[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] x86 Community Call: Wed Oct 10, 14:00 - 15:00 UTC - Call for agenda items
- To: Rich Persaud <persaur@xxxxxxxxx>
- From: Lars Kurth <lars.kurth@xxxxxxxxxx>
- Date: Wed, 10 Oct 2018 08:08:01 +0000
- Accept-language: en-GB, en-US
- Cc: "davorin.mista@xxxxxxxxxx" <davorin.mista@xxxxxxxxxx>, Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, "anastassios.nanos@xxxxxxxxx" <anastassios.nanos@xxxxxxxxx>, "Matt.Spencer@xxxxxxx" <Matt.Spencer@xxxxxxx>, "Edgar E. Iglesias" <edgar.iglesias@xxxxxxxxxx>, John Ji <john.ji@xxxxxxxxx>, "robin.randhawa@xxxxxxx" <robin.randhawa@xxxxxxx>, Daniel Kiper <daniel.kiper@xxxxxxxxxx>, "mirela.simonovic@xxxxxxxxxx" <mirela.simonovic@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Artem Mygaiev <Artem_Mygaiev@xxxxxxxx>, Tamas K Lengyel <tamas.k.lengyel@xxxxxxxxx>, "christopher.w.clark@xxxxxxxxx" <christopher.w.clark@xxxxxxxxx>, Paul Durrant <Paul.Durrant@xxxxxxxxxx>, "committers@xxxxxxxxxxxxxx" <committers@xxxxxxxxxxxxxx>, "vfachin@xxxxxxxxxxxxxx" <vfachin@xxxxxxxxxxxxxx>, "intel-xen@xxxxxxxxx" <intel-xen@xxxxxxxxx>, "Jarvis.Roach@xxxxxxxxxxxxxxx" <Jarvis.Roach@xxxxxxxxxxxxxxx>, "jgross@xxxxxxxx" <jgross@xxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, "jnataraj@xxxxxxx" <jnataraj@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, "Stewart.Hildebrand@xxxxxxxxxxxxxxx" <Stewart.Hildebrand@xxxxxxxxxxxxxxx>, Brian Woods <brian.woods@xxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>
- Delivery-date: Wed, 10 Oct 2018 08:08:09 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Thread-index: AQHUW8pGkjk0doIfqEuBDWVp2WvfYaUW40OAgAADVQCAAAWQgIAARSEAgAAUEgCAANMGgA==
- Thread-topic: x86 Community Call: Wed Oct 10, 14:00 - 15:00 UTC - Call for agenda items
> If the Xen community wishes to provide feedback on this NISTIR draft, I suggest compiling a single document, including:
I hope so: we may as well use the relevant section in
https://docs.google.com/document/d/1ZfZ1SJRauLrISiTLXzM0DPxQL8beNkAQS5MwLLNtRKc/edi to collate the feedback
But I can create a separate doc
Let’s discuss in the meeting
Regards
Lars
From: Rich Persaud <persaur@xxxxxxxxx>
Date: Tuesday, 9 October 2018 at 21:33
To: Lars Kurth <lars.kurth@xxxxxxxxxx>
Cc: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, Tamas K Lengyel <tamas.k.lengyel@xxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "committers@xxxxxxxxxxxxxx" <committers@xxxxxxxxxxxxxx>, "intel-xen@xxxxxxxxx" <intel-xen@xxxxxxxxx>, "daniel.kiper@xxxxxxxxxx"
<daniel.kiper@xxxxxxxxxx>, Roger Monne <roger.pau@xxxxxxxxxx>, "christopher.w.clark@xxxxxxxxx" <christopher.w.clark@xxxxxxxxx>, Brian Woods <brian.woods@xxxxxxx>, "jgross@xxxxxxxx" <jgross@xxxxxxxx>, Paul Durrant <Paul.Durrant@xxxxxxxxxx>, John Ji <john.ji@xxxxxxxxx>,
"jnataraj@xxxxxxx" <jnataraj@xxxxxxx>, "Edgar E. Iglesias" <edgar.iglesias@xxxxxxxxxx>, "davorin.mista@xxxxxxxxxx" <davorin.mista@xxxxxxxxxx>, "robin.randhawa@xxxxxxx" <robin.randhawa@xxxxxxx>, Artem Mygaiev <Artem_Mygaiev@xxxxxxxx>, "Matt.Spencer@xxxxxxx"
<Matt.Spencer@xxxxxxx>, "anastassios.nanos@xxxxxxxxx" <anastassios.nanos@xxxxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, "Stewart.Hildebrand@xxxxxxxxxxxxxxx" <Stewart.Hildebrand@xxxxxxxxxxxxxxx>, "vfachin@xxxxxxxxxxxxxx" <vfachin@xxxxxxxxxxxxxx>, Volodymyr
Babchuk <volodymyr_babchuk@xxxxxxxx>, "mirela.simonovic@xxxxxxxxxx" <mirela.simonovic@xxxxxxxxxx>, "Jarvis.Roach@xxxxxxxxxxxxxxx" <Jarvis.Roach@xxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
Subject: Re: x86 Community Call: Wed Oct 10, 14:00 - 15:00 UTC - Call for agenda items
This NIST document ("A Methodology for Determining Forensic Data Requirements for Detecting Hypervisor Attacks" [1]) appears to be focused on the application of LibVMI in some contexts. It is a NIST Interagency or Internal Report (NISTIR)
document with a narrower scope than other NIST publications, e.g. Special Publications (SP). NISTIR documents are:
"... Interim or final reports on work performed by NIST for outside sponsors (both government and non-government). May also report results of NIST projects of transitory or limited interest, including those that will be published subsequently
in more comprehensive form."
If the Xen community wishes to provide feedback on this NISTIR draft, I suggest compiling a single document, including:
- any inaccuracies + supporting references
- vulnerability scope boundaries, including Xen hypervisor, Linux kernel affecting KVM, KVM module for Linux kernel, QEMU and hypervisor toolstack(s)
- additional sample attack(s) and evidence coverage for forensic analysis
- additional references on hypervisor security / vulnerability analysis
- missing perspectives (e.g. impact of features selected via KCONFIG, disaggregation)
If a single list can be compiled, each item can be numbered and Xen community viewpoints can be aggregated for possible consensus in unified feedback, or individuals could submit their feedback separately.
Hi all,
I added a NIST Security Paper to the agenda which is currently under review and is full of inaccuracies and could potentially become very problematic to the project and vendors using Xen if officially published by NIST without being corrected (it needs responses
by the end of week). I will be struggling to do this alone and would like to enlist help, in particular from people with a security background. That would also be significantly more powerful than me providing the feedback.
Regards
Kars
|
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|