Lars,
This NIST document ("A Methodology for Determining Forensic Data Requirements
for Detecting Hypervisor Attacks" [1]) appears to be focused on the application
of LibVMI in some contexts. It is a NIST Interagency or Internal Report
(NISTIR) document with a narrower scope than other NIST publications, e.g.
Special Publications (SP). NISTIR documents are:
https://www.nist.gov/nist-research-library/nist-series-publications
"... Interim or final reports on work performed by NIST for outside sponsors
(both government and non-government). May also report results of NIST projects
of transitory or limited interest, including those that will be published
subsequently in more comprehensive form."
If the Xen community wishes to provide feedback on this NISTIR draft, I suggest
compiling a single document, including:
- any inaccuracies + supporting references
- vulnerability scope boundaries, including Xen hypervisor, Linux kernel
affecting KVM, KVM module for Linux kernel, QEMU and hypervisor toolstack(s)
- additional sample attack(s) and evidence coverage for forensic analysis
- additional references on hypervisor security / vulnerability analysis
- missing perspectives (e.g. impact of features selected via KCONFIG,
disaggregation)
- other feedback
If a single list can be compiled, each item can be numbered and Xen community
viewpoints can be aggregated for possible consensus in unified feedback, or
individuals could submit their feedback separately.
Rich
[1]
https://csrc.nist.gov/CSRC/media/Publications/nistir/8221/draft/documents/nistir-8221-draft.pdf
> On Oct 9, 2018, at 14:20, Lars Kurth <lars.ku...@citrix.com> wrote:
>
> Hi all,
> I added a NIST Security Paper to the agenda which is currently under review
> and is full of inaccuracies and could potentially become very problematic to
> the project and vendors using Xen if officially published by NIST without
> being corrected (it needs responses by the end of week). I will be struggling
> to do this alone and would like to enlist help, in particular from people
> with a security background. That would also be significantly more powerful
> than me providing the feedback.
> Regards
> Kars
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
