U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

A Methodology for Determining Forensic Data Requirements for Detecting Hypervisor Attacks: NIST Releases Draft NIST Internal Report 8221
September 21, 2018

Hardware/server virtualization is now integral to the infrastructure of data centers used for cloud computing services and enterprise computing. However, the increasing popularity of cloud services and the complex nature of hypervisors, which are essentially large software modules, have led to malicious attackers exploiting hypervisor vulnerabilities to attack cloud services. One of the key strategies for managing the vulnerabilities of the hypervisor involves devising a methodology for determining the forensic data requirements for detecting attacks.

To better understand trends in hypervisor attacks and prevent future exploitation, NIST is releasing Draft NIST Internal Report (NISTIR) 8221, A Methodology for Determining Forensic Data Requirements for Detecting Hypervisor Attacks. This report analyzes recent vulnerabilities associated with two open-source hypervisors as reported by the NIST National Vulnerability Database, specifically Xen and KVM.

Ten functionalities traditionally provided by hypervisors are considered for the classification of hypervisor vulnerabilities. The document develops a profile of those vulnerabilities in terms of hypervisor functionality, attack type, and attack source. The objective is to determine the evidence coverage for detecting and reconstructing those attacks and subsequently identify the techniques required to gather missing evidence. The methodology outlined in the document can assist cloud providers in enhancing the security of their virtualized infrastructure and take proactive steps toward preventing such attacks on their operating environment in the future.

A public comment period for this draft document is open until October 12, 2018. See the document details for additional information and a copy of the publication.

Related Topics

Security and Privacy: vulnerability management

Technologies: cloud & virtualization

Applications: forensics

Created September 21, 2018, Updated June 22, 2020