Methodology for assessing the security of information systems built using virtualization technologies

Annotation: Protecting virtual segments of information systems is an urgent problem for companies that use virtualization technologies. Ensuring information security of virtualization is one of the priority directions in the development of the IT market in Russia. In this paper, the existing methods for assessing security are analyzed and the new methodology for assessing the security of information systems built using virtualization technologies and developed taking into account the identified shortcomings in existing ones, is briefly described. The model the methodology is based on can be used to assess the security of a wider range of information systems.

Keywords: virtualization, virtual infrastructure, virtual machine, hypervisor, information security, virtualization vulnerabilities, threat identification, threat model