Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Determining Forensic Data Requirements for Detecting Hypervisor Attacks

Published

Author(s)

Changwei Liu, Anoop Singhal, Ramaswamy Chandramouli, Duminda Wijesekera

Abstract

Hardware/Server virtualization is a key feature of data centers used for cloud computing services and enterprise computing that enables ubiquitous access to shared system resources. Server virtualization is typically performed by a hypervisor, which provides mechanisms to abstract hardware and system resources from an operating system. However, hypervisors are complex software systems with many lines of code and known to have vulnerabilities. This paper analyzes the recent vulnerabilities associated with two open- source hypervisors Xen and KVM as reported by the National Institute of Standards and Technology's (NIST) National Vulnerability Database (NVD) and develops a profile of those vulnerabilities in terms of hypervisor functionality, attack type, and attack source. Based on the predominant number of vulnerabilities in a hypervisor functionality (attack vector), two sample attacks using those attack vectors were launched to exploit those vulnerabilities and to determine the forensic data requirements.
Proceedings Title
Fifteenth IFIP 11.9 International Conference on Digital Forensic
Conference Dates
January 28-29, 2019
Conference Location
Orlando, FL, US

Keywords

Cloud computing, hypervisors, Xen, KVM, vulnerabilities, forensics

Citation

Liu, C. , Singhal, A. , Chandramouli, R. and Wijesekera, D. (2019), Determining Forensic Data Requirements for Detecting Hypervisor Attacks, Fifteenth IFIP 11.9 International Conference on Digital Forensic, Orlando, FL, US, [online], https://doi.org/10.1007/978-3-030-28752-8_14, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=927335 (Accessed May 27, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created August 6, 2019, Updated October 12, 2021