The invention relates to computer security systems and methods, and in particular to systems and methods for protecting virtual machines against malicious software.
Malicious software, also known as malware, affects a great number of computer systems worldwide. In its many forms such as computer viruses, rootkits, spyware, and ransomware, malware presents a serious risk to millions of computer users, making them vulnerable to loss of data and sensitive information, identity theft, and loss of productivity, among others. Computer security software may be used to protect a computer system from malware.
Hardware virtualization technology enables the creation of simulated computer environments commonly known as virtual machines (VM), which behave in many ways as physical computer systems. In typical applications such as server consolidation and infrastructure-as-a-service (also know under the popular name “cloud computing”), several virtual machines may run simultaneously on the same computer system, sharing hardware resources among them, thus reducing investment and operating costs. Each virtual machine may run its own operating system and/or software applications, separately from other virtual machines. Each such VM potentially requires protection against computer security threats.
Placing computer security software outside the protected virtual machine typically ensures a high degree of protection. However, the operation of computer security software is substantially more complex and computationally expensive when carried out in such configurations, compared to non-virtualized environments. In conventional hardware virtualization anti-malware systems, security-relevant events occurring within the protected VM typically cause the hardware processor to suspend execution of the respective VM, and to switch to executing security software outside the protected VM. The processor may then switch back to executing the protected VM in response to event analysis. Frequent VM suspend/resume cycles carry a substantial computational cost, and may affect productivity and user experience.
There is a substantial interest in improving the efficiency of computer security operations in hardware virtualization platforms.