The invention relates to computer security systems and methods, and in particular to encrypted electronic communication.
In the modern digital world, a wide variety of products and services rely on data encryption. Encrypted communications enable, among others, online commerce, online banking, and telephony over data networks such as the Internet. Encryption is also widely used to protect the privacy and personal data of users. In an age of proliferation of interconnected electronic devices (the Internet of Things), reliance on encryption is a strength but also a vulnerability.
In recent years, encryption is increasingly being used for malicious purposes, for instance to conceal the activities of malicious software, or to hold a user's valuable data to ransom. One typical example of malicious software activities comprises setting up a network of hijacked computing systems—commonly known as a botnet—and using the respective network to launch a distributed denial of service attack against a target webserver. As part of setting up the botnet, a software agent is infiltrated into each botnet member, using various methods (e.g., direct hacking, phishing, etc.). The agent may then use encryption to inconspicuously communicate with a remote server, for instance to receive the target's network address and/or to coordinate the attack with other botnet members. Various methods to prevent or counteract such malicious activities have been described, but such countermeasures may be undermined by malware's efficient use of encryption.
Anti-malware operations are further complicated by the advent of hardware virtualization technology, which enables the creation of simulated computer environments commonly known as virtual machines. Several virtual machines may run simultaneously on the same physical machine, sharing the hardware resources among them, thus reducing investment and operating costs. Each virtual machine may run its own operating system and/or software applications, separately from other virtual machines. Hardware virtualization is deployed for various reasons, for instance to ensure portability of software, or to strengthen security. Other popular applications of hardware virtualization, known under the generic name “cloud computing”, include webserver farms and virtual desktop infrastructure (VDI). In a typical VDI configuration, a software application executes on a first computer system, while the user interacts with the respective application using a second computer system (terminal). A virtual machine running the respective application is instantiated on-demand on the first computer system, which may end up executing hundreds of such VMs for multiple remote users. Due to the steady proliferation of malware, each virtual machine potentially requires protection against malware.
Escalating security threats and an increasing demand for virtualization generate a strong interest in developing efficient anti-malware systems and methods designed to address the challenges of hardware virtualization.