Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

NIST Seeks Comment on Hypervisor Security Guide

The National Institute of Standards and Technology (NIST) has published a draft of a new guide whose goal is to provide security recommendations on deploying hypervisors.

The National Institute of Standards and Technology (NIST) has published a draft of a new guide whose goal is to provide security recommendations on deploying hypervisors.

The NIST Special Publication 800-125-A, published this week and titled “Security Recommendations for Hypervisor Deployment,” was authored by Dr. Ramaswamy Chandramouli, a supervisory computer scientist in the Computer Security Division of the Information Technology Laboratory at NIST.

Hypervisors, also known as virtualization managers, enable organizations to run multiple virtual machines (VMs), consisting of operating system and applications, on a single physical host. Hypervisors are increasingly used in enterprise data centers for hosting in-house applications, and for providing computing resources for cloud services, NIST said.

The guide provides a set of 22 recommendations related to both hypervisor platform architecture, and hypervisor baseline functions.

From an architectural perspective, the aspects that need to be taken into consideration are the entity on which the hypervisor is installed (directly on hardware or over a full-fledged OS), source of support for functions like memory and processor virtualization (hardware or software), and if there is hardware support for boot integrity assurance.

As far as baseline functions are concerned, they consist of execution isolation for VMs, device emulation and access control, execution of privileged operations by the hypervisor for guest VMs, VM lifecycle management, and the administration of the hypervisor platform and software.

“The security recommendations with respect to hypervisor platform architectural choices merely highlight the ease of providing security assurance (due to size of at tack surface, the size of trusted computing base (TCB) and hardware – assisted virtualization functions) in one architectural type compared to another and not with an intention to endorse any particular class of products,” the draft said.

“The security recommendations with respect to baseline functions are in terms of configuration choices, that ensure the secure execution of tasks performed under any of the five hypervisor baseline functions,” it added.

Advertisement. Scroll to continue reading.

NIST encourages experts to check out the draft of the paper and provide feedback. Comments can be sent to [email protected] until November 10, 2014.

At the Black Hat USA 2014 security conference, Bromium researcher Rafal Wojtczuk disclosed the details of multiple vulnerabilities affecting Oracle’s VM VirtualBox. Wojtczuk warned that while hypervisor vulnerabilities are relatively rare, they do exist and they can pose a serious risk to enterprises if they are neglected.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.