NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Determining Forensic Data Requirements for Detecting Hypervisor Attacks

Published

Author(s)

Changwei Liu, Anoop Singhal, Ramaswamy Chandramouli, Duminda Wijesekera

Abstract

Hardware/Server virtualization is a key feature of data centers used for cloud computing services and enterprise computing that enables ubiquitous access to shared system resources. Server virtualization is typically performed by a hypervisor, which provides mechanisms to abstract hardware and system resources from an operating system. However, hypervisors are complex software systems with many lines of code and known to have vulnerabilities. This paper analyzes the recent vulnerabilities associated with two open- source hypervisors Xen and KVM as reported by the National Institute of Standards and Technology's (NIST) National Vulnerability Database (NVD) and develops a profile of those vulnerabilities in terms of hypervisor functionality, attack type, and attack source. Based on the predominant number of vulnerabilities in a hypervisor functionality (attack vector), two sample attacks using those attack vectors were launched to exploit those vulnerabilities and to determine the forensic data requirements.
Proceedings Title
Fifteenth IFIP 11.9 International Conference on Digital Forensic
Conference Dates
January 28-29, 2019
Conference Location
Orlando, FL, US
Pub Type
Conferences

Download Paper

https://doi.org/10.1007/978-3-030-28752-8_14
Local Download

Keywords

Cloud computing, hypervisors, Xen, KVM, vulnerabilities, forensics
Information technology, Forensic Science and Complex systems

Citation

Liu, C. , Singhal, A. , Chandramouli, R. and Wijesekera, D. (2019), Determining Forensic Data Requirements for Detecting Hypervisor Attacks, Fifteenth IFIP 11.9 International Conference on Digital Forensic, Orlando, FL, US, [online], https://doi.org/10.1007/978-3-030-28752-8_14, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=927335 (Accessed October 9, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created August 6, 2019, Updated October 12, 2021
Was this page helpful?