Presentation is loading. Please wait.

Presentation is loading. Please wait.

Next VVSG Training Security: Testing Requirements October 15-17, 2007 Nelson Hastings Alicia Clay Jones National Institute of Standards and Technology.

Published byStephany Clark Modified over 8 years ago

Similar presentations

Presentation on theme: "Next VVSG Training Security: Testing Requirements October 15-17, 2007 Nelson Hastings Alicia Clay Jones National Institute of Standards and Technology."— Presentation transcript:

1 Next VVSG Training Security: Testing Requirements October 15-17, 2007 Nelson Hastings Alicia Clay Jones National Institute of Standards and Technology nelson.hastings@nist.govnelson.hastings@nist.gov alicia.clay@nist.govalicia.clay@nist.gov

2 Oct 15-17, 2007Next VVSG TrainingPage 2 Agenda Review of security related part of Chapter 2: Conformity Assessment Process Review of Section 5.5 Open Ended Vulnerability Testing (OEVT)

3 Oct 15-17, 2007Next VVSG TrainingPage 3 Chapter 2: Conformity Assessment Process Section 2.4.3: Initial System Build by Test Lab Section 2.4.4: Unmodified COTS Verification Section 2.6.1.1: Voting System Software Version Section 2.6.2: Software Distribution Requirements for Repositories, Test Labs, and Manufacturers

4 Oct 15-17, 2007Next VVSG TrainingPage 4 2.4.3 Initial Build by Test Lab The process used by test labs to build of voting system software Known as the “witness build” or “trusted build” in previous standards Based on the “Testing and Certification Program Manual” from the EAC

5 Oct 15-17, 2007Next VVSG TrainingPage 5 Performed by lab personnel and witnessed by manufacturer personnel Two step process Establishment of build environment used to create voting system software Build of voting system software using established build environment Initial build of software Update of previously built software 2.4.3 Initial Build by Test Lab

6 Oct 15-17, 2007Next VVSG TrainingPage 6 Build environment establishment TDP contains procedures used to establish build environment Hardware and software from open market Digital signature verification of software Preparation of erasable storage media The procedures used to establish build environment documented Digitally signed binary image of build environment placed on unalterable media 2.4.3 Initial Build by Test Lab

7 Oct 15-17, 2007Next VVSG TrainingPage 7 Initial build of voting system software TDP contains the procedures used to build software Digitally signed software provided by manufacturers Digital signature verification of software before use The procedures used to build software documented Digitally signed binary image of build environment and built software placed on unalterable media 2.4.3 Initial Build by Test Lab

8 Oct 15-17, 2007Next VVSG TrainingPage 8 Update of previously built software Establish the build environment and previously built software from unalterable media Preparation of erasable storage media Digital signature verification of build environment and software The procedures used to establish build environment documented 2.4.3 Initial Build by Test Lab

9 Oct 15-17, 2007Next VVSG TrainingPage 9 Place update source code onto the build environment Digital signature verification of updated software Build software based on procedures found in TDP The procedures used to build software documented Digitally signed binary image of build environment and built software placed on unalterable media 2.4.3 Initial Build by Test Lab

10 Oct 15-17, 2007Next VVSG TrainingPage 10 2.4.3.4 Unmodified COTS Verification The process used by test labs to verify COTS products have not been modified Manufactures provide documented procedures to assemble and configure COTS products used in voting systems Test labs obtain COTS products from the open market

11 Oct 15-17, 2007Next VVSG TrainingPage 11 2.4.3.4 Unmodified COTS Verification Test labs assemble and configure COTS products into the voting system Witnessed by manufacturer personnel The procedures used assemble and configure COTS into voting system documented

12 Oct 15-17, 2007Next VVSG TrainingPage 12 2.6.1.1 Voting System Software Version Identifies the version of the voting system software to be used as part of voting system recommended for certification If no updates or modifications occurs since the initial test lab build, use the initial build When updates and modifications have occurred since the initial build, perform a final test lab build

13 Oct 15-17, 2007Next VVSG TrainingPage 13 2.6.2 Software Distribution Requirements for repositories, test labs, and manufacturers Could be used by jurisdictions Traceability of software to a master software distribution package stored on unalterable media Records related to the creation of master copies and copies derived from a master copy

14 Oct 15-17, 2007Next VVSG TrainingPage 14 2.6.2 Software Distribution Characteristics of software distribution packages Human readable file containing information (name, manufacturer, version, etc.) about each piece of software in the package Digital signatures for each piece of software in the package Labeling and digital signature requirements for each piece of physical media of a software distribution package

15 Oct 15-17, 2007Next VVSG TrainingPage 15 2.6.2 Software Distribution Repository requirements Publicly documented process to request copies of software distribution packages Receive software from test labs, national certification authorities, and jurisdictions Digital signature validation before using software to create software distribution package master copies

16 Oct 15-17, 2007Next VVSG TrainingPage 16 2.6.2 Software Distribution Three types of repositories Notary repositories distribute integrity information of software Escrow repositories hold software until formally requested Distribution repositories provide software to parties approved by the software owner

17 Oct 15-17, 2007Next VVSG TrainingPage 17 2.6.2 Software Distribution Test lab requirements Create software distribution package master copies containing Voting system source and executable code Configuration files, installation programs, and third party software Provide copies to manufacturer and designated national repositories including the NSRL Copies of the build environment provided to the manufacturer and designated national repositories including the NSRL

18 Oct 15-17, 2007Next VVSG TrainingPage 18 2.6.2 Software Distribution Manufacturer requirements Create software distribution package master copies containing Source code of voting system software Configuration files, installation programs, and third party software Provide copies of the software distribution packages as part of the TDP

19 Oct 15-17, 2007Next VVSG TrainingPage 19 5.5 Open Ended Vulnerability Testing (OEVT) What is Opened Ended Vulnerability Testing? What will the test labs actually DO? Why has this been added? How will this help?

20 Oct 15-17, 2007Next VVSG TrainingPage 20 OEVT is an attempt to... Bypass the security of a system Discover flaws that could be used to change the outcome of an election, interfere with voters’ ability to cast ballots or have their votes counted compromise the secrecy of the vote

21 Oct 15-17, 2007Next VVSG TrainingPage 21 OEVT is not … A way to prove that a system is secure Bound by a pre-determined test plan

22 Oct 15-17, 2007Next VVSG TrainingPage 22 The test team will … Figure out how the system works Identify the vulnerabilities – actual and potential Attempt to break-in Requirements in the VVSG and the accompanying testing document → consistent framework

23 Oct 15-17, 2007Next VVSG TrainingPage 23 5.4 Open ended vulnerability testing Scope and Priorities Resources and level of effort Rules of Engagement Fail Criteria Reporting requirements

24 Oct 15-17, 2007Next VVSG TrainingPage 24 Scope and priorities Voting system and manufacturer supplied use procedures Focus on major flaws Plausible threat scenarios

25 Oct 15-17, 2007Next VVSG TrainingPage 25 Resources and level of effort Security and election management experts Voting device, TDP, user documentation Available test data

26 Oct 15-17, 2007Next VVSG TrainingPage 26 Rules of engagement Process model with plausible threats Description of implemented system Description of how significant threats are addressed

27 Oct 15-17, 2007Next VVSG TrainingPage 27 Fail criteria Violation of VVSG requirements Inadequate means to mitigate significant, known threat Critical flaw

28 Oct 15-17, 2007Next VVSG TrainingPage 28 Reporting requirements All information associated with test Threat scenarios considered Threat scenarios identified but ignored Discussion of remaining vulnerabilities Team qualifications and each individuals’ level of effort

29 Oct 15-17, 2007Next VVSG TrainingPage 29 By adding OEVT … Labs may catch unanticipated design or implementation vulnerabilities Efficiency may improve for testing certain requirements Paperless IVVR systems may have fewer new requirements An entry point is created for “new” architectures

Download ppt "Next VVSG Training Security: Testing Requirements October 15-17, 2007 Nelson Hastings Alicia Clay Jones National Institute of Standards and Technology."

Similar presentations

Configuration management

Configuration management
PRINCIPLES OF A CALIBRATION MANAGEMENT SYSTEM

PRINCIPLES OF A CALIBRATION MANAGEMENT SYSTEM
Software Quality Assurance Plan

Software Quality Assurance Plan
Safety Software QA at BNL’s Collider-Accelerator Department (C-AD) Accelerator Safety Workshop E. Lessard Collider-Accelerator Department August 12-14,

Safety Software QA at BNL’s Collider-Accelerator Department (C-AD) Accelerator Safety Workshop E. Lessard Collider-Accelerator Department August 12-14,
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL

TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
SE 555 Software Requirements & Specification Requirements Validation.

SE 555 Software Requirements & Specification Requirements Validation.
Iterative development and The Unified process

Iterative development and The Unified process
PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 7 System Design and Implementation System Design and.

PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 7 System Design and Implementation System Design and.
COMP8130 and 4130Adrian Marshall 8130 and 4130 Test Management Adrian Marshall.

COMP8130 and 4130Adrian Marshall 8130 and 4130 Test Management Adrian Marshall.
Configuration Management

Configuration Management
ISO 9000 Certification ISO 9001 and ISO 9000.3.

ISO 9000 Certification ISO 9001 and ISO
Software Configuration Management

Software Configuration Management
Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.

Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.
How the Change Control Process Affects Project Quality

How the Change Control Process Affects Project Quality
Architecture of information systems Document managment system Peter Záhorák.

Architecture of information systems Document managment system Peter Záhorák.
N A managed approach to planning and controlling the implementation of complex application software. n A flexible tool kit, designed to support the Project.

N A managed approach to planning and controlling the implementation of complex application software. n A flexible tool kit, designed to support the Project.
July 9, 2004 www.nsrl.nist.gov 1 National Software Reference Library Douglas White Information Technology Laboratory July 2004.

July 9, National Software Reference Library Douglas White Information Technology Laboratory July 2004.

Similar presentations

Ads by Google