A virtualized server platform—like a physical server platform—must be protected against attacks from hackers who might want to steal data or take control of the server. The National Institute of Standards and Technology is releasing Draft NIST Special Publication 800-125A Revision 1, Security Recommendations for Server-based Hypervisor Platforms, which provides recommendations to ensure that the core software used in a virtual server, the hypervisor, remains secure against attempted attacks.
SP 800-125A Rev. 1 identifies and analyzes the potential threats to the secure execution of the functions of a hypervisor and provides a series of recommendations to prevent potential threats.
The model used in this publication is to identify the baseline functions that a hypervisor performs, the tasks involved in each baseline function, the potential threats to the secure execution of the task, and the countermeasures that can provide assurance against exploitation of these threats in the form of security recommendations, NIST said in the release. In addition to these recommendations, SP 800-125A Rev. 1 recommends securing the overall integrity of all components in a hypervisor platform and provides instructions.
The target audience for the security recommendations are the chief security officer (CSO) or the chief technology officer (CTO) of an enterprise IT department in a private entity or government agency who wants to develop a virtualization infrastructure, as well as managers of data centers who want to offer a virtualization infrastructure for hosting cloud offerings — and who want to provide security assurance for that infrastructure to cloud service clients, NIST said.
NIST has found that to deploy virtualized servers for high performance applications, such as big data, analytics, other forms of device virtualization besides the “emulation” approach covered in this document are required. This publication captures these additional technologies for device virtualization, such as para-virtualization, passthrough and self-virtualizing hardware devices as well as associated security recommendations. Major content changes in this publication, which is a revision of NIST SP 800-125A, Security Recommendations for Hypervisor Deployment on Servers, are found in Sections 1.1, 2.2.2 and 5.
A public comment period for this draft document is open until May 2, 2018.
As a non-regulatory agency of the Commerce Department, NIST promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life. For more information, visit www.nist.gov.