The National Institute for Standards and Technology is currently working on a new Special Publication (800-125) that deals security concerns around virtualization technology. The paper is currently released as draft for comment and public feedback is requested until August 13th 2010 as described below.
“NIST requests comments on draft SP 800-125 by August 13, 2010. Please submit comments to firstname.lastname@example.org with “Comments SP 800-125″ in the subject line.”
I quickly read through the draft and it turns out to be a quite general overview of virtualization types and common issues to consider regarding the technology but also the overall life-cycle. It is a good primer for the topic but it lacks some depth; most readers are probably already familiar with the content as it is covered in more depth in guides like –
- CPNI Security considerations for server virtualisation
- vSphere 4.0 Security Hardening Guide
- DISA Security Technical Implementation Guides
- Microsoft Hyper-V security guide
Overall the draft paper is a worthwhile read, especially since it is only 35 pages long at this point, but some sections leave me to wish for more. In section 4.1 “Hypervisor Security” i’m missing a better discussion about the VMM supporting/enabling hardware and the inherent trust the Hypervisor puts in this part of the underlying system. While the paper mentions hypervisor integrity and physical system security this point deserves some better coverage in my view.
Link to the draft – SP800-125 Guide to Security for Full Virtualization Technologies