IT and Business Insights for SMB Solution Providers

A Methodology for Enabling Forensic Analysis Using Hypervisor Vulnerabilities Data: NIST Publishes NISTIR 8221

Hardware/Server Virtualization is a foundational technology in a cloud computing environment and the hypervisor is the key software in that virtualized infrastructure. However, hypervisors are large pieces of software with several thousand lines of code and are therefore known to have vulnerabilities. Hence, a capability to perform forensic analysis to detect, reconstruct and prevent attacks based on vulnerabilities on an ongoing basis is a critical requirement in cloud environments.

To gain a better understanding of recent hypervisor vulnerabilities and attack trends, identify forensic information needed to reveal the presence of such attacks, and develop guidance on taking proactive steps to detect and prevent those attacks, NIST has published NIST Internal Report (NISTIR) 8221, “A Methodology for Enabling Forensic Analysis Using Hypervisor Vulnerabilities Data.” NISTIR 8221 outlines a methodology to enable this forensic analysis, and illustrates the methodology using two open-source hypervisors—Xen and Kernel-based Virtual Machine (KVM). The source for vulnerability data is NIST’s National Vulnerability Database (NVD).

Publication details:

CSRC Update: 

About the Author

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.