skip to main content
research-article
Public Access

Iterative Analysis to Improve Key Properties of Critical Human-Intensive Processes: An Election Security Example

Published:15 March 2017Publication History
Skip Abstract Section

Abstract

In this article, we present an approach for systematically improving complex processes, especially those involving human agents, hardware devices, and software systems. We illustrate the utility of this approach by applying it to part of an election process and show how it can improve the security and correctness of that subprocess. We use the Little-JIL process definition language to create a precise and detailed definition of the process. Given this process definition, we use two forms of automated analysis to explore whether specified key properties, such as security and safety policies, can be undermined. First, we use model checking to identify process execution sequences that fail to conform to event-sequence properties. After these are addressed, we apply fault tree analysis to identify when the misperformance of steps might allow undesirable outcomes, such as security breaches. The results of these analyses can provide assurance about the process; suggest areas for improvement; and, when applied to a modified process definition, evaluate proposed changes.

References

  1. Claudia Z. Acemyan, Philip Kortum, Michael D. Byrne, and Dan S. Wallach. 2014. Usability of voter verifiable, end-to-end voting systems: Baseline data for Helios, prêt à voter, and scantegrity II. USENIX Journal of Election Technology and Systems 2, 3, 26--56.Google ScholarGoogle Scholar
  2. Claudia Z. Acemyan, Philip Kortum, Michael D. Byrne, and Dan S. Wallach. 2015. From error to error: Why voters could not cast a ballot and verify their vote with Helios, prêt à voter, and scantegrity II. USENIX Journal of Election Technology and Systems 3, 2, 1--25.Google ScholarGoogle Scholar
  3. Ben Adida, Olivier de Marneffe, Olivier Pereira, and Jean-Jacques Quisquater. 2011. Electing a university president using open-audit voting: Analysis of real-world use of Helios. In Proceedings of the 2011 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Ilkay Altintas, Chad Berkley, Efrat Jaeger, Matthew Jones, Bertram Ludäscher, and Steve Mock. 2004. Kepler: An extensible system for design and execution of scientific workflows. In Proceedings of the 16th International Conference on Scientific and Statistical Database Management (SSDBM’04). IEEE, Los Alamitos, CA, 423. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Tigran Antonyan, Seda Davtyan, Sotirios Kentros, Aggelos Kiayias, Laurent Michel, Nicolas Nicolaou, Alexander Russell, and Alexander A. Shvartsman. 2009. State-wide elections, optical scan voting systems, and the pursuit of integrity. IEEE Transactions on Information Forensics and Security 4, 4, 597--610. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Alessandro Armando and Serena Elisa Ponta. 2009. Model checking of security-sensitive business processes. In Formal Aspects in Security and Trust. Lecture Notes in Computer Science, Vol. 5983. Springer, 66--80. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. George S. Avrunin, Lori A. Clarke, Elizabeth A. Henneman, and Leon J. Osterweil. 2006. Complex medical processes as context for embedded systems. ACM SIGBED Review 3, 4, 9--14. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. George S. Avrunin, Lori A. Clarke, Leon J. Osterweil, Stefan C. Christov, Bin Chen, Elizabeth A. Henneman, Philip L. Henneman, Lucinda Cassells, and Wilson Mertens. 2010. Experience modeling and analyzing medical processes: UMass/Baystate medical safety project overview. In Proceedings of the 1st ACM International Health Informatics Symposium. ACM, New York, NY, 316--325. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Christel Baier and Joost-Pieter Katoen. 2008. Principles of Model Checking. MIT Press, Cambridge, MA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Earl Barr, Matt Bishop, and Mark Gondree. 2007. Fixing federal e-voting standards. Communications of the ACM 50, 3, 19--24. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Matt Bishop. 2007. Overview of Red Team Reports. Technical Report. Office of the Secretary of State of California, Sacramento, CA.Google ScholarGoogle Scholar
  12. Matt Bishop, Heather M. Conboy, Huong Phan, Borislava I. Simidchieva, George S. Avrunin, Lori A. Clarke, Leon J. Osterweil, and Sean Peisert. 2014. Insider threat identification by process analysis. In Proceedings of the 2014 IEEE Workshop on Research in Insider Threats. IEEE, Los Alamitos, CA, 251--264. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Matt Bishop, Sophie Engle, Sean Peisert, Sean Whalen, and Carrie Gates. 2008. We have met the enemy and he is us. In Proceedings of the 2008 New Security Paradigms Workshop (NSPW’08). ACM, New York, NY, 1--12. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Matt Bishop, Sean Peisert, Candice Hoke, Mark Graff, and David Jefferson. 2009. E-voting and forensics: Prying open the black box. In Proceedings of the 2009 Electronic Voting Technology Workshop/Workshop on Trustworthy Computing. 3:1--3:20. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Brennan Center Task Force on Voting System Security. 2006. The Machinery of Democracy: Protecting Elections in an Electronic World. Brennan Center for Justice, New York, NY.Google ScholarGoogle Scholar
  16. Phillip J. Brooke and Richard F. Paige. 2003. Fault trees for security system design and analysis. Computers and Security 22, 3, 256--264. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Jennifer L. Brunner. 2007. Project EVEREST: Evaluation and Validation of Election-Related Equipment, Standards, and Testing. Office of the Ohio Secretary of State, Columbus, OH.Google ScholarGoogle Scholar
  18. Aaron G. Cass, Barbara Staudt Lerner, Eric K. McCall, Leon J. Osterweil, Stanley M. Sutton Jr., and Alexander Wise. 2000. Little-JIL/Juliette: A process definition language and interpreter. In Proceedings of the 22nd International Conference on Software Engineering. ACM, New York, NY, 754--757. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. David Chaum, Richard Carback, Jeremy Clark, Aleksander Essex, Stefan Popoveniuc, Ronald L. Rivest, Peter Y. A. Ryan, Emily Shen, and Alan T. Sherman. 2008. Scantegrity II: End-to-end verifiability for optical scan election systems using invisible ink confirmation codes. In Proceedings of the 2008 USENIX/ACCURATE Electronic Voting Technology Workshop. 14:1--14:13. https://www.usenix.org/legacy/events/evt08/tech/full_papers/chaum/chaum.pdf. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Bin Chen. 2010. Improving Processes Using Static Analysis Techniques. Ph.D. Dissertation. University of Massachusetts Amherst. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Bin Chen, George S. Avrunin, Elizabeth A. Henneman, Lori A. Clarke, Leon J. Osterweil, and Philip L. Henneman. 2008. Analyzing medical processes. In Proceedings of the 30th International Conference on Software Engineering. ACM, New York, NY, 623--632. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Edmund M. Clarke, Jr., Orna Grumberg, and Doron A. Peled. 2000. Model Checking. MIT Press, Cambridge, MA.Google ScholarGoogle Scholar
  23. Lori A. Clarke, George A. Avrunin, and Leon J. Osterweil. 2008. Using software engineering technology to improve the quality of medical processes. In Companion of the 30th International Conference on Software Engineering (ICSE Companion’08). ACM, New York, NY, 889--898. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Rachel L. Cobleigh, George S. Avrunin, and Lori A. Clarke. 2006. User guidance for creating precise and accessible property specifications. In Proceedings of the 14th ACM SIGSOFT Symposium on the Foundations of Software Engineering. ACM, New York, NY, 208--218. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Bill Curtis, Marc I. Kellner, and Jim Over. 1992. Process modeling. Communications of the ACM 35, 9, 75--90. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. W. Edwards Deming. 1982. Out of the Crisis. MIT Press, Cambridge, MA.Google ScholarGoogle Scholar
  27. Rayna Dimitrova, Bernd Finkbeiner, Máté Kovács, Markus N. Rabe, and Helmut Seidl. 2012. Model checking information flow in reactive systems. In Verification, Model Checking, and Abstract Interpretation. Lecture Notes in Computer Science, Vol. 7148. Springer Berlin Heidelberg, Berlin, Germany, 169--185. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Matthew B. Dwyer, George S. Avrunin, and James C. Corbett. 1999. Patterns in property specifications for finite-state verification. In Proceedings of the 21st International Conference on Software Engineering. ACM, New York, NY, 411--420. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Matthew B. Dwyer, Lori A. Clarke, Jamieson M. Cobleigh, and Gleb Naumovich. 2004. Flow analysis for verifying properties of concurrent software systems. ACM Transactions on Software Engineering and Methodology 13, 4, 359--430. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Election Assistance Commission. 2005. 2005 Voluntary Voting Systems Guidelines. Election Assistance Commission, Washington, DC.Google ScholarGoogle Scholar
  31. Election Assistance Commission. 2010. Election Management Guidelines. Election Assistance Commission, Washington, DC.Google ScholarGoogle Scholar
  32. Aaron M. Ellison, Leon J. Osterweil, Lori Clarke, Julian L. Hadley, Alexander Wise, Emery Boose, David R. Foster, et al. 2006. Analytic webs support the synthesis of ecological data sets. Ecology 87, 6, 1345--1358.Google ScholarGoogle ScholarCross RefCross Ref
  33. Clifton A. Ericson II. 1999. Fault tree analysis—a history. In Proceedings of the 17th International System Safety Conference. 1--9.Google ScholarGoogle Scholar
  34. Federal Election Commission. 1990. Performance and Test Standards for Punchcards, Marksense, and Direct Recording Electronic Voting Systems. Federal Election Commission, Washington, DC.Google ScholarGoogle Scholar
  35. Federal Election Commission. 2002. Voting Systems Standards. Federal Election Commission, Washington, DC.Google ScholarGoogle Scholar
  36. M. A. Friedman. 1993. Automated software fault-tree analysis of pascal programs. In Proceedings of the 1993 Annual Symposium on Reliability and Maintainability. IEEE, Los Alamitos, CA, 458--461.Google ScholarGoogle ScholarCross RefCross Ref
  37. Diimitrios Georgakopoulos, Mark Hornick, and Amit Sheth. 1995. An overview of workflow management: From process modeling to workflow automation infrastructure. Distributed and Parallel Databases 3, 2, 119--153. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Joseph Lorenzo Hall. 2008. Improving the security, transparency and efficiency of California’s 1% manual tally procedures. In Proceedings of the 2008 USENIX/ACCURATE Electronic Voting Technology Workshop (EVT’08). 1--12. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Joseph Lorenzo Hall, Emily Barabas, Gregory Shapiro, Coye Cheshire, and Deirdre K. Mulligan. 2012. Probing the front lines: Pollworker perceptions of security and privacy. In Proceedings of the 2012 Workshop on Electronic Voting Technology/Workshop on Trustworthy Elections. 2:1--2:15. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Joseph Lorenzo Hall, Luke W. Miratrix, Philip B. Stark, Melvin Briones, Elaine Ginnold, Freddie Oakley, Martin Peaden, Gail Pellerin, Tom Stanionis, and Tricia Webber. 2009. Implementing risk-limiting post-election audits in California. In Proceedings of the 2009 Electronic Voting Technology Workshop/Workshop on Trustworthy Computing. 19:1--19:24. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Mario Heiderich, Tilman Frosch, Marcus Niemietz, and Jörg Schwenk. 2011. The bug that made me president: A browser-- and Web-security case study on Helios voting. In E-Voting and Identity. Lection Notes in Computer Science, Vol. 7187. Springer, 89--103. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Guy Helmer, Johnny Wong, Mark Slagell, Vasant Honavar, Les Miller, and Robyn Lutz. 2002. A software fault tree approach to requirements analysis of an intrusion detection system. Requirements Engineering 7, 4, 207--220.Google ScholarGoogle ScholarCross RefCross Ref
  43. Elizabeth A. Henneman, George S. Avrunin, Lori A. Clarke, Leon J. Osterweil, Chester Andrzejewski Jr., Karen Merrigan, Rachel Cobleigh, Kimberly Frederick, Ethan Katz-Bassett, and Philip L. Henneman. 2007. Increasing patient safety and efficiency in transfusion therapy using formal process definitions. Transfusion Medicine Reviews 21, 1, 49--57.Google ScholarGoogle ScholarCross RefCross Ref
  44. L. Howard Holley and Barry K. Rosen. 1980. Qualified data flow problems. In Proceedings of the 7th ACM SIGPLAN-SIGACT Symposium on Principles of Programming languages. ACM, New York, NY, 68--82. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Jeffrey Hunker and Christian W. Probst. 2011. Insiders and insider threats—an overview of definitions and mitigation techniques. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications 2, 1, 4--27.Google ScholarGoogle Scholar
  46. William A. Hyman and Erin Johnson. 2008. Fault tree analysis of clinical alarms. Journal of Clinical Engineering 33, 2, 85--94.Google ScholarGoogle ScholarCross RefCross Ref
  47. Radu Iosif, Matthew B. Dwyer, and John Hatcliff. 2005. Translating Java for multiple model checkers: The Bandera back end. Formal Methods in System Design 26, 2, 137--180. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Fatih Karayumak, Michaela Kauer, Maina Olembo, Tobias Volk, and Melanie Volkamer. 2011a. User study of the improved Helios voting system interfaces. In Proceedings of the 1st Workshop on Socio-Technical Aspects in Security and Trust. IEEE, Los Alamitos, CA, 37--44.Google ScholarGoogle ScholarCross RefCross Ref
  49. Fatih Karayumak, Maina Olembo, Michaela Kauer, and Melanie Volkamer. 2011b. Usability analysis of Helios—an open source verifiable remote electronic voting system. In Proceedings of the 2011 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. Tadayoshi Kohno, Adam Stubblefield, Aviel D. Rubin, and Dan S. Wallach. 2004. Analysis of an electronic voting system. In Proceedings of the 2004 IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 27--40.Google ScholarGoogle Scholar
  51. Costas Lambrinoudakis, Vassilis Tsoumas, Maria Karyda, and Spyros Ikonomopoulos. 2003. Secure electronic voting: The current landscape. In Secure Electronic Voting. Advances in Information Security, Vol. 7. Kluwer, Boston, MA, 101--122.Google ScholarGoogle Scholar
  52. Eric Lazarus, David Dill, Jeremy Epstein, and Joseph Lorenzo Hall. 2011. Applying a reusable election threat model at the county level. In Proceedings of the 2011 Conference on Electronic Voting Technology/Workshop on Trustworthy Elections (EVT/WOTE). 1--14. Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. N. G. Leveson, S. S. Cha, and T. J. Shimeall. 1991. Safety verification of Ada programs using software fault trees. IEEE Software 8, 4, 48--59. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. Gavin Lowe. 1996. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In Tools and Algorithms for the Construction and Analysis of Systems. Springer-Verlag, Berlin, Germany, 147--166. Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. Declan McCullagh. 2007. E-Voting Predicament: Not-So-Secret Ballots. Retrieved February 3, 2017, from http://www.cnet.com/news/e-voting-predicament-not-so-secret-ballots/.Google ScholarGoogle Scholar
  56. John P. McDermott. 2001. Attack net penetration testing. In Proceedings of the 2001 Workshop on New Security Paradigms (NSPW’01). ACM, New York, NY, 15--21. Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. Rebecca T. Mercuri and Peter G. Neumann. 2003. Verification for electronic balloting systems. In Secure Electronic Voting. Advances in Information Security, Vol. 7. Kluwer, Boston, MA, 31--42.Google ScholarGoogle Scholar
  58. Shin-ichi Minato. 1996. Binary Decision Diagrams and Applications for VLSI CAD. Kluwer, Boston, MA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. Lilian Mitrou, Dimitris Gritzalis, Sokratis Katsikas, and Gerald Quirchmayr. 2003. Electronic voting: Constitutional and legal requirements, and their technical implications. In Secure Electronic Voting. Advances in Information Security, Vol. 7. Kluwer, Boston, MA, 43--60.Google ScholarGoogle Scholar
  60. A. P. Moore, R. J. Ellison, and R. C. Linger. 2001. Attack Modeling for Information Security and Survivability. Technical Report. Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA.Google ScholarGoogle Scholar
  61. Igor Nai Fovino, Marcelo Masera, and Alessio De Cian. 2009. Integrating cyber attacks within fault trees. Reliability Engineering and System Safety 94, 9, 1394--1402.Google ScholarGoogle ScholarCross RefCross Ref
  62. National Association of Secretaries of State (NASS). 2007. Survey Post Election Audits. Available at http://www.nass.org.Google ScholarGoogle Scholar
  63. Office of the California Secretary of State. 2007. Top to Bottom Review of Electronic Voting Machines. Office of the California Secretary of State, Sacramento, CA.Google ScholarGoogle Scholar
  64. Leon J. Osterweil, George S. Avrunin, Bin Chen, Lori A. Clarke, Rachel Cobleigh, Elizabeth A. Henneman, and Philip L. Henneman. 2007. Engineering medical processes to improve their safety. In Situational Method Engineering: Fundamentals and Experiences. IFIP International Federation for Information Processing, Vol. 244. Springer, Boston, MA, 267--282.Google ScholarGoogle Scholar
  65. G. J. Pai and J. Bechta Dugan. 2002. Automatic synthesis of dynamic fault trees from UML system models. In Proceedings of the 13th International Symposium on Software Reliability Engineering. IEEE, Los Alamitos, CA, 243--254. Google ScholarGoogle ScholarDigital LibraryDigital Library
  66. Sean Peisert. 2007. A Model of Forensic Analysis Using Goal-Oriented Logging. Ph.D. Dissertation. Department of Computer Science and Engineering, University of California, San Diego, CA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  67. Sean Peisert, Matt Bishop, Sidney Karin, and Keith Marzullo. 2007. Toward models for forensic analysis. In Proceedings of the 2nd International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE’07). IEEE, Los Alamitos, CA, 3--15. Google ScholarGoogle ScholarDigital LibraryDigital Library
  68. Shari Lawrence Pfleeger, Joel B. Predd, Jeffrey Hunker, and Carla Bulford. 2010. Insiders behaving badly: Addressing bad actors and their actions. IEEE Transactions on Information Forensics and Security 5, 1, 169--179. Google ScholarGoogle ScholarDigital LibraryDigital Library
  69. Huong Phan, George Avrunin, Matt Bishop, Lori A. Clarke, and Leon J. Osterweil. 2012. A systematic process-model-based approach for synthesizing attacks and evaluating them. In Proceedings of the 2012 USENIX/ACCURATE Electronic Voting Technology Workshop. 10:1--10:16. Google ScholarGoogle ScholarDigital LibraryDigital Library
  70. Cynthia Phillips and Laura Painton Swiler. 1998. A graph-based system for network-vulnerability analysis. In Proceedings of the 1998 New Security Paradigms Workshop. ACM, New York, NY, 71--79. Google ScholarGoogle ScholarDigital LibraryDigital Library
  71. Nayot Poolsapassit and Indrajit Ray. 2007. Investigating computer attacks using attack trees. In Advances in Digital Forensics III. IFIP International Federation for Information Processing, Vol. 242. Springer, Boston, MA, 331--343.Google ScholarGoogle Scholar
  72. Christian W. Probst, Jeffrey Hunker, Dieter Gollmann, and Matt Bishop (Eds.). 2010. Insider Threats in Cyber Security. Advances in Information Security, Vol. 49. Springer, New York, NY. Google ScholarGoogle ScholarDigital LibraryDigital Library
  73. Elliot Proebstel, Sean Riddle, Francis Hsu, Justin Cummins, Freddie Oakley, Tom Stanionis, and Matt Bishop. 2007. An analysis of the Hart Intercivic DAU eSlate. In Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology. 3:1--3:12. Google ScholarGoogle ScholarDigital LibraryDigital Library
  74. RABA Innovative Solution Cell (RiSC). 2004. Trusted Agent Report Diebold AccuVote-TS Voting System. RABA Technologies, Columbia, MD.Google ScholarGoogle Scholar
  75. Mohammad S. Raunak, Bin Chen, Amr Elssamadisy, Lori A. Clarke, and Leon J. Osterweil. 2006. Definition and analysis of election processes. In Software Process Change. Lecture Notes in Computer Science, Vol. 3966. Springer, 178--185. Google ScholarGoogle ScholarDigital LibraryDigital Library
  76. Indrajit Ray and Nayot Poolsapassit. 2005. Using attack trees to identify malicious attacks from authorized insiders. In Computer Security—ESORICS 2005. Lecture Notes in Computer Science, Vol. 3679. Springer, 231--246. Google ScholarGoogle ScholarDigital LibraryDigital Library
  77. Ali M. Rushdi and Omar M. Ba-rukab. 2005. Fault-tree modelling of computer system security. International Journal of Computer Mathematics 82, 7, 805--819.Google ScholarGoogle ScholarCross RefCross Ref
  78. Roy G. Saltman. 2003. Public confidence and auditability in voting systems. In Secure Electronic Voting. Advances in Information Security, Vol. 7. Kluwer, Boston, MA, 31--42.Google ScholarGoogle Scholar
  79. Anandarup Sarkar, Sean Kohler, Sean Riddle, Bertram Ludaescher, and Matt Bishop. 2014. Insider attack identification and prevention using a declarative approach. In Proceedings of the 2014 IEEE Security and Privacy Workshops. IEEE, Los Alamitos, CA, 251--264. Google ScholarGoogle ScholarDigital LibraryDigital Library
  80. Bruce Schneier. 1999. Modeling security threats. Dr. Dobb’s Journal 22, 12, 4--6.Google ScholarGoogle Scholar
  81. Walter A. Shewhart. 1931. Economic Control of Quality of Manufactured Product. D. Van Nostrand Company, New York, NY.Google ScholarGoogle Scholar
  82. Oleg Sheyner, Joshua Haines, Somesh Jha, Richard Lippmann, and Jeannette M. Wing. 2002a. Automated generation and analysis of attack graphs. In Proceedings of the 2002 IEEE Symposium on Security and Privacy. 273--284. Google ScholarGoogle ScholarDigital LibraryDigital Library
  83. Oleg Sheyner, Joshua Haines, Somesh Jha, Richard Lippmann, and Jeannette M. Wing. 2002b. Automated generation and analysis of attack graphs. In Proceedings of the 2002 IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 273--284. Google ScholarGoogle ScholarDigital LibraryDigital Library
  84. Borislava I. Simidchieva, Sophie J. Engle, Michael Clifford, Alicia Clay Jones, Sean Peisert, Matt Bishop, Lori A. Clarke, and Leon J. Osterweil. 2010. Modeling and analyzing faults to improve election process robustness. In Proceedings of the 2010 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (EVT/WOTE’10). 6:1--6:16. Google ScholarGoogle ScholarDigital LibraryDigital Library
  85. Borislava I. Simidchieva, Matthew S. Marzilli, Lori A. Clarke, and Leon J. Osterweil. 2008. Specifying and verifying requirements for election processes. In Proceedings of the International Conference on Digital Government Research. 63--72. Google ScholarGoogle ScholarDigital LibraryDigital Library
  86. John A. Simpson and Edmund S. C. Weiner (Eds.). 1991. The Oxford English Dictionary (2nd ed.). Clarendon Press, Oxford, UK.Google ScholarGoogle Scholar
  87. Rachel L. Smith, George S. Avrunin, Lori A. Clarke, and Leon J. Osterweil. 2002. Propel: An approach supporting property elucidation. In Proceedings of the 24th International Conference on Software Engineering. ACM, New York, NY, 11--21. Google ScholarGoogle ScholarDigital LibraryDigital Library
  88. Drew Springall, Travis Finkenauer, Zakir Durumeric, Jason Kitcat, Harri Hursti, Margaret MacAlpine, and J. Alex Halderman. 2014. Security analysis of the Estonian Internet voting system. In Proceedings of the 23rd ACM Conference on Computer and Communication Security. ACM, New York, NY, 703--715. Google ScholarGoogle ScholarDigital LibraryDigital Library
  89. Technical Guidelines Development Committee (TGDC). 2007. Voluntary Voting System Guidelines Recommendations to the Election Assistance Commission. Technical Report. Technical Guidelines Development Committee, Election Assistance Commission, Washington, DC.Google ScholarGoogle Scholar
  90. Roberto Tiella, Adolfo Villafiorita, and Silvia Tomasi. 2006. Specification of the control logic of an evoting system in UML: The provote experience. In Proceedings of the 5th International Workshop on Critical Systems Development Using Modeling Languages.Google ScholarGoogle Scholar
  91. Verified Voting. 2013. Post Election Audit. Available at https://www.verifiedvoting.org/resources/post-election-audits/.Google ScholarGoogle Scholar
  92. Adolfo Villafiorita, Komminist Weldemariam, and Roberto Tiella. 2009. Development, formal verification, and evaluation of an e-voting system with VVPAT. IEEE Transactions on Information Forensics and Security 4, 4, 651--661. Google ScholarGoogle ScholarDigital LibraryDigital Library
  93. J. R. Ward, M. N. Lyons, S. Barclay, J. Anderson, P. Buckle, and P. J. Clarkson. 2007. Using fault tree analysis (FTA) in healthcare: A case study of repeat prescribing in primary care. In Proceedings of Patient Safety Research: Shaping the European Agenda.Google ScholarGoogle Scholar
  94. Komminist Weldemariam, Richard A. Kemmerer, and Adolfo Villafiorita. 2009. Specification and Analysis of the Electronic Voting Process for the ES8S Voting System. Technical Report. Department of Computer Science, University of California at Santa Barbara, Santa Barbara, CA.Google ScholarGoogle Scholar
  95. Komminist Weldemariam and Adolfo Villafiorita. 2008. Modeling and analysis of procedural security in (e)voting: The Trentino’s approach and experiences. In Proceedings of the 2008 USENIX/ACCURATE Electronic Voting Technology Workshop. 1--10. Google ScholarGoogle ScholarDigital LibraryDigital Library
  96. Oliver Wiegert. 1998. Business Process Modeling and Workflow Definition with UML. SAP AG.Google ScholarGoogle Scholar
  97. Alexander Wise, Aaron G. Cass, Barbara Staudt Lerner, Eric K. McCall, Leon J. Osterweil, and Stanley M. Sutton Jr. 2000. Using Little-JIL to coordinate agents in software engineering. In Proceedings of the 15th IEEE International Conference on Automated Software Engineering. IEEE, Los Alamitos, CA, 155--163. Google ScholarGoogle ScholarDigital LibraryDigital Library
  98. Scott Wolchok, Eric Wustrow, Dawn Isabel, and J. Alex Halderman. 2012. Attacking the Washington, D.C. Internet voting system. In Financial Cryptography and Data Security. Lecture Notes in Computer Science, Vol. 7397. Springer, 114--128.Google ScholarGoogle Scholar
  99. Christian Wolter, Philip Miseldine, and Christoph Meinel. 2009. Verification of business process entailment constraints using SPIN. In Engineering Secure Software and Systems. Lecture Notes in Computer Science, Vol. 5429. Springer, 1--15. Google ScholarGoogle ScholarDigital LibraryDigital Library
  100. Alec Yasinsac, David Wagner, Matt Bishop, Ted Baker, Breno de Medeiros, Gary Tyson, Michael Shamos, and Mike Burmester. 2007. Software Review and Security Analysis of the ES8S iVoteronic 8.0.1.2 Voting Machine Firmware. Security and Assurance in Information Technology Laboratory, Florida State University, Tallahassee, FL.Google ScholarGoogle Scholar
  101. Ka-Ping Yee. 2007. Building Reliable Voting Machine Software. Technical Report EECS-2007-167. Department of Electrical Engineering and Computer Science, University of California at Berkeley, Berkeley, CA.Google ScholarGoogle Scholar
  102. Tao Zhang, Mingzeng Hu, Xiaochun Yun, and Yongzheng Zhang. 2005. Computer vulnerability evaluation using fault tree analysis. In Information Security Practice and Experience. Lecture Notes in Computer Science, Vol. 3439. Springer, 302--313. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Iterative Analysis to Improve Key Properties of Critical Human-Intensive Processes: An Election Security Example

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!