top - download
⟦c83969cdf⟧ Wang Wps File
Length: 7175 (0x1c07)
Types: Wang Wps File
Notes: MOM Nr. 44
Names: »5019A «
Derivation
└─⟦27551141f⟧ Bits:30006195 8" Wang WCS floppy, CR 0468A
└─ ⟦this⟧ »5019A «
WangText
…02…
…02…JAL/840607…02……02…#
MINUTES OF MEETING NO. 44
…02……02…CAMPS
CR/SHAPE
840607 44 CR
A/S
Penetration Test Pre-Meeting 840604
-
840607
held at Christian Rovsing
A/S
S̲H̲A̲P̲E̲
A. Jeavons Jan Lauridsen KNN
D.A. Gardiner Ole Kragh Hansen URH
J.P. Lohisse QA
GQAR
T̲R̲W̲
G. Short
S̲E̲C̲A̲N̲
C.D. Buzzanca
1. S̲Y̲S̲T̲E̲M̲ ̲G̲E̲N̲E̲R̲A̲T̲I̲O̲N̲
A walkthrough of the system generation
procedure was done with emphasis on the
flow for generation of a bootmodule.
The parameters and values for the current
baseline were presented i.e. Templates,
PPS-files, CPS-Prefixes.
The sequence of events and checksums
in bootloading the CAMPS system was explained.
The absence of utilities for operational
sites to provide detailed documentation
for system errors was of concern to SHAPE.
CR agreed to investigate the dump and
trace facilities required by SHAPE. SHAPE
Stated that such files should be classified
'system high'. CR stated that this was
no CAMPS requirement.
2. T̲A̲B̲L̲E̲ ̲G̲E̲N̲E̲R̲A̲T̲I̲O̲N̲
A walkthrough of the flow for generation
of the CAMPS database (TMP-tables) was
performed. The validation activities
and the subsequent creation of files
on the different CAMPS volumes were explained.
SHAPE noted that there was no information
regarding the mechanism for marking the
classification of tables (note the RI
table is NATO RESTRICTED). CR remarked
that this was no CAMPS requirement.
3. F̲O̲R̲M̲A̲T̲ ̲G̲E̲N̲E̲R̲A̲T̲I̲O̲N̲
The procedure and the flow for generation
of format-files were presented.
4. D̲I̲S̲K̲ ̲D̲I̲R̲E̲C̲T̲O̲R̲Y̲ ̲S̲T̲R̲U̲C̲T̲U̲R̲E̲
The CAMPS file structure was explained
in details and a listings of directories
of the CAMPS volumes shown.
5. C̲A̲M̲P̲S̲ ̲M̲E̲S̲S̲A̲G̲E̲ ̲F̲L̲O̲W̲
A detailed walkthrough of the message
flow for the various types of messages
was performed. Based on the CAMPS Interface
Control Document it was explained, when,
where, and how audit logging was done.
Security checks on classfication and
Special Handling was explained throughout
the message flow. It was further explained,
which software component was able to
change the security profiles.
Use of security levels and trusted flags
were explained.
6. P̲A̲S̲S̲W̲O̲R̲D̲S̲ ̲A̲N̲D̲ ̲P̲E̲R̲M̲I̲S̲S̲I̲V̲E̲ ̲E̲N̲T̲R̲Y̲ ̲C̲O̲D̲E̲ ̲(̲P̲E̲C̲)̲
It was explained how passwords and PEC
could be changed. SHAPE noted that the
password-file should be classified as
'system high'. CR remarked that this
was no CAMPS requirement.
7. D̲I̲S̲A̲B̲L̲E̲ ̲E̲Q̲U̲I̲P̲M̲E̲N̲T̲/̲P̲R̲O̲C̲E̲S̲S̲E̲S̲
It was explained how to disable a
- Disk
- Printer
- Channel
- Terminal
- Processor
- Software Process
8. L̲A̲B̲E̲L̲L̲I̲N̲G̲ ̲O̲F̲ ̲O̲U̲T̲P̲U̲T̲
TRW mentioned that printout of tables
should have a security header. CR remarked
that security headers on tables print
was not a CAMPS requirement.
TRW mentioned that the special handling
designator (SHD) Atomal should be part
of header and bottom, when this SHD is
applicable. CR mentioned that printout
of SHDs on output was no CAMPS requirement.
SHAPE emphasized that security markings
are a requirement to gaining accreditation
and refered to the ACE security requirements.
(ACE DIR 70-1 and SRS para 3.2.3.7.2c
specifies the requirements for printed
output). For all hard copy output including
supervisor requested prints, and other
documents appearing on the supervisor
printers. CR remarked, that document
accounting was only required for message
and table print. CR required that ACE
DIR 70-1 is no applicable CAMPS requirement.
9. L̲T̲U̲X̲ ̲A̲N̲D̲ ̲L̲T̲U̲
TRW did not indicate areas of concern
for the LTUX-firmware and LTU-firmware.
10. S̲O̲F̲T̲W̲A̲R̲E̲ ̲C̲H̲A̲N̲G̲E̲S̲
It was agreed that the baseline for the
penetration test is the CAMPS system,
which satisfies the In-Plant Software
test. Possible deficiencies shall not
be corrected before the penetration test.
The next baseline is the system to be
used for the operational test, and this
baseline may include corrections for
deficiencies if so agreed between SHAPE
and CR via a Configuration Control Board.
11. C̲O̲N̲F̲I̲G̲U̲R̲A̲T̲I̲O̲N̲ ̲M̲A̲N̲A̲G̲E̲M̲E̲N̲T̲
It was agreed that the configuration
management procedures addressed in CAMPS
Minutes of Meting No. 43 were satisfactory.
12. S̲O̲F̲T̲W̲A̲R̲E̲ ̲C̲H̲A̲N̲G̲E̲S̲
A walkthrough but no detailed analysis
of Problem Reports and software changes
since November 1984 were done. No areas
of concern were mentined.
13. P̲E̲N̲E̲T̲R̲A̲T̲I̲O̲N̲ ̲T̲E̲S̲T̲ ̲A̲C̲T̲I̲V̲I̲T̲I̲E̲S̲
TRW expect support to the penetration
test activities as follows:
a) P̲r̲e̲p̲a̲r̲a̲t̲i̲o̲n̲ ̲o̲f̲ ̲M̲e̲s̲s̲a̲g̲e̲s̲
Messages (approx. 300) to be entered
into the Transport Test Drive System
(TRS-TDS). This activity will be
performed by TRW and/or SHAPE.
A CAMPS development system shall
be available before start of the
penetration test.
b) O̲p̲e̲r̲a̲t̲i̲o̲n̲ ̲o̲f̲ ̲T̲e̲s̲t̲ ̲D̲r̲i̲v̲e̲ ̲S̲y̲s̲t̲e̲m̲
1 person allocated to operate the
TRS ̲TDS. SHAPE will allocated personel.
c) O̲u̲t̲p̲u̲t̲ ̲A̲n̲a̲l̲y̲s̲e̲r̲s̲
1 person to assist in analyses of
DUMP and TRACE. SHAPE requested CR
to make 1 SW-engineer available:
d) O̲p̲e̲r̲a̲t̲i̲o̲n̲ ̲o̲f̲ ̲C̲A̲M̲P̲S̲ ̲U̲n̲d̲e̲r̲ ̲T̲e̲s̲t̲
No assistance.
e) T̲R̲S̲-̲T̲D̲S̲ ̲M̲o̲d̲i̲f̲i̲c̲a̲t̲i̲o̲n̲s̲
Modification of TRS-TDS to off-load
outgoing and incoming messages. SHAPE
requested CR to evaluate contractual
and technical impact allocated with
this modification.
f) O̲f̲f̲-̲L̲i̲n̲e̲ ̲D̲e̲v̲e̲l̲o̲p̲m̲e̲n̲t̲ ̲S̲y̲s̲t̲e̲m̲
Provide a Development System at CR
with capabilities to support TOS
and PASCAL and a disk drive to read
CAMPS off-line volume by means of
a PASCAL-program without using CAMPS
functions. SHAPE requested CR to
evaluate and confirm under which
condition the system will be made
available.
g) I̲n̲t̲e̲g̲r̲i̲t̲y̲ ̲V̲e̲r̲i̲f̲i̲c̲a̲t̲i̲o̲n̲ ̲P̲r̲o̲g̲r̲a̲m̲
A PASCAL program to compare CAMPS
off-line volumes containing messages
outgoing from TRS-TDS and incoming
to TRS-TDS respectively. This program
will be developed and executed by
TRW.
h) D̲u̲r̲a̲t̲i̲o̲n̲ ̲o̲f̲ ̲t̲h̲e̲ ̲P̲e̲n̲e̲t̲r̲a̲t̲i̲o̲n̲ ̲T̲e̲s̲t̲
2 weeks are estimated by TRW.
i) C̲o̲n̲f̲i̲g̲u̲r̲a̲t̲i̲o̲n̲
The configuration for the penetration
test is equivalent to the configuration
for the CAMPS In-Plant SW Test. The
software baseline is the baseline,
which passes the In-Plant SW Test.
j) C̲R̲ ̲A̲c̲t̲i̲v̲i̲t̲i̲e̲s̲
The CR activities and equipment requested
by SHAPE will be quoted by CR and
negotiated between SHAPE and CR.
14. I̲M̲P̲L̲E̲M̲E̲N̲T̲A̲T̲I̲O̲N̲ ̲O̲F̲ ̲S̲E̲C̲U̲R̲I̲T̲Y̲ ̲P̲O̲L̲I̲C̲Y̲
A list of security features and TRW's
respective comments on their implementaion
on CAMPS was handed over.
The impact on the accreditation of CAMPS
and possible changes to be requested
by SHAPE will be treated separately.
15. I̲N̲T̲E̲G̲R̲I̲T̲Y̲ ̲T̲E̲S̲T̲ ̲P̲R̲O̲G̲R̲A̲M̲
In order to support TRW in the preparation
of this program, CR explained the layout
of the CAMPS off-line volume and how
to prepare message files for the stimulator
(which is part of the TRS-TDS).
16. H̲A̲N̲D̲S̲-̲O̲N̲ ̲E̲X̲P̲E̲R̲I̲E̲N̲C̲E̲
TRW was given hands-on experience on
a CAMPS system.
