Virtualization is a foundational technology in a cloud computing environment
and the hypervisor is the key software in that virtualized infrastructure.
However, hypervisors are large pieces of software with several thousand lines
of code and are therefore known to have vulnerabilities. Hence, a capability to
perform forensic analysis to detect, reconstruct and prevent attacks based on
vulnerabilities on an ongoing basis is a critical requirement in cloud
To gain a better understanding of
recent hypervisor vulnerabilities and attack trends, identify forensic
information needed to reveal the presence of such attacks, and develop guidance
on taking proactive steps to detect and prevent those attacks, NIST has
published NIST Internal Report (NISTIR) 8221, “A Methodology
for Enabling Forensic Analysis Using Hypervisor Vulnerabilities Data.”
NISTIR 8221 outlines a methodology to enable this forensic analysis, and
illustrates the methodology using two open-source hypervisors—Xen and Kernel-based
Virtual Machine (KVM). The source for vulnerability data is NIST’s National
Vulnerability Database (NVD).