Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Server Virtualization Security: NIST Publishes SP 800-125A Revision 1
June 07, 2018

Server Virtualization is now a key component for enterprise IT infrastructure in data centers and cloud services. Virtual servers provide better utilization of hardware resources, reduces physical space required for physical servers, and reduced power consumption as well. The core software used for server virtualization, the Hypervisor, directly provides CPU and memory virtualization.

The Hypervisor platform is a collection of software modules that provide virtualization of hardware resources, such as CPU, Memory, Network, and Storage, and enables computing stacks (operating systems and application programs) called Virtual Machines (VMs) to run on a single physical host.  Additionally, the Hypervisor platform may have the functionality to define a network within a single physical host to enable communication among the VMs resident on that host, as well as with physical and virtual machines outside the host. The hypervisor has the responsibility to mediate access to physical resources, provide run time isolation among resident VMs, and enable a virtual network that provides a communication flow among the VMs and between the VMs and the external network.

To address additional technologies, NIST has published a revision of Special Publication (SP) 800-125A, now titled Security Recommendations for Server-based Hypervisor Platforms, which was originally published earlier this year. SP 800-125A Revision 1 adds security recommendations for technologies such as device passthrough and self-virtualizing devices that are used for deploying virtualized servers for high performance applications. The recommendations in this document relate to ensuring the secure execution of baseline functions of the hypervisor, ensuring they are agnostic to the hypervisor architecture. These recommendations are in context of a hypervisor deployed for server virtualization and not for other use cases such as embedded systems and desktops.
Created June 07, 2018