Hardware/Server virtualization is a key feature of data centers used for cloud computing services and enterprise computing that enables ubiquitous access to shared system resources. Server virtualization is typically performed by a hypervisor, which provides mechanisms to abstract hardware and system resources from an operating system. However, hypervisors are complex software systems with many lines of code and known to have vulnerabilities. This paper analyzes the recent vulnerabilities associated with two open- source hypervisors Xen and KVM as reported by the National Institute of Standards and Technology's (NIST) National Vulnerability Database (NVD) and develops a profile of those vulnerabilities in terms of hypervisor functionality, attack type, and attack source. Based on the predominant number of vulnerabilities in a hypervisor functionality (attack vector), two sample attacks using those attack vectors were launched to exploit those vulnerabilities and to determine the forensic data requirements.
Fifteenth IFIP 11.9 International Conference on Digital Forensic
, Singhal, A.
, Chandramouli, R.
and Wijesekera, D.
Determining Forensic Data Requirements for Detecting Hypervisor Attacks, Fifteenth IFIP 11.9 International Conference on Digital Forensic, Orlando, FL, US, [online], https://doi.org/10.1007/978-3-030-28752-8_14, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=927335
(Accessed December 3, 2023)