Date Published: October 20, 2014
Comments Due:
Email Questions to:
Author(s)
Ramaswamy Chandramouli (NIST)
Announcement
NIST announces the public comment release of NIST Special Publication 800-125A, Security Recommendations for Hypervisor Deployment. Server Virtualization (enabled by Hypervisor) is finding widespread adoption in enterprise data centers both for hosting in-house applications as well as for providing computing resources for cloud services. The hypervisor provides abstraction of all physical resources (such as CPU, Memory, Network and Storage) and thus enables multiple computing stacks (each consisting of an O/S (called Guest O/S), Middleware and a set of Application programs) to be run on a single physical host (referred to virtualized host or hypervisor host).
Since the NIST publication of SP 800-125 (Guide to Security for Full Virtualization Technologies) in January 2011, both the feature set of hypervisors as well as the tools for configuration and administration of virtualized infrastructure spawned by the hypervisor has seen considerable increase. This has generated the need to develop security recommendations for secure deployment of hypervisor platforms. This special publication defines a focused set of twenty-two security recommendations (in terms of architectural choices and configuration settings), intended to ensure secure execution of tasks performed by the hypervisor components under the umbrella of five baseline functions.
The public comment period closed on November 10, 2014.
The Hypervisor is a piece of software that provides abstraction of all physical resources (such as CPU, Memory, Network and Storage) and thus enables multiple computing stacks (consisting of an O/S, Middleware and Application programs) called Virtual Machines (VMs) to be run on a single physical host. In addition it may have the functionality to define a network within the single physical host (called virtual network) to enable communication among the VMs resident on that host as well as with physical and virtual machines outside the host. With all this functionality, the hypervisor has the responsibility to mediate access to physical resources, provide run time isolation among resident VMs and enable a virtual network that provides security-preserving communication flow among the VMs and between the VMs and the external network. To design a hypervisor with the core functionality described above, there are architectural options with each option presenting a different size of Trusted Computing Base (TCB) and hence different degree of ease in providing the required security assurance. Hence in providing security recommendations for the hypervisor, two different approaches have been adopted in this document– one approach based on architectural options that provide ease of security assurance and the second approach based on configuration choices that form part of its core administrative functions such as management of VMs, hypervisor host, hypervisor software and virtual networks.
The Hypervisor is a piece of software that provides abstraction of all physical resources (such as CPU, Memory, Network and Storage) and thus enables multiple computing stacks (consisting of an O/S, Middleware and Application programs) called Virtual Machines (VMs) to be run on a single physical...
See full abstract
The Hypervisor is a piece of software that provides abstraction of all physical resources (such as CPU, Memory, Network and Storage) and thus enables multiple computing stacks (consisting of an O/S, Middleware and Application programs) called Virtual Machines (VMs) to be run on a single physical host. In addition it may have the functionality to define a network within the single physical host (called virtual network) to enable communication among the VMs resident on that host as well as with physical and virtual machines outside the host. With all this functionality, the hypervisor has the responsibility to mediate access to physical resources, provide run time isolation among resident VMs and enable a virtual network that provides security-preserving communication flow among the VMs and between the VMs and the external network. To design a hypervisor with the core functionality described above, there are architectural options with each option presenting a different size of Trusted Computing Base (TCB) and hence different degree of ease in providing the required security assurance. Hence in providing security recommendations for the hypervisor, two different approaches have been adopted in this document– one approach based on architectural options that provide ease of security assurance and the second approach based on configuration choices that form part of its core administrative functions such as management of VMs, hypervisor host, hypervisor software and virtual networks.
Hide full abstract
Keywords
virtual machine; virtual network; secure configuration; security monitoring; hypervisor; virtualization; guest O/S
Control Families
Planning; System and Communications Protection
