Case Study: OpenSSL 2012 Validation

Abstract

This is a case study of the Federal Information Processing Standards (FIPS) 140-2 validation of the OpenSSL FIPS Object Module that led to certificate #1747 (initially awarded on June 27, 2012). This case study documents what happened during the validation, including identifying lessons learned for future projects. OpenSSL is a cryptographic library available through an open source software (OSS) license. The Defense Advanced Research Projects Agency (DARPA) provided funding for the evaluation of the OpenSSL FIPS module for two platforms in 2011 through 2012. Once DARPA committed to this initial funding, many other organizations (both government and private) joined the evaluation project by providing additional funding. Overall, this demonstrates that when organizations pool their resources, they can achieve far more than any one of them would have been willing to do on its own.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Aug 01, 2013
Accession Number
ADA608189

Entities

People

  • David A. Wheeler

Organizations

  • Institute for Defense Analyses

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Case Studies
  • Central Processing Units
  • Commerce
  • Computers
  • Contracts
  • Cryptography
  • Cybersecurity
  • Department Of Homeland Security
  • Governments
  • Information Processing
  • Instruction Set Architecture
  • Lessons Learned
  • National Governments
  • Open Source Software
  • Operating Systems
  • Standards
  • Test And Evaluation

Fields of Study

  • Computer science

Readers

  • Database Systems and Applications
  • Defense Acquisition Program Management
  • Economics