Hypervisor Introspection Redefines Security for Virtualized Environments

Viorel Canja

June 06, 2016

Hypervisor Introspection Redefines Security for Virtualized Environments

From 1960s mainframes to today’s cloud-centric evolution, data centers have undergone tremendous transformation. As applications became mission-critical, and desktop servers moved into formal data centers, the number of physical servers in a data center grew exponentially, making the job of managing this environment increasingly complex and expensive.

Today, data centers are moving from isolated systems to interconnected pools of virtualized resources shared between multiple locations. Once an aspiration, the prospect of a fully virtualized data center is becoming a reality.

The so-called "data centers without walls" help businesses cut costs and maximize IT efficiency, which is why companies are driving the rapid adoption of virtualized computing. In 2013, 77 percent of small and medium companies had some type of virtualization in place.

Yet, while the benefits of virtualizing applications, desktops, hardware or networks are self-evident, security failed, until now, to align to this new paradigm.

Revolutionary Security

A well-known problem in the cyber-security industry is that advanced malware attacks manage to evade traditional in-OS security. This happens because sophisticated malware like APTs executes in the same context and with the same privileges as anti-malware software.

That is why Bitdefender decided to address security from outside the guest operating system. The kernel introspection technology we have been working on analyzes the raw memory image of guest OS, services and user mode applications. It audits both kernel and user memory to identify threats such as known rootkit hooking techniques, zero-day or out-of-reach malware that runs below OS security solutions. It also protects user processes from attacks such as code injection, function detouring, unpacked malicious code and code execution from stack.

Hypervisor introspection ensures that the anti-malware software can live outside of the monitored guest, without relying on functionalities that can be rendered unreliable by advanced malware - no agent or any other type of special software needs to run inside the guest.

This technology was troublesome to implement until now because of compatibility issues with hardware, the need for adequate computing power and resources, as well as the semantic gap issue – the challenge to accurately extract semantic meaning from the hypervisor’s hardware level view of a guest OS. Nonetheless, the semantic gap remains a work in progress and the most demanding part to tackle.

While kernel introspection is known in academia, Bitdefender has advanced the idea, now providing real-time protection for virtual machines against a wide scale of threats.

Long-term Benefits

Hypervisor introspection is a giant leap towards revolutionizing security as we know it. Virtualization technology continues to evolve, with increased levels of automation and comprehensive frameworks for managing the virtualized environment more efficiently. In this context, the hypervisor-based introspection technology is a future-proof advancement with numerous applications in other fields and industries.

Server farms, businesses embracing BYOD and security for mobile devices are some of the fields where hypervisor introspection shows great potential, if applied. In the future, companies will be able to deploy it on mobile devices as well as computers to isolate and secure personal and corporate data from compromise.

Bitdefender Hypervisor Introspection was developed in close collaboration with Citrix. It integrates with the Direct Inspect API released by Citrix as part of XenServer 7, the first commercial hypervisor capable of virtual machine introspection.

“XenServer Direct Inspect APIs with Bitdefender GravityZone is a first and unique security feature for commercial hypervisors,” Citrix writes on its website. This is meant to complement existing disk-based protection solutions to provide “better than physical” protection, the company added. Find out more about the XenServer 7, here.

 Contact an expert

tags


Author


Viorel Canja

As Head of Bitdefender's Antimalware and Antispam Labs, Viorel Canja leads a team of 140 of the most experienced threat analysts in the world and manages the development of the core protection technologies for Bitdefender. With 15+ years of experience in the data security industry, he is personally responsible for the growth of the Antimalware Labs. The group's response time to new threats is among the best in the industry, garnering accolades from some of the most trusted institutions and publications in the world. Prior to his current position, Mr. Canja, held positions within Bitdefender as a virus researcher, engine developer and manager of the engine development team. He is a graduate of the Polytechnic University of Bucharest.

View all posts

You might also like

Bookmarks


loader