Bitdefender Releases Groundbreaking Open Source HVI Technology through Xen Project

HVI Technology

Bitdefender, a leading global cybersecurity company protecting over 500 million systems worldwide, is proud to announce the contribution of its groundbreaking Hypervisor Introspection (HVI) to the open-source community as a subset of Xen Project called Hypervisor-based Memory Introspection (HVMI).

A member of the Advisory Board of the Linux Foundation-hosted Xen Project, Bitdefender is open-sourcing the mechanisms of HVI used to understand and apply security logic to memory events within running Linux and Windows virtual machines. These mechanisms leverage Virtual Machine Introspection APIs at the hypervisor level.

The code, formerly the intellectual property of Bitdefender, allows organizations to make sense of the view of memory provided by Virtual Machine Introspection within both the Xen and KVM hypervisors. While Bitdefender has used the technology for security purposes, the possibilities extend to a range of other areas that can leverage and extend a unique, powerful sensor.

HVI takes advantage of the position of hypervisors between the underlying hardware and virtualized operating systems – Windows, Linux, desktops, and servers – to examine memory, in real-time, for signs of memory-based attack techniques that are consistently used to exploit known and unknown vulnerabilities.

The technology, first launched for general availability in 2017, earned widespread acclaim for stopping EternalBlue attacks, without requiring knowledge of the attack or underlying vulnerability. The WannaCry attacks which leveraged EternalBlue, and the success of HVI, make it clear that hypervisor security solutions such as HVI must become part of organizations’ security fabric.

Also being open-sourced is Bitdefender’s ‘thin’ hypervisor technology, known as Napoca, which was used in developing HVI. Napoca may prove useful to researchers and open source efforts as it virtualizes CPU and memory, as opposed to virtualizing all hardware, and can be combined with HVI to protect physical systems.

“The Xen project is proving extremely fruitful, and the Xen Project hypervisor VMI capabilities have revolutionized security,” said Shaun Donaldson, Director of Strategic Alliances at Bitdefender. “We are excited to see the range of uses the community will come up with for the technology, and fully expect to see HVI and Napoca technology used in areas beyond the scope of Bitdefender’s security-focused purposes, that we could not anticipate today,” he added.

Kurt Roemer, Chief Security Strategist and a member of the Office of the CTO at Citrix, says the creativity of the open-source community will further embed HVMI technology into a wealth of resources with surprising innovations that transcend the limitations of OS-based security models.

“HVI has provided powerful threat insights and remediations into running Xen-based virtual machines. Now that the technology is open-source, the use cases to which HVMI can be applied will result in direct value realized by both security teams and their businesses – especially for emergent threats,” Roemer said.