[ISN] NIST drafts guide for hypervisor security

http://gcn.com/articles/2014/10/21/nist-hypervisor-security.aspx By GCN Staff Oct 21, 2014 The National Institute of Standards and Technology released a draft of SP-800-125 A, Security Recommendations for Hypervisor Deployment, for public comment. Because of widespread growth in server virtualization for hosting enterprise applications and providing cloud services, recommendations for secure deployment of hypervisor platforms are needed, the standards agency said. Since the January 2011 publication of NIST’s SP 800-125, Guide to Security for Full Virtualization Technologies, both the feature set of hypervisors as well as tools for configuring the virtualized infrastructure spawned by the hypervisor have seen considerable increase. The NIST guidance examines the security implications of hypervisor platform choices and provides security recommendations for deployments in an enterprise. Hypervisors provide abstraction of all physical resources (such as CPU, memory, network and storage) and allow IT managers to run multiple virtual machines (VMs) on a single physical host, also referred to as a virtualized or hypervisor host. The hypervisor can also define a network that enables communication among the VMs. Enterprise data centers use the hypervisor for server virtualization because it makes better use of hardware resources and reduces power consumption However, it is also susceptible to threats from rogue VMs that can subvert the hypervisor’s access control to hardware resources such as memory and storage. […]