Hardware/server virtualization is a fundamental component in the infrastructure of data centers used for cloud computing services and enterprise computing. Yet, the increasing popularity of cloud services and the complex nature of hypervisors, which are essentially large software modules, have led to malicious attackers exploiting hypervisor vulnerabilities to attack cloud services, NIST reported in a release. One of the core strategies for mitigating the vulnerabilities of a hypervisor involves formulating a methodology for determining the forensic data requirements for detecting attacks.
To better understand developments in hypervisor attacks and prevent future exploitation, NIST is releasing Draft NIST Internal Report (NISTIR) 8221, A Methodology for Determining Forensic Data Requirements for Detecting Hypervisor Attacks. This report analyzes recent vulnerabilities associated with two open-source hypervisors as reported by the NIST National Vulnerability Database, specifically Xen and KVM.
The draft develops a profile of hypervisor vulnerabilities in terms of 10 functionalities traditionally provided by hypervisors and classified by attack type, and attack source. The objective is to determine the forensic data that can be used to detect and reconstruct those attacks and subsequently to identify the techniques required to gather missing evidence. The methodology outlined in the document can assist cloud providers in enhancing the security of their virtualized infrastructure and take proactive steps toward preventing such attacks on their operating environment in the future, NIST said.
A public comment period for this draft document is open until Oct. 12, 2018. See the document details for additional information and a copy of the publication.
Information Technology Laboratory
Computer Security Resource Center