Bitdefender open source HVI technology available through Xen Project


Bitdefender, a provider of cybersecurity solutions, contributes its Hypervisor Introspection (HVI) technology to the open source community. The company does this within the Hypervisor-based Memory Introspection (HVMI) project, which itself falls under the Xen project.

As a member of the Advisory Board of the Linux Foundation-hosted Xen Project, Bitdefender is making HVI’s mechanisms open source. These mechanisms are used to gain visibility into the memory of running Linux and Windows virtual machines and to apply relevant security processes. To do this, they use Virtual Machine Introspection (VMI) APIs at the hypervisor level.

Various applications

The code, an intellectual property of Bitdefender to date, allows organizations to gain insight into the memory contents of both the Xen and KVM hypervisor using Virtual Machine Introspection. Although Bitdefender uses the technology for security purposes, several other areas of application are possible for such a sensor.

HVI leverages the position of the hypervisors between the underlying hardware and virtualized operating systems (Windows, Linux, desktops and servers) to inspect memory in real time for signs of memory-targeting attack techniques. These attack techniques are used repeatedly to exploit known and unknown vulnerabilities.

The HVI technology, introduced in 2017, was previously able to block EternalBlue attacks, among other things, without knowledge of the attack techniques or the vulnerability. HVI could be used successfully against the WannaCry attacks, which used EternalBlue.


Bitdefender also makes its ‘thin’ hypervisor technology available to the open source community. This technology goes by the name Napoca and was the basis for the development of HVI. Napoca can be useful for researchers and open source initiatives as it only virtualizes CPU and memory and leaves out the rest. Napoca can be combined with HVI to protect physical systems.

“The Xen Project is paying off, and the resulting hypervisor VMI functionality has changed cybersecurity forever,” said Shaun Donaldson, director of Strategic Alliances at Bitdefender. “We look forward to the wide range of application scenarios that the community will develop for the technology. We are confident that the HVI and Napoca technology will be used for unexpected application scenarios outside the security domain. ”

Kurt Roemer, chief security strategist and CTO staff member at Citrix, expects the creativity of the open source community to help HVMI technology find its way into solutions that overcome the limitations of OS-based security models. look. “HVI has contributed to a deep understanding of cyber threats in the memory of Xen-based virtual machines and the ability to block them. Now that the technology is open source, the applications for which HVMI can be deployed will deliver immediate value to both security teams and the companies they work for, especially when it comes to detecting and blocking new cyber threats, ”said Roemer.


Please enter your comment!
Please enter your name here