> If the Xen community wishes to provide feedback on this NISTIR draft, I suggest compiling a single document, including:
I hope so: we may as well use the relevant section in https://docs.google.com/document/d/1ZfZ1SJRauLrISiTLXzM0DPxQL8beNkAQS5MwLLNtRKc/edi to collate the feedback
But I can create a separate doc
Let’s discuss in the meeting
Regards
Lars

From: Rich Persaud <persaur@gmail.com>
Date: Tuesday, 9 October 2018 at 21:33
To: Lars Kurth <lars.kurth@citrix.com>
Cc: Andrew Cooper <Andrew.Cooper3@citrix.com>, Tamas K Lengyel <tamas.k.lengyel@gmail.com>, xen-devel <xen-devel@lists.xenproject.org>, "committers@xenproject.org" <committers@xenproject.org>, "intel-xen@intel.com" <intel-xen@intel.com>, "daniel.kiper@oracle.com" <daniel.kiper@oracle.com>, Roger Monne <roger.pau@citrix.com>, "christopher.w.clark@gmail.com" <christopher.w.clark@gmail.com>, Brian Woods <brian.woods@amd.com>, "jgross@suse.com" <jgross@suse.com>, Paul Durrant <Paul.Durrant@citrix.com>, John Ji <john.ji@intel.com>, "jnataraj@amd.com" <jnataraj@amd.com>, "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>, "davorin.mista@aggios.com" <davorin.mista@aggios.com>, "robin.randhawa@arm.com" <robin.randhawa@arm.com>, Artem Mygaiev <Artem_Mygaiev@epam.com>, "Matt.Spencer@arm.com" <Matt.Spencer@arm.com>, "anastassios.nanos@onapp.com" <anastassios.nanos@onapp.com>, Julien Grall <julien.grall@arm.com>, "Stewart.Hildebrand@dornerworks.com" <Stewart.Hildebrand@dornerworks.com>, "vfachin@de.adit-jv.com" <vfachin@de.adit-jv.com>, Volodymyr Babchuk <volodymyr_babchuk@epam.com>, "mirela.simonovic@aggios.com" <mirela.simonovic@aggios.com>, "Jarvis.Roach@dornerworks.com" <Jarvis.Roach@dornerworks.com>, Stefano Stabellini <sstabellini@kernel.org>
Subject: Re: x86 Community Call: Wed Oct 10, 14:00 - 15:00 UTC - Call for agenda items

Lars,

This NIST document ("A Methodology for Determining Forensic Data Requirements for Detecting Hypervisor Attacks" [1]) appears to be focused on the application of LibVMI in some contexts.  It is a NIST Interagency or Internal Report (NISTIR) document with a narrower scope than other NIST publications, e.g. Special Publications (SP).  NISTIR documents are:

https://www.nist.gov/nist-research-library/nist-series-publications
"... Interim or final reports on work performed by NIST for outside sponsors (both government and non-government).  May also report results of NIST projects of transitory or limited interest, including those that will be published subsequently in more comprehensive form."


If the Xen community wishes to provide feedback on this NISTIR draft, I suggest compiling a single document, including:

 - any inaccuracies + supporting references
 - vulnerability scope boundaries, including Xen hypervisor, Linux kernel affecting KVM, KVM module for Linux kernel, QEMU and hypervisor toolstack(s)
 - additional sample attack(s) and evidence coverage for forensic analysis
 - additional references on hypervisor security / vulnerability analysis
 - missing perspectives (e.g. impact of features selected via KCONFIG, disaggregation)
 - other feedback

If a single list can be compiled, each item can be numbered and Xen community viewpoints can be aggregated for possible consensus in unified feedback, or individuals could submit their feedback separately.

Rich

[1] https://csrc.nist.gov/CSRC/media/Publications/nistir/8221/draft/documents/nistir-8221-draft.pdf

On Oct 9, 2018, at 14:20, Lars Kurth <lars.kurth@citrix.com<mailto:lars.kurth@citrix.com>> wrote:
Hi all,
I added a NIST Security Paper to the agenda which is currently under review and is full of inaccuracies and could potentially become very problematic to the project and vendors using Xen if officially published by NIST without being corrected (it needs responses by the end of week). I will be struggling to do this alone and would like to enlist help, in particular from people with a security background. That would also be significantly more powerful than me providing the feedback.
Regards
Kars