Security, in every application of the concept, is a constantly moving target: once defenders identify and patch a vulnerability, attackers move on to the next weak spot. Efforts are therefore required to track the path of exposures through systems to detect where defenses should be deployed.

Despite the fact that VMware has 81 percent of the hypervisor market share, the authors of this paper have chosen to analyze the capabilities and subsequent vulnerabilities of two less widely used hypervisors, Xen and KVM. By highlighting, for example, where hypervisor add-ons have exposed vulnerabilities, and the general existence of weakness across the majority of their capabilities, however, this paper does not promote the use of these platforms. Vulnerabilities are classified according to the source of the attack trigger (such as the network or hypervisor), the attack vector (such as the interrupt and timing mechanisms or hypervisor add-ons), and the attack target (such as the hypervisor or host operating system (OS)). System vulnerabilities are analyzed according to their impact on hypervisor functionalities, aspects that are not all classifiable as functionalities per se, but also encompass the hardware characteristics of devices.

Vulnerability maps of Xen and KVM are the core contributions of this work, leading the authors to conclude that Xen is more vulnerable to network-based attacks, while KVM is more susceptible to OS-based attacks. Their recommendation, however, is to provision a hypervisor that operates securely at the top level of the system, with the idea that protection will subsequently filter through to the lower-level mechanisms of the platform.