SlideShare a Scribd company logo

Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019

Amazon Web Services
Amazon Web Services

Federal Information Processing Standard (FIPS) 140-2 was published at a time when the full operational environment, from the cryptographic module to the processor, was definable, self-contained, and controlled by a single operator. With the arrival of cloud computing, these basic assumptions are no longer valid. The operational environment is not shippable to a lab, and it is not self-contained. In this session, we describe the opportunities and challenges of bringing FIPS 140 to the cloud. We review the current state and new, automated approaches that are under evaluation at the National Institute of Standards and Technology (NIST).

1 of 48
Download to read offline
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Innovating FIPS crypto validation in the Cloud Alan Halachmi Sr. Manager, Solutions Architecture AWS S E P 3 2 1
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda Context Proposal Status New approaches
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. “ThestructureandtherulesunderwhichtheCAVPandCMVPoperateworkedwell forthelevel ofthetechnologyutilizedbytheFederalGovernmentatthetimewhen theprogramswerecreatedmorethantwodecadesago. Astechnologyhas advancedhowever,thealgorithmandmoduletestingprocessesnolongersatisfy currentday industryandgovernmentoperationalneeds.Testingandvalidationof testresultsareexceedinglylong,wellbeyond typicalproductdevelopmentcycles acrossa widerangeoftechnologies.Becauseofthehumaneffortinvolvedin all stagesofthisprocess,thepossibilityforsubjectivityanderrorsishigh.“ —National Institute of Standards and Technology
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Historical view • FIPS 140-1 issued January 1994 • CAVP and CMVP created mid-1995 • FIPS 140-2 issued May 2001 • Operational environment “A third-party cloud system that provides its own operating environment, such as an operating system and hardware upon which the tester has no control (possible examples are: Amazon Web Services, Microsoft Azure, and Google Cloud) shall not be used.”
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Historical view • FIPS 140-1 issued January 1994 • CAVP and CMVP created mid-1995 • FIPS 140-2 issued May 2001 • Operational environment “A third-party cloud system that provides its own operating environment, such as an operating system and hardware upon which the tester has no control (possible examples are: Amazon Web Services, Microsoft Azure, and Google Cloud) shall not be used.”
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Historical view • FIPS 140-1 issued January 1994 • CAVP and CMVP created mid-1995 • FIPS 140-2 issued May 2001 • Operational environment “A third-party cloud system that provides its own operating environment, such as an operating system and hardware upon which the tester has no control (possible examples are: Amazon Web Services, Microsoft Azure, and Google Cloud) shall not be used.” • Specific valid configuration • Performance of validated modules
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Module validation Step 1: Cryptographic Algorithm Validation Program (CAVP) Step 2: Cryptographic Module Validation Program (CMVP) Step 3: Conformant implementation
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Module Validation Step 1: Cryptographic Algorithm Validation Program Step 2: Cryptographic Module Validation Program Step 3: Conformant implementation https://csrc.nist.gov/CSRC/media/Presentatio ns/Testing-to-FIPS-140-2-Derived-Test- Requirements/images-media/CMVP2606.pdf
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Work to date • Automated Cryptographic Validation Testing (ACVT): Algorithms • Three working groups defined • Algorithms • Modules • Cloud • Starting with algorithms • Pilot started in 2018 • Allows first-party accreditation of the company/organization • All new algorithm submissions must use ACVT program by mid-2020
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Work to date • Automated Cryptographic Validation Testing (ACVT): Algorithms • Three working groups defined • Algorithms • Modules • Cloud • Starting with algorithms • Pilot started in 2018 • Allows first-party accreditation of the company/organization • All new algorithm submissions must use ACVT program by mid-2020
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Tenets for cloud validation • Continuous validation • Shared responsibility • Minimal coordination • Consistent application • Leverage existing investments
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Key terms UserspaceKernelspace Operating environment SCM operating environment Application/user interaction API calls/system calls Consumer Hypervisor Infrastructure as a service (IaaS) Hardware CPU Memory Storage FIPS 140 test harness Execute test routines Software Firm/soft Software Test harness Operating system Customer-provided entities • SCM • Operating system Software cryptographic module Cloud service provider offers: AP IaaS
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Step 1: Submit industry framework certification Submit for certification check with ACVT Hypervisor Hardware CPU Memory Storage Kernelspace Operating environment FedRAMP or similar certified platform Certificate accepted Cloud assurance framework
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Testautomation Security testing Performance testing Functional testing FIPS 140 test harness Execute test routines Hypervisor Hardware Microkernel Code build or other change Deploy change Test results Step 2: Integrate NIST software test harnessCloud assurance framework Constrain scope of testing to relevant service functions
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Submit for ACVT review UserspaceKernelspace Operating environment Operating system OE is validated for SCM FIPS 140 operation Hardware CPU Memory Storage Hypervisor IaaS AP Test harness AP attributes Software cryptographic module Generate DTR evaluation data Deploy SCM Step 3: Validate SCM on operational environmentCloud assurance framework
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud assurance framework: Outcomes • Composeable validation • Continuous validation • Reuse of attestations
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Modules in the cloud • Draft proposal shared with NIST and industry • Agreement on general outlines of the proposal • Detailed guidance underway, including ConOps
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. New validation approaches Proofs: 360 BC → AD 1970s Examples • Euclid: Infinitude of primes • Gödel: Incompleteness theorem • Turing: Entschedungsproblem • … • … • … • … Arguments found by humans and double-checked by humans
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. → 2001 Euclid: Infinitude of primes Gödel: Incompleteness theorem Turing: Entschedungsproblem Four-color theorem Odd-order theorem Automated reasoning in mathematical logic Arguments found by humans and double-checked by machines
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Arguments found by machines and double-checked by machines Automated reasoning in mathematical logic • … • … • Airbus 360 primary flight control software • Bombardier ILLBV950L2 railway interlocking system • Mars Rover data management subsystem • … • … • …
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Arguments found by machines and double-checked by machines • … • … • … • High-confidence device drivers • Memory safety • API usage rules • Termination • … • … • … Automated reasoning in mathematical logic
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Arguments found by machines and double-checked by machines Automated reasoning in mathematical logic • … • … • Key pieces of AWS infrastructure? • Customer solutions built on AWS? • Software cryptographic modules? • … • …
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. A grid of bugs Program states
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. A grid of bugs Program states Granting access to authorized user Processing a transaction
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. A grid of bugs Program states Granting access to authorized user Processing a transaction Granting access to unauthorized user
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Software security as a game
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Defender’s turn: Pick 10 squares Test cases From Development Red teaming Penetration testing …
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Defender’s turn: Fix problems
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Defender’s turn: Fix problems
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Attacker’s turn: Pick 10 (or 20, or…)
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Attacker’s turn: Pick 10 (or 20, or…)
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Attacker advantage • General per-round odds favor attacker Find all orange squares vs. find any orange square • Attacker generally has more time Windows XP is 15 years old now
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Verification/formal methods Cover much more of the state space by discovering and leveraging the underlying structure
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Formal methods: Characterize state 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 i mod 13 = 0 i mod 8 = i div 8
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Formal methods: Characterize state i mod 13 ≠ 0 i mod 8 ≠ i div 8 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Formal methods: Characterize state i mod 13 ≠ 0 i mod 8 ≠ i div 8 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Formal methods: Characterize state i mod 13 ≠ 0 i mod 8 ≠ i div 8 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Verification/formal methods Cover much more of the state space by discovering and leveraging the underlying structure In the limit, can prove that code is correct in all cases Method: Characterize the good behavior and show that this is the only behavior that can occur This is now at a viable cost/benefit point for critical, broadly deployed code
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon s2n: A TLS implementation • Inspired by TLS vulnerabilities discovered by researchers in other implementations • Written with security and performance as primary goals • Drops some arguably insecure/less secure features • Result: Much smaller, clearer, and more auditable code • OpenSSL TLS is 70,000 lines of C code • s2n is only 6,000 • Used in production at Amazon 44
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Continuous integration Proofs run automatically on code changes Proof failure is a build failure Proof is independent of exact C code, and it depends on only Interfaces (arguments and structure layouts) Function call structure Proof is easily adapted Function body changes → likely no proof changes Interface changes → similarly sized proof changes Call structure changes → tiny proof changes
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Proof metrics
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. See all the details in a research paper that was presented at the 30th International Conference on Computer Aided Verification Peer-reviewed paper available
Thank you! © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Alan Halachmi halachmi@amazon.com

Recommended

Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...
Amazon Web Services
 
Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019
Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019 Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019
Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019
Amazon Web Services
 
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...
Amazon Web Services
 
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Amazon Web Services
 
How to act on your security and compliance alerts with AWS Security Hub - FND...
How to act on your security and compliance alerts with AWS Security Hub - FND...How to act on your security and compliance alerts with AWS Security Hub - FND...
How to act on your security and compliance alerts with AWS Security Hub - FND...
Amazon Web Services
 
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Amazon Web Services
 
Protect customer privacy with AWS - GRC351 - AWS re:Inforce 2019
Protect customer privacy with AWS - GRC351 - AWS re:Inforce 2019 Protect customer privacy with AWS - GRC351 - AWS re:Inforce 2019
Protect customer privacy with AWS - GRC351 - AWS re:Inforce 2019
Amazon Web Services
 
New ways to automate compliance verification on AWS using provable security -...
New ways to automate compliance verification on AWS using provable security -...New ways to automate compliance verification on AWS using provable security -...
New ways to automate compliance verification on AWS using provable security -...
Amazon Web Services
 

Recommended

Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...
Amazon Web Services
 
Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019
Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019 Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019
Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019
Amazon Web Services
 
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...
Amazon Web Services
 
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Amazon Web Services
 
How to act on your security and compliance alerts with AWS Security Hub - FND...
How to act on your security and compliance alerts with AWS Security Hub - FND...How to act on your security and compliance alerts with AWS Security Hub - FND...
How to act on your security and compliance alerts with AWS Security Hub - FND...
Amazon Web Services
 
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Amazon Web Services
 
Protect customer privacy with AWS - GRC351 - AWS re:Inforce 2019
Protect customer privacy with AWS - GRC351 - AWS re:Inforce 2019 Protect customer privacy with AWS - GRC351 - AWS re:Inforce 2019
Protect customer privacy with AWS - GRC351 - AWS re:Inforce 2019
Amazon Web Services
 
New ways to automate compliance verification on AWS using provable security -...
New ways to automate compliance verification on AWS using provable security -...New ways to automate compliance verification on AWS using provable security -...
New ways to automate compliance verification on AWS using provable security -...
Amazon Web Services
 
Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019 Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019
Amazon Web Services
 
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Amazon Web Services
 
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...
Amazon Web Services
 
An AWS approach to higher standards of assurance with provable security - FND...
An AWS approach to higher standards of assurance with provable security - FND...An AWS approach to higher standards of assurance with provable security - FND...
An AWS approach to higher standards of assurance with provable security - FND...
Amazon Web Services
 
Design for compliance: Practical patterns for meeting your IT compliance requ...
Design for compliance: Practical patterns for meeting your IT compliance requ...Design for compliance: Practical patterns for meeting your IT compliance requ...
Design for compliance: Practical patterns for meeting your IT compliance requ...
Amazon Web Services
 
Containers and mission-critical applications - SEP309-R - AWS re:Inforce 2019
Containers and mission-critical applications - SEP309-R - AWS re:Inforce 2019 Containers and mission-critical applications - SEP309-R - AWS re:Inforce 2019
Containers and mission-critical applications - SEP309-R - AWS re:Inforce 2019
Amazon Web Services
 
Evolving perimeters with guardrails, not gates: Improving developer agility -...
Evolving perimeters with guardrails, not gates: Improving developer agility -...Evolving perimeters with guardrails, not gates: Improving developer agility -...
Evolving perimeters with guardrails, not gates: Improving developer agility -...
Amazon Web Services
 
Scale permissions management in AWS with attribute-based access control - SDD...
Scale permissions management in AWS with attribute-based access control - SDD...Scale permissions management in AWS with attribute-based access control - SDD...
Scale permissions management in AWS with attribute-based access control - SDD...
Amazon Web Services
 
An open-source adventure in the cloud, containers, and incident response - SE...
An open-source adventure in the cloud, containers, and incident response - SE...An open-source adventure in the cloud, containers, and incident response - SE...
An open-source adventure in the cloud, containers, and incident response - SE...
Amazon Web Services
 
Are you ready for a cloud pentest? AWS re:Inforce 2019
Are you ready for a cloud pentest? AWS re:Inforce 2019Are you ready for a cloud pentest? AWS re:Inforce 2019
Are you ready for a cloud pentest? AWS re:Inforce 2019
Teri Radichel
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Amazon Web Services
 
Hands-on with AWS Security Hub - FND213-R - AWS re:Inforce 2019
Hands-on with AWS Security Hub - FND213-R - AWS re:Inforce 2019 Hands-on with AWS Security Hub - FND213-R - AWS re:Inforce 2019
Hands-on with AWS Security Hub - FND213-R - AWS re:Inforce 2019
Amazon Web Services
 
How Dow Jones uses AWS to create a secure perimeter around its web properties...
How Dow Jones uses AWS to create a secure perimeter around its web properties...How Dow Jones uses AWS to create a secure perimeter around its web properties...
How Dow Jones uses AWS to create a secure perimeter around its web properties...
Amazon Web Services
 
Unify security, compliance, and finance teams with governance at scale - GRC2...
Unify security, compliance, and finance teams with governance at scale - GRC2...Unify security, compliance, and finance teams with governance at scale - GRC2...
Unify security, compliance, and finance teams with governance at scale - GRC2...
Amazon Web Services
 
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019 Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019
Amazon Web Services
 
Securing serverless and container services - SDD306 - AWS re:Inforce 2019
Securing serverless and container services - SDD306 - AWS re:Inforce 2019 Securing serverless and container services - SDD306 - AWS re:Inforce 2019
Securing serverless and container services - SDD306 - AWS re:Inforce 2019
Amazon Web Services
 
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Amazon Web Services
 
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Amazon Web Services
 
Scaling threat detection and response on AWS
Scaling threat detection and response on AWSScaling threat detection and response on AWS
Scaling threat detection and response on AWS
Amazon Web Services
 
Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...
Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...
Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...
Amazon Web Services
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Amazon Web Services
 
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
Amazon Web Services
 

More Related Content

What's hot

Scale permissions management in AWS with attribute-based access control - SDD...
Scale permissions management in AWS with attribute-based access control - SDD...Scale permissions management in AWS with attribute-based access control - SDD...
Scale permissions management in AWS with attribute-based access control - SDD...
Amazon Web Services
 
How Dow Jones uses AWS to create a secure perimeter around its web properties...
How Dow Jones uses AWS to create a secure perimeter around its web properties...How Dow Jones uses AWS to create a secure perimeter around its web properties...
How Dow Jones uses AWS to create a secure perimeter around its web properties...
Amazon Web Services
 
Unify security, compliance, and finance teams with governance at scale - GRC2...
Unify security, compliance, and finance teams with governance at scale - GRC2...Unify security, compliance, and finance teams with governance at scale - GRC2...
Unify security, compliance, and finance teams with governance at scale - GRC2...
Amazon Web Services
 
Securing serverless and container services - SDD306 - AWS re:Inforce 2019
Securing serverless and container services - SDD306 - AWS re:Inforce 2019 Securing serverless and container services - SDD306 - AWS re:Inforce 2019
Securing serverless and container services - SDD306 - AWS re:Inforce 2019
Amazon Web Services
 
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Amazon Web Services
 
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Amazon Web Services
 
Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...
Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...
Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...
Amazon Web Services
 

What's hot (20)

Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019 Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019
 
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
 
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...
 
An AWS approach to higher standards of assurance with provable security - FND...
An AWS approach to higher standards of assurance with provable security - FND...An AWS approach to higher standards of assurance with provable security - FND...
An AWS approach to higher standards of assurance with provable security - FND...
 
Design for compliance: Practical patterns for meeting your IT compliance requ...
Design for compliance: Practical patterns for meeting your IT compliance requ...Design for compliance: Practical patterns for meeting your IT compliance requ...
Design for compliance: Practical patterns for meeting your IT compliance requ...
 
Containers and mission-critical applications - SEP309-R - AWS re:Inforce 2019
Containers and mission-critical applications - SEP309-R - AWS re:Inforce 2019 Containers and mission-critical applications - SEP309-R - AWS re:Inforce 2019
Containers and mission-critical applications - SEP309-R - AWS re:Inforce 2019
 
Evolving perimeters with guardrails, not gates: Improving developer agility -...
Evolving perimeters with guardrails, not gates: Improving developer agility -...Evolving perimeters with guardrails, not gates: Improving developer agility -...
Evolving perimeters with guardrails, not gates: Improving developer agility -...
 
Scale permissions management in AWS with attribute-based access control - SDD...
Scale permissions management in AWS with attribute-based access control - SDD...Scale permissions management in AWS with attribute-based access control - SDD...
Scale permissions management in AWS with attribute-based access control - SDD...
 
An open-source adventure in the cloud, containers, and incident response - SE...
An open-source adventure in the cloud, containers, and incident response - SE...An open-source adventure in the cloud, containers, and incident response - SE...
An open-source adventure in the cloud, containers, and incident response - SE...
 
Are you ready for a cloud pentest? AWS re:Inforce 2019
Are you ready for a cloud pentest? AWS re:Inforce 2019Are you ready for a cloud pentest? AWS re:Inforce 2019
Are you ready for a cloud pentest? AWS re:Inforce 2019
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
 
Hands-on with AWS Security Hub - FND213-R - AWS re:Inforce 2019
Hands-on with AWS Security Hub - FND213-R - AWS re:Inforce 2019 Hands-on with AWS Security Hub - FND213-R - AWS re:Inforce 2019
Hands-on with AWS Security Hub - FND213-R - AWS re:Inforce 2019
 
How Dow Jones uses AWS to create a secure perimeter around its web properties...
How Dow Jones uses AWS to create a secure perimeter around its web properties...How Dow Jones uses AWS to create a secure perimeter around its web properties...
How Dow Jones uses AWS to create a secure perimeter around its web properties...
 
Unify security, compliance, and finance teams with governance at scale - GRC2...
Unify security, compliance, and finance teams with governance at scale - GRC2...Unify security, compliance, and finance teams with governance at scale - GRC2...
Unify security, compliance, and finance teams with governance at scale - GRC2...
 
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019 Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019
 
Securing serverless and container services - SDD306 - AWS re:Inforce 2019
Securing serverless and container services - SDD306 - AWS re:Inforce 2019 Securing serverless and container services - SDD306 - AWS re:Inforce 2019
Securing serverless and container services - SDD306 - AWS re:Inforce 2019
 
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
 
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
 
Scaling threat detection and response on AWS
Scaling threat detection and response on AWSScaling threat detection and response on AWS
Scaling threat detection and response on AWS
 
Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...
Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...
Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...
 

Similar to Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019

Amazon CI/CD Practices for Software Development Teams - SRV320 - Chicago AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Chicago AWS ...Amazon CI/CD Practices for Software Development Teams - SRV320 - Chicago AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Chicago AWS ...
Amazon Web Services
 
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
Amazon Web Services
 
Amazon CI/CD Practices for Software Development Teams - SRV320 - Atlanta AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Atlanta AWS ...Amazon CI/CD Practices for Software Development Teams - SRV320 - Atlanta AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Atlanta AWS ...
Amazon Web Services
 
CICDforModernApplications-Oslo.pdf
CICDforModernApplications-Oslo.pdfCICDforModernApplications-Oslo.pdf
CICDforModernApplications-Oslo.pdf
Amazon Web Services
 
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
Amazon Web Services
 
CICDforModernApplications_Stockholm.pdf
CICDforModernApplications_Stockholm.pdfCICDforModernApplications_Stockholm.pdf
CICDforModernApplications_Stockholm.pdf
Amazon Web Services
 
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
Amazon Web Services
 
DevOps - Moving to DevOps the Amazon Way
DevOps - Moving to DevOps the Amazon WayDevOps - Moving to DevOps the Amazon Way
DevOps - Moving to DevOps the Amazon Way
Amazon Web Services
 
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...
Amazon Web Services
 

Similar to Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019 (20)

Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
 
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWS
 
AWS DevDay Cologne - CI/CD for modern applications
AWS DevDay Cologne - CI/CD for modern applicationsAWS DevDay Cologne - CI/CD for modern applications
AWS DevDay Cologne - CI/CD for modern applications
 
Amazon CI/CD Practices for Software Development Teams - SRV320 - Chicago AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Chicago AWS ...Amazon CI/CD Practices for Software Development Teams - SRV320 - Chicago AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Chicago AWS ...
 
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
 
Amazon CI/CD Practices for Software Development Teams - SRV320 - Atlanta AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Atlanta AWS ...Amazon CI/CD Practices for Software Development Teams - SRV320 - Atlanta AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Atlanta AWS ...
 
CICDforModernApplications-Oslo.pdf
CICDforModernApplications-Oslo.pdfCICDforModernApplications-Oslo.pdf
CICDforModernApplications-Oslo.pdf
 
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
 
CI/CD@Scale
CI/CD@ScaleCI/CD@Scale
CI/CD@Scale
 
Chaos Engineering
Chaos EngineeringChaos Engineering
Chaos Engineering
 
CICDforModernApplications_Stockholm.pdf
CICDforModernApplications_Stockholm.pdfCICDforModernApplications_Stockholm.pdf
CICDforModernApplications_Stockholm.pdf
 
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...
 
CI/CD with AWS Developer Tools and Fargate
CI/CD with AWS Developer Tools and FargateCI/CD with AWS Developer Tools and Fargate
CI/CD with AWS Developer Tools and Fargate
 
DevOps - Moving to DevOps the Amazon Way
DevOps - Moving to DevOps the Amazon WayDevOps - Moving to DevOps the Amazon Way
DevOps - Moving to DevOps the Amazon Way
 
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
 
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
 
CI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day IsraelCI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day Israel
 
CI/CD best practices for building modern applications - MAD302 - Atlanta AWS ...
CI/CD best practices for building modern applications - MAD302 - Atlanta AWS ...CI/CD best practices for building modern applications - MAD302 - Atlanta AWS ...
CI/CD best practices for building modern applications - MAD302 - Atlanta AWS ...
 
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019

  • 1. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Innovating FIPS crypto validation in the Cloud Alan Halachmi Sr. Manager, Solutions Architecture AWS S E P 3 2 1
  • 2. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda Context Proposal Status New approaches
  • 3. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 4. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. “ThestructureandtherulesunderwhichtheCAVPandCMVPoperateworkedwell forthelevel ofthetechnologyutilizedbytheFederalGovernmentatthetimewhen theprogramswerecreatedmorethantwodecadesago. Astechnologyhas advancedhowever,thealgorithmandmoduletestingprocessesnolongersatisfy currentday industryandgovernmentoperationalneeds.Testingandvalidationof testresultsareexceedinglylong,wellbeyond typicalproductdevelopmentcycles acrossa widerangeoftechnologies.Becauseofthehumaneffortinvolvedin all stagesofthisprocess,thepossibilityforsubjectivityanderrorsishigh.“ —National Institute of Standards and Technology
  • 5. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Historical view • FIPS 140-1 issued January 1994 • CAVP and CMVP created mid-1995 • FIPS 140-2 issued May 2001 • Operational environment “A third-party cloud system that provides its own operating environment, such as an operating system and hardware upon which the tester has no control (possible examples are: Amazon Web Services, Microsoft Azure, and Google Cloud) shall not be used.”
  • 6. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Historical view • FIPS 140-1 issued January 1994 • CAVP and CMVP created mid-1995 • FIPS 140-2 issued May 2001 • Operational environment “A third-party cloud system that provides its own operating environment, such as an operating system and hardware upon which the tester has no control (possible examples are: Amazon Web Services, Microsoft Azure, and Google Cloud) shall not be used.”
  • 7. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Historical view • FIPS 140-1 issued January 1994 • CAVP and CMVP created mid-1995 • FIPS 140-2 issued May 2001 • Operational environment “A third-party cloud system that provides its own operating environment, such as an operating system and hardware upon which the tester has no control (possible examples are: Amazon Web Services, Microsoft Azure, and Google Cloud) shall not be used.” • Specific valid configuration • Performance of validated modules
  • 8. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Module validation Step 1: Cryptographic Algorithm Validation Program (CAVP) Step 2: Cryptographic Module Validation Program (CMVP) Step 3: Conformant implementation
  • 9. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Module Validation Step 1: Cryptographic Algorithm Validation Program Step 2: Cryptographic Module Validation Program Step 3: Conformant implementation https://csrc.nist.gov/CSRC/media/Presentatio ns/Testing-to-FIPS-140-2-Derived-Test- Requirements/images-media/CMVP2606.pdf
  • 10. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Work to date • Automated Cryptographic Validation Testing (ACVT): Algorithms • Three working groups defined • Algorithms • Modules • Cloud • Starting with algorithms • Pilot started in 2018 • Allows first-party accreditation of the company/organization • All new algorithm submissions must use ACVT program by mid-2020
  • 11. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Work to date • Automated Cryptographic Validation Testing (ACVT): Algorithms • Three working groups defined • Algorithms • Modules • Cloud • Starting with algorithms • Pilot started in 2018 • Allows first-party accreditation of the company/organization • All new algorithm submissions must use ACVT program by mid-2020
  • 12. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 13. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Tenets for cloud validation • Continuous validation • Shared responsibility • Minimal coordination • Consistent application • Leverage existing investments
  • 14. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Key terms UserspaceKernelspace Operating environment SCM operating environment Application/user interaction API calls/system calls Consumer Hypervisor Infrastructure as a service (IaaS) Hardware CPU Memory Storage FIPS 140 test harness Execute test routines Software Firm/soft Software Test harness Operating system Customer-provided entities • SCM • Operating system Software cryptographic module Cloud service provider offers: AP IaaS
  • 15. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Step 1: Submit industry framework certification Submit for certification check with ACVT Hypervisor Hardware CPU Memory Storage Kernelspace Operating environment FedRAMP or similar certified platform Certificate accepted Cloud assurance framework
  • 16. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Testautomation Security testing Performance testing Functional testing FIPS 140 test harness Execute test routines Hypervisor Hardware Microkernel Code build or other change Deploy change Test results Step 2: Integrate NIST software test harnessCloud assurance framework Constrain scope of testing to relevant service functions
  • 17. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Submit for ACVT review UserspaceKernelspace Operating environment Operating system OE is validated for SCM FIPS 140 operation Hardware CPU Memory Storage Hypervisor IaaS AP Test harness AP attributes Software cryptographic module Generate DTR evaluation data Deploy SCM Step 3: Validate SCM on operational environmentCloud assurance framework
  • 18. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud assurance framework: Outcomes • Composeable validation • Continuous validation • Reuse of attestations
  • 19. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 20. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Modules in the cloud • Draft proposal shared with NIST and industry • Agreement on general outlines of the proposal • Detailed guidance underway, including ConOps
  • 21. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 22. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. New validation approaches Proofs: 360 BC → AD 1970s Examples • Euclid: Infinitude of primes • Gödel: Incompleteness theorem • Turing: Entschedungsproblem • … • … • … • … Arguments found by humans and double-checked by humans
  • 23. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. → 2001 Euclid: Infinitude of primes Gödel: Incompleteness theorem Turing: Entschedungsproblem Four-color theorem Odd-order theorem Automated reasoning in mathematical logic Arguments found by humans and double-checked by machines
  • 24. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Arguments found by machines and double-checked by machines Automated reasoning in mathematical logic • … • … • Airbus 360 primary flight control software • Bombardier ILLBV950L2 railway interlocking system • Mars Rover data management subsystem • … • … • …
  • 25. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Arguments found by machines and double-checked by machines • … • … • … • High-confidence device drivers • Memory safety • API usage rules • Termination • … • … • … Automated reasoning in mathematical logic
  • 26. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Arguments found by machines and double-checked by machines Automated reasoning in mathematical logic • … • … • Key pieces of AWS infrastructure? • Customer solutions built on AWS? • Software cryptographic modules? • … • …
  • 27. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. A grid of bugs Program states
  • 28. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. A grid of bugs Program states Granting access to authorized user Processing a transaction
  • 29. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. A grid of bugs Program states Granting access to authorized user Processing a transaction Granting access to unauthorized user
  • 30. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Software security as a game
  • 31. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Defender’s turn: Pick 10 squares Test cases From Development Red teaming Penetration testing …
  • 32. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Defender’s turn: Fix problems
  • 33. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Defender’s turn: Fix problems
  • 34. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Attacker’s turn: Pick 10 (or 20, or…)
  • 35. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Attacker’s turn: Pick 10 (or 20, or…)
  • 36. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Attacker advantage • General per-round odds favor attacker Find all orange squares vs. find any orange square • Attacker generally has more time Windows XP is 15 years old now
  • 37. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Verification/formal methods Cover much more of the state space by discovering and leveraging the underlying structure
  • 38. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Formal methods: Characterize state 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 i mod 13 = 0 i mod 8 = i div 8
  • 39. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Formal methods: Characterize state i mod 13 ≠ 0 i mod 8 ≠ i div 8 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63
  • 40. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Formal methods: Characterize state i mod 13 ≠ 0 i mod 8 ≠ i div 8 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63
  • 41. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Formal methods: Characterize state i mod 13 ≠ 0 i mod 8 ≠ i div 8 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63
  • 42. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Verification/formal methods Cover much more of the state space by discovering and leveraging the underlying structure In the limit, can prove that code is correct in all cases Method: Characterize the good behavior and show that this is the only behavior that can occur This is now at a viable cost/benefit point for critical, broadly deployed code
  • 43. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 44. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon s2n: A TLS implementation • Inspired by TLS vulnerabilities discovered by researchers in other implementations • Written with security and performance as primary goals • Drops some arguably insecure/less secure features • Result: Much smaller, clearer, and more auditable code • OpenSSL TLS is 70,000 lines of C code • s2n is only 6,000 • Used in production at Amazon 44
  • 45. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Continuous integration Proofs run automatically on code changes Proof failure is a build failure Proof is independent of exact C code, and it depends on only Interfaces (arguments and structure layouts) Function call structure Proof is easily adapted Function body changes → likely no proof changes Interface changes → similarly sized proof changes Call structure changes → tiny proof changes
  • 46. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Proof metrics
  • 47. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. See all the details in a research paper that was presented at the 30th International Conference on Computer Aided Verification Peer-reviewed paper available
  • 48. Thank you! © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Alan Halachmi halachmi@amazon.com