back to article Citrix, Bitdefender in Xen-only virtual security double-team

Citrix and Bitdefender have revealed a security tool that runs inside the hypervisor – in this case, Citrix's own XenServer – to detect advanced persistent threats running in guest VMs. The tool pulls off this trick by inspecting the state of memory used by guest VMs. If the “Hypervisor Introspection” (HVI) tool sees telltale …

  1. Voland's right hand Silver badge

    Hypervisor introspection

    It talks like a security boundary violation, it walks like a security boundary violation it is a security boundary violation.

    I am not sure I would like to have AV software running in the hypervisor ring 0 and have unfettered access to all VM virtual memory space in production.

    It is an extremely valuable tool to have "on your surgery bench". Production, not so much.

    1. larsk

      Re: Hypervisor introspection

      Actually it doesn't run in the hypervisor. It runs in a dedicated privileged VM, which can access the VMI interface (or in XenServer speak Direct Inspect APIs). Obviously access to these APIs needs to be very tightly controlled and no VM, but the BitDefender VM can access it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022