Hardware/server virtualization is now integral to the infrastructure of data centers used for cloud computing services and enterprise computing. However, the increasing popularity of cloud services and the complex nature of hypervisors, which are essentially large software modules, have led to malicious attackers exploiting hypervisor vulnerabilities to attack cloud services. One of the key strategies for managing the vulnerabilities of the hypervisor involves devising a methodology for determining the forensic data requirements for detecting attacks.
To better understand trends in hypervisor attacks and prevent future exploitation, NIST is releasing Draft NIST Internal Report (NISTIR) 8221, A Methodology for Determining Forensic Data Requirements for Detecting Hypervisor Attacks. This report analyzes recent vulnerabilities associated with two open-source hypervisors as reported by the NIST National Vulnerability Database, specifically Xen and KVM.
Ten functionalities traditionally provided by hypervisors are considered for the classification of hypervisor vulnerabilities. The document develops a profile of those vulnerabilities in terms of hypervisor functionality, attack type, and attack source. The objective is to determine the evidence coverage for detecting and reconstructing those attacks and subsequently identify the techniques required to gather missing evidence. The methodology outlined in the document can assist cloud providers in enhancing the security of their virtualized infrastructure and take proactive steps toward preventing such attacks on their operating environment in the future.
A public comment period for this draft document is open until October 12, 2018. See the document details for additional information and a copy of the publication.