David R. Kaeli
Waleed M. Meleis, Mehdi Tahoori
Date of Award
Master of Science
Department or Academic Unit
College of Engineering. Department of Electrical and Computer Engineering.
Electrical and computer engineering, Computer science, Anti-virus program
Computer viruses --Prevention --Software, Computer security --Software, Data protection --Software
Despite the pervasive use of anti-virus (AV) software, there has not been a systematic study of the characteristics of the execution of this workload. In this work we begin by presenting a characterization of four commonly used anti-virus software packages. Using the Virtutech Simics toolset, we profile the behavior of four popular anti-virus packages as run on an Intel PentiumIV platform running Microsoft Windows-XP. In our study, we focus on the overhead introduced by the anti-virus software during on-access execution. The overhead associated with anti-virus execution can dominate overall performance. The AV-Test group has already reported that this overhead can range from 23-129 percent on live systems running on-access experiments.The performance impact of the anti-virus execution is clearly an important issue, and we present the first quantitative study of the characteristics of this workload. Our study includes the impact of both operating system execution and system call execution. Prior work has quantified how much overhead is introduced by the execution of a real-time anti-virus scanner and have indicated that significant amounts of pressure is placed on not only the central processor, but the memory subsystem. Many solutions have been proposed to potentially offset or alleviate this overhead, however few have actually been implemented. The issue of pressure on the physical system becomes more immense in a virtualization environment, where multiple virtual machines are executed on one physical machine, and each virtual machine running the windows operating system requires its own instance of an anti-virus program. The purpose of this work is to take one step forward in addressing the growing issue of real time anti-virus execution based overhead in the context of application consolidation. The VMWare ESX architecture provides the ideal environment for a distributed real-time scanning process to be executed amongst all machines, consolidating physical memory consumption and exploiting thread-level parallelism. We implemented a prototype of such a model, and study the performance of the prototype design. We found that as well as designing a real-time anti-virus system that has scalable performance, we can alleviate up to 78 percent of the overhead introduced by commercial Anti-Virus packages, and in the worst case, consolidate up to 260 MB of memory consumed by anti-virus packages.
Uluski, Derek, "Real time anti-virus for a virtualized environment" (2008). Electrical and Computer Engineering Master's Theses. Paper 21. http://hdl.handle.net/2047/d1001715x
Click button above to open, or right-click to save.