Next VVSG Training Security: Testing Requirements October 15-17, 2007 Nelson Hastings Alicia Clay Jones National Institute of Standards and Technology.

Slides:

Advertisements

Similar presentations

Configuration management

Advertisements

PRINCIPLES OF A CALIBRATION MANAGEMENT SYSTEM

Software Quality Assurance Plan

Safety Software QA at BNL’s Collider-Accelerator Department (C-AD) Accelerator Safety Workshop E. Lessard Collider-Accelerator Department August 12-14,

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,

TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

SE 555 Software Requirements & Specification Requirements Validation.

Iterative development and The Unified process

PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 7 System Design and Implementation System Design and.

COMP8130 and 4130Adrian Marshall 8130 and 4130 Test Management Adrian Marshall.

Configuration Management

ISO 9000 Certification ISO 9001 and ISO

Software Configuration Management

Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.

How the Change Control Process Affects Project Quality

Architecture of information systems Document managment system Peter Záhorák.

N A managed approach to planning and controlling the implementation of complex application software. n A flexible tool kit, designed to support the Project.

July 9, National Software Reference Library Douglas White Information Technology Laboratory July 2004.

UML - Development Process 1 Software Development Process Using UML (2)

Demystifying the Independent Test Authority (ITA)

Information Systems Security Computer System Life Cycle Security.

Commissioning of Fire Protection and Life Safety Systems Presented by: Charles Kilfoil Bechtel National Waste Treatment Plant Richland WA.

Visit us at E mail: Tele: www.globalmanagergroup.com.

Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition Chapter 7 Software Supporting Processes and Software Reuse.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

NIST Special Publication Revision 1

Part II : Computer Security and the VVSG October 15-17, 2007 Barbara Guttman Nelson Hastings National Institute of Standards and Technology

ETICS2 All Hands Meeting VEGA GmbH INFSOM-RI Uwe Mueller-Wilm Palermo, Oct ETICS Service Management Framework Business Objectives and “Best.

Product Development Chapter 6. Definitions needed: Verification: The process of evaluating compliance to regulations, standards, or specifications.

Configuration Management (CM)

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

MD Digital Government Summit, June 26, Maryland Project Management Oversight & System Development Life Cycle (SDLC) Robert Krauss MD Digital Government.

Product Documentation Chapter 5. Required Medical Device Documentation  Business proposal  Product specification  Design specification  Software.

Accreditation for Voting Equipment Testing Laboratories Gordon Gillerman Standard Services Division Chief

12/9-10/2009 TGDC Meeting Open Ended Vulnerability Testing Update Nelson Hastings National Institute of Standards and Technology

TGDC Meeting, December Common Data Format Directions John P. Wack National Institute of Standards and Technology

Briefing for NIST Acting Director James Turner regarding visit from EAC Commissioners March 26, 2008 For internal use only 1.

© Mahindra Satyam 2009 Configuration Management QMS Training.

5.2 Scope: This standard defines common data interchange formats for event records for voting systems. Voting systems, including election administration.

Chapter 2 Understanding Computer Investigations Guide to Computer Forensics and Investigations Fourth Edition.

Configuration Management and Change Control Change is inevitable! So it has to be planned for and managed.

Today’s Lecture Covers

Making every vote count. United States Election Assistance Commission EAC Voting System Certification TGDC Meeting December 9-10, 2009.

Design Documentation Clint Kehres, Brian Krouse, Jenn Shafner.

Oct 15-17, : Integratability and Data Export Page 1Next VVSG Training Voting devices must speak (produce records) using a commonly understood language,

TGDC Meeting, Jan 2011 Help America Vote Act (HAVA) Roadmap Nelson Hastings National Institute of Standards and Technology

TGDC Meeting, July 2010 Report on Logging Requirements in VVSG 2.0 Nelson Hastings National Institute of Standards and Technology

Next VVSG Training Standards 101 October 15-17, 2007 Mark Skall National Institute of Standards and Technology

State of Georgia Release Management Training

The VVSG Version 1.1 Overview Matthew Masterson Election Assistance Commission

CABLING SYSTEM WARRANTY REGISTRATION. PURPOSE OF CABLING REGISTRATION.

Project management Topic 8 Configuration Management.

SwCDR (Peer) Review 1 UCB MAVEN Particles and Fields Flight Software Critical Design Review Peter R. Harvey.

Verification vs. Validation Verification: "Are we building the product right?" The software should conform to its specification.The software should conform.

1 DEPLOYMENT AND OPERATIONS MODULE 23 ECM SPECIALIST COURSE 1 Copyright AIIM.

The VVSG 2005 Revision Overview EAC Standards Board Meeting February 26-27, 2009 John P. Wack NIST Voting Program National Institute.

 Introduction  History  What is Digital Signature  Why Digital Signature  Basic Requirements  How the Technology Works  Approaches.

Introduction for the Implementation of Software Configuration Management I thought I knew it all !

Security SIG in MTS 05th November 2013 DEG/MTS RISK-BASED SECURITY TESTING Fraunhofer FOKUS.

Release Management Release Management.

Description of Revision

Use of Oregon Statewide Electronic Records Management Systems (ERMS) Price & Services Agreements (PSA) DAS SPO Representative Lena Ferris DAS EISPD Representatives.

Demystifying the Independent Test Authority (ITA)

Demystifying the Independent Test Authority (ITA)

Demystifying the Independent Test Authority (ITA)

Chapter 11: Software Configuration Management

PSS verification and validation

Presentation transcript:

Next VVSG Training Security: Testing Requirements October 15-17, 2007 Nelson Hastings Alicia Clay Jones National Institute of Standards and Technology

Oct 15-17, 2007Next VVSG TrainingPage 2 Agenda Review of security related part of Chapter 2: Conformity Assessment Process Review of Section 5.5 Open Ended Vulnerability Testing (OEVT)

Oct 15-17, 2007Next VVSG TrainingPage 3 Chapter 2: Conformity Assessment Process Section 2.4.3: Initial System Build by Test Lab Section 2.4.4: Unmodified COTS Verification Section : Voting System Software Version Section 2.6.2: Software Distribution Requirements for Repositories, Test Labs, and Manufacturers

Oct 15-17, 2007Next VVSG TrainingPage Initial Build by Test Lab The process used by test labs to build of voting system software Known as the “witness build” or “trusted build” in previous standards Based on the “Testing and Certification Program Manual” from the EAC

Oct 15-17, 2007Next VVSG TrainingPage 5 Performed by lab personnel and witnessed by manufacturer personnel Two step process Establishment of build environment used to create voting system software Build of voting system software using established build environment Initial build of software Update of previously built software Initial Build by Test Lab

Oct 15-17, 2007Next VVSG TrainingPage 6 Build environment establishment TDP contains procedures used to establish build environment Hardware and software from open market Digital signature verification of software Preparation of erasable storage media The procedures used to establish build environment documented Digitally signed binary image of build environment placed on unalterable media Initial Build by Test Lab

Oct 15-17, 2007Next VVSG TrainingPage 7 Initial build of voting system software TDP contains the procedures used to build software Digitally signed software provided by manufacturers Digital signature verification of software before use The procedures used to build software documented Digitally signed binary image of build environment and built software placed on unalterable media Initial Build by Test Lab

Oct 15-17, 2007Next VVSG TrainingPage 8 Update of previously built software Establish the build environment and previously built software from unalterable media Preparation of erasable storage media Digital signature verification of build environment and software The procedures used to establish build environment documented Initial Build by Test Lab

Oct 15-17, 2007Next VVSG TrainingPage 9 Place update source code onto the build environment Digital signature verification of updated software Build software based on procedures found in TDP The procedures used to build software documented Digitally signed binary image of build environment and built software placed on unalterable media Initial Build by Test Lab

Oct 15-17, 2007Next VVSG TrainingPage Unmodified COTS Verification The process used by test labs to verify COTS products have not been modified Manufactures provide documented procedures to assemble and configure COTS products used in voting systems Test labs obtain COTS products from the open market

Oct 15-17, 2007Next VVSG TrainingPage Unmodified COTS Verification Test labs assemble and configure COTS products into the voting system Witnessed by manufacturer personnel The procedures used assemble and configure COTS into voting system documented

Oct 15-17, 2007Next VVSG TrainingPage Voting System Software Version Identifies the version of the voting system software to be used as part of voting system recommended for certification If no updates or modifications occurs since the initial test lab build, use the initial build When updates and modifications have occurred since the initial build, perform a final test lab build

Oct 15-17, 2007Next VVSG TrainingPage Software Distribution Requirements for repositories, test labs, and manufacturers Could be used by jurisdictions Traceability of software to a master software distribution package stored on unalterable media Records related to the creation of master copies and copies derived from a master copy

Oct 15-17, 2007Next VVSG TrainingPage Software Distribution Characteristics of software distribution packages Human readable file containing information (name, manufacturer, version, etc.) about each piece of software in the package Digital signatures for each piece of software in the package Labeling and digital signature requirements for each piece of physical media of a software distribution package

Oct 15-17, 2007Next VVSG TrainingPage Software Distribution Repository requirements Publicly documented process to request copies of software distribution packages Receive software from test labs, national certification authorities, and jurisdictions Digital signature validation before using software to create software distribution package master copies

Oct 15-17, 2007Next VVSG TrainingPage Software Distribution Three types of repositories Notary repositories distribute integrity information of software Escrow repositories hold software until formally requested Distribution repositories provide software to parties approved by the software owner

Oct 15-17, 2007Next VVSG TrainingPage Software Distribution Test lab requirements Create software distribution package master copies containing Voting system source and executable code Configuration files, installation programs, and third party software Provide copies to manufacturer and designated national repositories including the NSRL Copies of the build environment provided to the manufacturer and designated national repositories including the NSRL

Oct 15-17, 2007Next VVSG TrainingPage Software Distribution Manufacturer requirements Create software distribution package master copies containing Source code of voting system software Configuration files, installation programs, and third party software Provide copies of the software distribution packages as part of the TDP

Oct 15-17, 2007Next VVSG TrainingPage Open Ended Vulnerability Testing (OEVT) What is Opened Ended Vulnerability Testing? What will the test labs actually DO? Why has this been added? How will this help?

Oct 15-17, 2007Next VVSG TrainingPage 20 OEVT is an attempt to... Bypass the security of a system Discover flaws that could be used to change the outcome of an election, interfere with voters’ ability to cast ballots or have their votes counted compromise the secrecy of the vote

Oct 15-17, 2007Next VVSG TrainingPage 21 OEVT is not … A way to prove that a system is secure Bound by a pre-determined test plan

Oct 15-17, 2007Next VVSG TrainingPage 22 The test team will … Figure out how the system works Identify the vulnerabilities – actual and potential Attempt to break-in Requirements in the VVSG and the accompanying testing document → consistent framework

Oct 15-17, 2007Next VVSG TrainingPage Open ended vulnerability testing Scope and Priorities Resources and level of effort Rules of Engagement Fail Criteria Reporting requirements

Oct 15-17, 2007Next VVSG TrainingPage 24 Scope and priorities Voting system and manufacturer supplied use procedures Focus on major flaws Plausible threat scenarios

Oct 15-17, 2007Next VVSG TrainingPage 25 Resources and level of effort Security and election management experts Voting device, TDP, user documentation Available test data

Oct 15-17, 2007Next VVSG TrainingPage 26 Rules of engagement Process model with plausible threats Description of implemented system Description of how significant threats are addressed

Oct 15-17, 2007Next VVSG TrainingPage 27 Fail criteria Violation of VVSG requirements Inadequate means to mitigate significant, known threat Critical flaw

Oct 15-17, 2007Next VVSG TrainingPage 28 Reporting requirements All information associated with test Threat scenarios considered Threat scenarios identified but ignored Discussion of remaining vulnerabilities Team qualifications and each individuals’ level of effort

Oct 15-17, 2007Next VVSG TrainingPage 29 By adding OEVT … Labs may catch unanticipated design or implementation vulnerabilities Efficiency may improve for testing certain requirements Paperless IVVR systems may have fewer new requirements An entry point is created for “new” architectures