The company Bitdefender has announced the opening of its technology code introspection, hypervisor (Hypervisor Introspection, HVI). It was developed in conjunction with the Xen project.
The history of the project began in 2015, when the libbdvmi library was introduced for the 4.6 hypervisor . It made it possible to "make friends" virtual machines and software that searches for malicious code.
Previously, specialized malware could remain unnoticed on the system for a long time while inside a guest virtual machine. One of the problems is getting access to the RAM of the virtual machine. But the library solved these problems by making it possible for the hypervisor to inspect the memory.
Bitdefender and Xen have developed guest introspection technology that allows antivirus software to run externally. Xen libbdvmi solves the problem efficiently, without the need for additional allocation of large amounts of hardware resources.
Some time later, Bitdefender, together with Citrix, released a commercial version of the technology called Bitdefender Hypervisor Introspection.
Source: 3dnews
Now the technology developers have decided to open the libbdvmi code. In addition, the company opened the code for another technology, the thin hypervisor Napoca, to the Xen project. The combination of libbdvmi and Napoca enables introspection on systems that do not use full blown hypervisors.
According to representatives of the Bitdefender team, the discovery of the code will allow technologies to develop further, they will go beyond purely commercial projects from Bitdefender, evolving into something new. Technology will help companies and organizations respond to new threats that are becoming more dangerous and more complex.
Xen Project is the product of seven development teams at once. After the opening of the HVI and Napoca code, there will also be an eighth, which will be responsible for the implementation of technologies. The libbdvmi library code can be found on Github .