY NETWORK TECHNOLOGY Co.,Ltd. Registration number: 2018990001084 |