Blockchain Secure Software Assets Management (BloSS@M)

The goal of the Blockchain Secure Software Assets Management (BloSS@M) project is to demonstrate, through a proof of concept application, the applicability of permission-based distributed ledger system to sharing software assets at the US Government level, in support of the President’s Management Agenda (PMA) and the Quality Service Management Offices (QSMO).

The proposed approach allows USG to establish a service for all interested agencies, of leasing software assets for the period of time the asset is needed and return the asset to the pool managed by the USG service.

Such service will allow for:

the upwards aggregation of software assets acquisition at USG level, and
downwards distribution of necessary software assets only for the period of time the asset is in use, sharing and recycling in this way the software assets among different USG departments and agencies.

Additionally, the project aims to demonstrate that the blockchain-based system created to address the PMA meets the Federal Information System Management Act (FISMA) requirements ib an automated fashion.

A large percentage of the assessment and authorization (A&A) process is leveraging the Open Security Controls Assessment Language (OSCAL) to ease the system’s Authorization to Operate (ATO) and to support continuous monitoring process.

The outcome of the BloSS@M project, will be an implementation of a fully decentralized, intrusion-tolerant software assets management system leveraging multiple novel techniques (e.g., permission-based blockchains, SWID tag, NGAC).

The permission-based blockchain system has unique properties, including high throughput and scalability and modular design and implementation.

Project Phases

Phase 1: Implementing the Next Generation Access Control (NGAC) in the chaincode for the Amazon Managed Blockchain.
Phase 2: Implementing A&A automation and continuous Authorization to Operate (ATO) proof of concept.
Phase 3: Implementing a proof of concept for leasing and managing securely software assets.

Repositories

blossom

blossom-chaincode Phase 1 - completed.

blossom-member (currently named blossom-nist-member). Phase 2 - under development.

sam

Project Documentation

BloSS@M Problem Statement and Proposed Solution

Blossom Authorization Chaincode

BloSS@M ATO Process

BloSS@M Asset Channel Design

Project Demo

Demo Documentation

Overview of user account management automation with GitHub Actions

Demo

Contact Us

For questions or suggestions and constructive criticism, please contact the team at: blossom@nist.gov