Both public and private clouds use a hypervisor to host the virtual machines that are launched by cloud users. For example, AWS uses the Citrix XEN hypervisor, whereas OpenStack uses the KVM hypervisor by default.  Hardware and operating system virtualization allows the cloud provider to share the hardware across several guest virtual machines without interfering with each other. In other words, multiple virtual machines running different operating systems can run on the same hardware simultaneously. But running several virtual machines on a single physical host has its own set of risks.  

Public cloud customers who launch virtual machines have no visibility to this hypervisor or any other virtualization software that the cloud uses. On the other hand, in a private cloud, the administrator has more control over the hypervisor used. The hypervisor is a software just like any other software running on the system. If an attacker becomes aware of any loopholes or vulnerabilities of the hypervisor, he may be able to take control of it and affect all the virtual machines that are running on the hypervisor. It is therefore necessary to monitor and detect unusual activity as early as possible and perform the necessary remedies.

Most IaaS providers use a bare metal hypervisor, which is also known as a Type 1 hypervisor. These hypervisors can be directly installed on raw hardware without any operating system. For example, VMWare ESX, Citrix Xen Server, Oracle Virtual Machine, and so on are bare metal hypervisors. The cloud provider should ensure that the required security controls are in place for these hypervisors. This includes understanding the internals of the hypervisor as well as preventing or restricting physical access to the hardware machines where these hypervisors are installed. 

Many of the modern hypervisors provide a feature known as PCI passthrough, which allows the virtual machine instance to directly get access to the hardware of the physical host where it is running. The PCI passthrough functionality is essential for virtual machines that require access to the graphics processor unit (GPU) or video cards for better performance.  However, this feature poses a risk to the overall system as it allows direct memory access to the host system. A virtual machine instance must not be given access to the full memory of the underlying host, as this will give it a full view of the entire host as well as other virtual machine running on that host. To prevent this, hardware providers use the Input/Output Memory Management Unit (IOMMU) to manipulate Direct Memory Access (DMA) in such situations. 

Moreover, when a virtual machine modifies the firmware of a device, it may affect other virtual machines running on the same host. This can pose a critical risk as the virtual machine can run code outside of its security limits.  Hence, care should be taken to identify how a virtual machine can modify the underlying hardware state and once the virtual machine is done with the hardware, the process to reset the hardware state should be in place.  For example, the firmware can be reflashed to reset the configuration.

Hybrid cloud administrators should consider the measures to ensure hypervisor security of their private cloud.

IaaS customers should understand the underlying technology and the security techniques that are put in place by the cloud provider to protect the hypervisor. This not only helps in taking additional security measures but also helps in determining any compliance gaps with respect to the organization's policies.