Publications
Obsoleted on January 23, 2018.
Security Recommendations for Hypervisor Deployment (2nd Draft)
Documentation
Topics
Date Published: September 2017
Comments Due:
Email Questions to:
Author(s)
Ramaswamy Chandramouli (NIST)
Announcement
NIST is soliciting public comments for this second draft of the document "Security Recommendations for Hypervisor Deployment." The security recommendations in this version are expressions of counter measures for obtaining assurance against exploitation of threats to five baseline functions of the hypervisor and are therefore agnostic to the architecture of the hypervisor platform. Protection measures that are common to all server class software and its hosting environment have been removed in this version since they are addressed in other NIST documents.
The Hypervisor is a piece of software that provides abstraction of all physical resources (such as CPU, Memory, Network and Storage) and thus enables multiple computing stacks (basically made of an O/S and Application programs and optionally a middleware in some instances) called Virtual Machines (VMs) to be run on a single physical host. In addition, it may have the functionality to define a network within the single physical host (called virtual network) to enable communication among the VMs resident on that host as well as with physical and virtual machines outside the host. With all this functionality, the hypervisor has the responsibility to mediate access to physical resources, provide run time isolation among resident VMs and enable a virtual network that provides security-preserving communication flow among the VMs and between the VMs and the external network. To design a hypervisor with the core functionality described above, there are architectural options with each option presenting a different size of Trusted Computing Base (TCB) and hence different degree of ease in providing the required security assurance. Hence in providing security recommendations for the hypervisor, two different approaches have been adopted in this document– one approach based on architectural options that provide ease of security assurance and the second approach based on configuration choices that form part of its core administrative functions such as management of VMs, hypervisor host, hypervisor software and virtual networks.
The Hypervisor is a piece of software that provides abstraction of all physical resources (such as CPU, Memory, Network and Storage) and thus enables multiple computing stacks (basically made of an O/S and Application programs and optionally a middleware in some instances) called Virtual Machines...
See full abstract
The Hypervisor is a piece of software that provides abstraction of all physical resources (such as CPU, Memory, Network and Storage) and thus enables multiple computing stacks (basically made of an O/S and Application programs and optionally a middleware in some instances) called Virtual Machines (VMs) to be run on a single physical host. In addition, it may have the functionality to define a network within the single physical host (called virtual network) to enable communication among the VMs resident on that host as well as with physical and virtual machines outside the host. With all this functionality, the hypervisor has the responsibility to mediate access to physical resources, provide run time isolation among resident VMs and enable a virtual network that provides security-preserving communication flow among the VMs and between the VMs and the external network. To design a hypervisor with the core functionality described above, there are architectural options with each option presenting a different size of Trusted Computing Base (TCB) and hence different degree of ease in providing the required security assurance. Hence in providing security recommendations for the hypervisor, two different approaches have been adopted in this document– one approach based on architectural options that provide ease of security assurance and the second approach based on configuration choices that form part of its core administrative functions such as management of VMs, hypervisor host, hypervisor software and virtual networks.
Hide full abstract
Keywords
Virtualization; Hypervisor; Virtual Machine; Virtual Network; Secure Configuration; Security
Control Families
None selected