Vulnerability and Risk Assessment of XEN Hypervisor

Litchfield, A
Shahzad, A
Item type
Conference Contribution
Degree name
Journal Title
Journal ISSN
Volume Title

A vulnerability prediction and risk assessment process for the Xen hypervisor that predicts the number of vulnerabilities and levels of risk a specific software version provides is presented. The hypervisor is a key component of virtualisation and is thus a target of attackers. When such critical infrastructure is compromised, then the assets of service consumers are consequently at risk. The benefit of a risk analysis process is that it provides surety for Cloud services consumers (making the Cloud Computing option more attractive) and assists Systems Administrators in decision making about software choices and version upgrades. The process has been tested on three popular open source, infrastructure level software packages. In each case, the level of predictive accuracy is excellent to good. The study combines quantitative and qualitative methods to predict vulnerabilities and determine risk levels.

Vulnerability and risk assessment; XEN hypervisor; Threat actors; User classification; Threat level identification
Twenty-fourth Americas Conference on Information Systems,Information Systems Security and Privacy, New Orleans, Louisiana, August 16-18, 2018.
Rights statement
Copyright © 2018 Association for Information Systems (AIS) All rights reserved. NOTICE: this is the author’s version of a work that was accepted for publication. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in (see Citation). The original publication is available at (see Publisher's Version).