Although a Methodology for Determining Forensic Data Requirements for Detecting Hypervisor Attacks notice may not seem to be of immediate importance to the ControlTrends Community, Cybersecurity requires a dutiful and relentless awareness, especially as we become more dependent on Cloud hosted services. The Nist website is a vital source of critical information available at your fingertips! NIST implements practical cybersecurity and privacy through outreach and effective application of standards and best practices necessary for the U.S. to adopt cybersecurity capabilities.
A Methodology for Determining Forensic Data Requirements for Detecting Hypervisor Attacks: NIST Releases Draft NIST Internal Report 8221. September 21, 2018: Hardware/server virtualization is now integral to the infrastructure of data centers used for cloud computing services and enterprise computing. However, the increasing popularity of cloud services and the complex nature of hypervisors, which are essentially large software modules, have led to malicious attackers exploiting hypervisor vulnerabilities to attack cloud services. One of the key strategies for managing the vulnerabilities of the hypervisor involves devising a methodology for determining the forensic data requirements for detecting attacks.
To better understand trends in hypervisor attacks and prevent future exploitation, NIST is releasing Draft NIST Internal Report (NISTIR) 8221, A Methodology for Determining Forensic Data Requirements for Detecting Hypervisor Attacks. This report analyzes recent vulnerabilities associated with two open-source hypervisors as reported by the NIST National Vulnerability Database, specifically Xen and KVM.
Ten functionalities traditionally provided by hypervisors are considered for the classification of hypervisor vulnerabilities. The document develops a profile of those vulnerabilities in terms of hypervisor functionality, attack type, and attack source. The objective is to determine the evidence coverage for detecting and reconstructing those attacks and subsequently identify the techniques required to gather missing evidence. The methodology outlined in the document can assist cloud providers in enhancing the security of their virtualized infrastructure and take proactive steps toward preventing such attacks on their operating environment in the future.
A public comment period for this draft document is open until October 12, 2018. See the document details for additional information and a copy of the publication.
CSRC Update: https://csrc.nist.gov/news/2018/nist-releases-draft-nistir-8221-for-comment
Publication details: https://csrc.nist.gov/publications/detail/nistir/8221/draft