Company Bitdefender announced the discovery of the code for its Hypervisor Introspection (HVI) technology. It was developed in collaboration with the Xen project.
The history of the project began in 2015, when the library was presented for the hypervisor 4.6 . It made it possible to "make friends" of virtual machines and software that searches for malicious code.
Previously, specialized malware could remain unnoticed in the system for a long time, being inside a guest virtual machine. One of the problems is getting access to the RAM of the virtual machine. But the library solved these problems by making memory inspection possible from the hypervisor side.
Bitdefender and Xen have developed guest introspection technology that allows you to run antivirus software externally. Xen libbdvmi solves the problem effectively, without the need to allocate large amounts of hardware resources.
Some time later, Bitdefender, together with Citrix, released a commercial version of the technology, which was called Bitdefender Hypervisor Introspection.
Source: 3dnews
Now the developers of the technology have decided to open the libbdvmi code. In addition, the company has open-sourced another technology, Napoca's thin hypervisor, to the Xen project. The combination of libbdvmi and Napoca makes it possible to introspect on systems that do not use full blown hypervisors.
According to the representatives of the Bitdefender team, the discovery of the code will allow technologies to develop further, they will go beyond purely commercial projects from Bitdefender, evolving into something new. Technology will help companies and organizations respond to new threats that are becoming more dangerous and complex.
Xen Project is the product of the work of seven development teams at once. After opening the code of HVI and Napoca, there will also be an eighth one, which will be responsible for the implementation of technologies. With the libbdvmi library code, you can .
Source: habr.com