Uncategorized

Bromium: uXen open source hypervisor

https://www.bromium.com/opensource/

Standard
Uncategorized

NIST SP 800-125A: Security Recommendations for Server-based Hypervisor Platforms

Re: https://firmwaresecurity.com/2018/01/26/nist-releases-sp-800-125a-security-recommendations-for-hypervisors/

Date Published: June 2018
Supersedes: SP 800-125A (January 2018)

The Hypervisor platform is a collection of software modules that provides virtualization of hardware resources (such as CPU, Memory, Network and Storage) and thus enables multiple computing stacks (made of an operating system (OS) and application programs) called Virtual Machines (VMs) to be run on a single physical host. In addition, it may have the functionality to define a network within the single physical host (called virtual network) to enable communication among the VMs resident on that host as well as with physical and virtual machines outside the host. With all this functionality, the hypervisor has the responsibility to mediate access to physical resources, provide run time isolation among resident VMs and enable a virtual network that provides security-preserving communication flow among the VMs and between the VMs and the external network. The architecture of a hypervisor can be classified in different ways. The security recommendations in this document relate to ensuring the secure execution of baseline functions of the hypervisor and are therefore agnostic to the hypervisor architecture. Further, the recommendations are in the context of a hypervisor deployed for server virtualization and not for other use cases such as embedded systems and desktops. Recommendations for secure configuration of a virtual network are dealt with in a separate NIST document (Special Publication 800-125B). [This revision includes additional technologies for device virtualization such as para-virtualization, passthrough and self-virtualizing hardware devices as well as associated security recommendations. Major content changes in this revision are in: Section 1.1, Section 2.2.2 and Section 5.]

https://csrc.nist.gov/News/2018/NIST-Publishes-SP-800-125A-Rev-1

https://csrc.nist.gov/publications/detail/sp/800-125a/rev-1/final

https://www.nist.gov/news-events/news/2018/04/nist-releases-draft-nist-special-publication-sp-800-125a-revision-1

 

Standard
Uncategorized

Shadow-Box: Lightweight and Practical Kernel Protector for x86 (or ARM)

Lightweight Hypervisor-Based Kernel Protector

Shadow-box v2 (for ARM) is a next generation of Shadow-box v1 (for x86). If you want to know about Shadow-box for ARM, please visit Shadow-box for ARM project.

https://github.com/kkamagui/shadow-box-for-x86

https://github.com/kkamagui/shadow-box-for-arm

Standard
Uncategorized

NIST releases SP 800-125A: security recommendations for hypervisors

SP 800-125A: Security Recommendations for Hypervisor Deployment on Servers

The Hypervisor is a collection of software modules that provides virtualization of hardware resources (such as CPU/GPU, Memory, Network and Storage) and thus enables multiple computing stacks (made of an operating system (OS) and Application programs) called Virtual Machines (VMs) to be run on a single physical host. In addition, it may have the functionality to define a network within the single physical host (called virtual network) to enable communication among the VMs resident on that host as well as with physical and virtual machines outside the host. With all this functionality, the hypervisor has the responsibility to mediate access to physical resources, provide run time isolation among resident VMs and enable a virtual network that provides security-preserving communication flow among the VMs and between the VMs and the external network. The architecture of a hypervisor can be classified in different ways. The security recommendations in this document relate to ensuring the secure execution of baseline functions of the hypervisor and are therefore agnostic to the hypervisor architecture. Further, the recommendations are in the context of a hypervisor deployed for server virtualization and not for other use cases such as embedded systems and desktops. Recommendations for secure configuration of a virtual network are dealt with in a separate NIST Special Publication (SP), SP 800-125B.

Keywords: Virtualization; Hypervisor; Virtual Machine; Virtual Network; Secure Configuration; Security Monitoring; Guest OS

 

https://csrc.nist.gov/News/2018/Security-Recommendations-for-Deploying-Hypervisors
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-125A.pdf
https://csrc.nist.gov/publications/detail/sp/800-125a/final

See-also:
SP 800-125B: Secure Virtual Network Configuration for Virtual Machine (VM) Protection
https://csrc.nist.gov/publications/detail/sp/800-125b/final

Standard
Uncategorized

NIST releases SP 800-125A 2nd ed, hypervisor security

NIST Releases the Second Public Draft of Special Publication (SP) 800-125A,” Security Recommendations for Hypervisor Deployment” is now available for public comment, deadline for feedback is October 6th.

The NIST web site is changing on September 18 2017. Some links will change, below are pre- and post-Sep 18 URLs:

https://beta.csrc.nist.gov/publications/detail/sp/800-125A/draft
https://csrc.nist.gov/publications/detail/sp/800-125A/draft

 

Standard