Abstract
In this article, we present an approach for systematically improving complex processes, especially those involving human agents, hardware devices, and software systems. We illustrate the utility of this approach by applying it to part of an election process and show how it can improve the security and correctness of that subprocess. We use the Little-JIL process definition language to create a precise and detailed definition of the process. Given this process definition, we use two forms of automated analysis to explore whether specified key properties, such as security and safety policies, can be undermined. First, we use model checking to identify process execution sequences that fail to conform to event-sequence properties. After these are addressed, we apply fault tree analysis to identify when the misperformance of steps might allow undesirable outcomes, such as security breaches. The results of these analyses can provide assurance about the process; suggest areas for improvement; and, when applied to a modified process definition, evaluate proposed changes.
- Claudia Z. Acemyan, Philip Kortum, Michael D. Byrne, and Dan S. Wallach. 2014. Usability of voter verifiable, end-to-end voting systems: Baseline data for Helios, prêt à voter, and scantegrity II. USENIX Journal of Election Technology and Systems 2, 3, 26--56.Google Scholar
- Claudia Z. Acemyan, Philip Kortum, Michael D. Byrne, and Dan S. Wallach. 2015. From error to error: Why voters could not cast a ballot and verify their vote with Helios, prêt à voter, and scantegrity II. USENIX Journal of Election Technology and Systems 3, 2, 1--25.Google Scholar
- Ben Adida, Olivier de Marneffe, Olivier Pereira, and Jean-Jacques Quisquater. 2011. Electing a university president using open-audit voting: Analysis of real-world use of Helios. In Proceedings of the 2011 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections. Google Scholar
Digital Library
- Ilkay Altintas, Chad Berkley, Efrat Jaeger, Matthew Jones, Bertram Ludäscher, and Steve Mock. 2004. Kepler: An extensible system for design and execution of scientific workflows. In Proceedings of the 16th International Conference on Scientific and Statistical Database Management (SSDBM’04). IEEE, Los Alamitos, CA, 423. Google Scholar
Digital Library
- Tigran Antonyan, Seda Davtyan, Sotirios Kentros, Aggelos Kiayias, Laurent Michel, Nicolas Nicolaou, Alexander Russell, and Alexander A. Shvartsman. 2009. State-wide elections, optical scan voting systems, and the pursuit of integrity. IEEE Transactions on Information Forensics and Security 4, 4, 597--610. Google Scholar
Digital Library
- Alessandro Armando and Serena Elisa Ponta. 2009. Model checking of security-sensitive business processes. In Formal Aspects in Security and Trust. Lecture Notes in Computer Science, Vol. 5983. Springer, 66--80. Google Scholar
Digital Library
- George S. Avrunin, Lori A. Clarke, Elizabeth A. Henneman, and Leon J. Osterweil. 2006. Complex medical processes as context for embedded systems. ACM SIGBED Review 3, 4, 9--14. Google Scholar
Digital Library
- George S. Avrunin, Lori A. Clarke, Leon J. Osterweil, Stefan C. Christov, Bin Chen, Elizabeth A. Henneman, Philip L. Henneman, Lucinda Cassells, and Wilson Mertens. 2010. Experience modeling and analyzing medical processes: UMass/Baystate medical safety project overview. In Proceedings of the 1st ACM International Health Informatics Symposium. ACM, New York, NY, 316--325. Google Scholar
Digital Library
- Christel Baier and Joost-Pieter Katoen. 2008. Principles of Model Checking. MIT Press, Cambridge, MA. Google Scholar
Digital Library
- Earl Barr, Matt Bishop, and Mark Gondree. 2007. Fixing federal e-voting standards. Communications of the ACM 50, 3, 19--24. Google Scholar
Digital Library
- Matt Bishop. 2007. Overview of Red Team Reports. Technical Report. Office of the Secretary of State of California, Sacramento, CA.Google Scholar
- Matt Bishop, Heather M. Conboy, Huong Phan, Borislava I. Simidchieva, George S. Avrunin, Lori A. Clarke, Leon J. Osterweil, and Sean Peisert. 2014. Insider threat identification by process analysis. In Proceedings of the 2014 IEEE Workshop on Research in Insider Threats. IEEE, Los Alamitos, CA, 251--264. Google Scholar
Digital Library
- Matt Bishop, Sophie Engle, Sean Peisert, Sean Whalen, and Carrie Gates. 2008. We have met the enemy and he is us. In Proceedings of the 2008 New Security Paradigms Workshop (NSPW’08). ACM, New York, NY, 1--12. Google Scholar
Digital Library
- Matt Bishop, Sean Peisert, Candice Hoke, Mark Graff, and David Jefferson. 2009. E-voting and forensics: Prying open the black box. In Proceedings of the 2009 Electronic Voting Technology Workshop/Workshop on Trustworthy Computing. 3:1--3:20. Google Scholar
Digital Library
- Brennan Center Task Force on Voting System Security. 2006. The Machinery of Democracy: Protecting Elections in an Electronic World. Brennan Center for Justice, New York, NY.Google Scholar
- Phillip J. Brooke and Richard F. Paige. 2003. Fault trees for security system design and analysis. Computers and Security 22, 3, 256--264. Google Scholar
Digital Library
- Jennifer L. Brunner. 2007. Project EVEREST: Evaluation and Validation of Election-Related Equipment, Standards, and Testing. Office of the Ohio Secretary of State, Columbus, OH.Google Scholar
- Aaron G. Cass, Barbara Staudt Lerner, Eric K. McCall, Leon J. Osterweil, Stanley M. Sutton Jr., and Alexander Wise. 2000. Little-JIL/Juliette: A process definition language and interpreter. In Proceedings of the 22nd International Conference on Software Engineering. ACM, New York, NY, 754--757. Google Scholar
Digital Library
- David Chaum, Richard Carback, Jeremy Clark, Aleksander Essex, Stefan Popoveniuc, Ronald L. Rivest, Peter Y. A. Ryan, Emily Shen, and Alan T. Sherman. 2008. Scantegrity II: End-to-end verifiability for optical scan election systems using invisible ink confirmation codes. In Proceedings of the 2008 USENIX/ACCURATE Electronic Voting Technology Workshop. 14:1--14:13. https://www.usenix.org/legacy/events/evt08/tech/full_papers/chaum/chaum.pdf. Google Scholar
Digital Library
- Bin Chen. 2010. Improving Processes Using Static Analysis Techniques. Ph.D. Dissertation. University of Massachusetts Amherst. Google Scholar
Digital Library
- Bin Chen, George S. Avrunin, Elizabeth A. Henneman, Lori A. Clarke, Leon J. Osterweil, and Philip L. Henneman. 2008. Analyzing medical processes. In Proceedings of the 30th International Conference on Software Engineering. ACM, New York, NY, 623--632. Google Scholar
Digital Library
- Edmund M. Clarke, Jr., Orna Grumberg, and Doron A. Peled. 2000. Model Checking. MIT Press, Cambridge, MA.Google Scholar
- Lori A. Clarke, George A. Avrunin, and Leon J. Osterweil. 2008. Using software engineering technology to improve the quality of medical processes. In Companion of the 30th International Conference on Software Engineering (ICSE Companion’08). ACM, New York, NY, 889--898. Google Scholar
Digital Library
- Rachel L. Cobleigh, George S. Avrunin, and Lori A. Clarke. 2006. User guidance for creating precise and accessible property specifications. In Proceedings of the 14th ACM SIGSOFT Symposium on the Foundations of Software Engineering. ACM, New York, NY, 208--218. Google Scholar
Digital Library
- Bill Curtis, Marc I. Kellner, and Jim Over. 1992. Process modeling. Communications of the ACM 35, 9, 75--90. Google Scholar
Digital Library
- W. Edwards Deming. 1982. Out of the Crisis. MIT Press, Cambridge, MA.Google Scholar
- Rayna Dimitrova, Bernd Finkbeiner, Máté Kovács, Markus N. Rabe, and Helmut Seidl. 2012. Model checking information flow in reactive systems. In Verification, Model Checking, and Abstract Interpretation. Lecture Notes in Computer Science, Vol. 7148. Springer Berlin Heidelberg, Berlin, Germany, 169--185. Google Scholar
Digital Library
- Matthew B. Dwyer, George S. Avrunin, and James C. Corbett. 1999. Patterns in property specifications for finite-state verification. In Proceedings of the 21st International Conference on Software Engineering. ACM, New York, NY, 411--420. Google Scholar
Digital Library
- Matthew B. Dwyer, Lori A. Clarke, Jamieson M. Cobleigh, and Gleb Naumovich. 2004. Flow analysis for verifying properties of concurrent software systems. ACM Transactions on Software Engineering and Methodology 13, 4, 359--430. Google Scholar
Digital Library
- Election Assistance Commission. 2005. 2005 Voluntary Voting Systems Guidelines. Election Assistance Commission, Washington, DC.Google Scholar
- Election Assistance Commission. 2010. Election Management Guidelines. Election Assistance Commission, Washington, DC.Google Scholar
- Aaron M. Ellison, Leon J. Osterweil, Lori Clarke, Julian L. Hadley, Alexander Wise, Emery Boose, David R. Foster, et al. 2006. Analytic webs support the synthesis of ecological data sets. Ecology 87, 6, 1345--1358.Google Scholar
Cross Ref
- Clifton A. Ericson II. 1999. Fault tree analysis—a history. In Proceedings of the 17th International System Safety Conference. 1--9.Google Scholar
- Federal Election Commission. 1990. Performance and Test Standards for Punchcards, Marksense, and Direct Recording Electronic Voting Systems. Federal Election Commission, Washington, DC.Google Scholar
- Federal Election Commission. 2002. Voting Systems Standards. Federal Election Commission, Washington, DC.Google Scholar
- M. A. Friedman. 1993. Automated software fault-tree analysis of pascal programs. In Proceedings of the 1993 Annual Symposium on Reliability and Maintainability. IEEE, Los Alamitos, CA, 458--461.Google Scholar
Cross Ref
- Diimitrios Georgakopoulos, Mark Hornick, and Amit Sheth. 1995. An overview of workflow management: From process modeling to workflow automation infrastructure. Distributed and Parallel Databases 3, 2, 119--153. Google Scholar
Digital Library
- Joseph Lorenzo Hall. 2008. Improving the security, transparency and efficiency of California’s 1% manual tally procedures. In Proceedings of the 2008 USENIX/ACCURATE Electronic Voting Technology Workshop (EVT’08). 1--12. Google Scholar
Digital Library
- Joseph Lorenzo Hall, Emily Barabas, Gregory Shapiro, Coye Cheshire, and Deirdre K. Mulligan. 2012. Probing the front lines: Pollworker perceptions of security and privacy. In Proceedings of the 2012 Workshop on Electronic Voting Technology/Workshop on Trustworthy Elections. 2:1--2:15. Google Scholar
Digital Library
- Joseph Lorenzo Hall, Luke W. Miratrix, Philip B. Stark, Melvin Briones, Elaine Ginnold, Freddie Oakley, Martin Peaden, Gail Pellerin, Tom Stanionis, and Tricia Webber. 2009. Implementing risk-limiting post-election audits in California. In Proceedings of the 2009 Electronic Voting Technology Workshop/Workshop on Trustworthy Computing. 19:1--19:24. Google Scholar
Digital Library
- Mario Heiderich, Tilman Frosch, Marcus Niemietz, and Jörg Schwenk. 2011. The bug that made me president: A browser-- and Web-security case study on Helios voting. In E-Voting and Identity. Lection Notes in Computer Science, Vol. 7187. Springer, 89--103. Google Scholar
Digital Library
- Guy Helmer, Johnny Wong, Mark Slagell, Vasant Honavar, Les Miller, and Robyn Lutz. 2002. A software fault tree approach to requirements analysis of an intrusion detection system. Requirements Engineering 7, 4, 207--220.Google Scholar
Cross Ref
- Elizabeth A. Henneman, George S. Avrunin, Lori A. Clarke, Leon J. Osterweil, Chester Andrzejewski Jr., Karen Merrigan, Rachel Cobleigh, Kimberly Frederick, Ethan Katz-Bassett, and Philip L. Henneman. 2007. Increasing patient safety and efficiency in transfusion therapy using formal process definitions. Transfusion Medicine Reviews 21, 1, 49--57.Google Scholar
Cross Ref
- L. Howard Holley and Barry K. Rosen. 1980. Qualified data flow problems. In Proceedings of the 7th ACM SIGPLAN-SIGACT Symposium on Principles of Programming languages. ACM, New York, NY, 68--82. Google Scholar
Digital Library
- Jeffrey Hunker and Christian W. Probst. 2011. Insiders and insider threats—an overview of definitions and mitigation techniques. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications 2, 1, 4--27.Google Scholar
- William A. Hyman and Erin Johnson. 2008. Fault tree analysis of clinical alarms. Journal of Clinical Engineering 33, 2, 85--94.Google Scholar
Cross Ref
- Radu Iosif, Matthew B. Dwyer, and John Hatcliff. 2005. Translating Java for multiple model checkers: The Bandera back end. Formal Methods in System Design 26, 2, 137--180. Google Scholar
Digital Library
- Fatih Karayumak, Michaela Kauer, Maina Olembo, Tobias Volk, and Melanie Volkamer. 2011a. User study of the improved Helios voting system interfaces. In Proceedings of the 1st Workshop on Socio-Technical Aspects in Security and Trust. IEEE, Los Alamitos, CA, 37--44.Google Scholar
Cross Ref
- Fatih Karayumak, Maina Olembo, Michaela Kauer, and Melanie Volkamer. 2011b. Usability analysis of Helios—an open source verifiable remote electronic voting system. In Proceedings of the 2011 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections. Google Scholar
Digital Library
- Tadayoshi Kohno, Adam Stubblefield, Aviel D. Rubin, and Dan S. Wallach. 2004. Analysis of an electronic voting system. In Proceedings of the 2004 IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 27--40.Google Scholar
- Costas Lambrinoudakis, Vassilis Tsoumas, Maria Karyda, and Spyros Ikonomopoulos. 2003. Secure electronic voting: The current landscape. In Secure Electronic Voting. Advances in Information Security, Vol. 7. Kluwer, Boston, MA, 101--122.Google Scholar
- Eric Lazarus, David Dill, Jeremy Epstein, and Joseph Lorenzo Hall. 2011. Applying a reusable election threat model at the county level. In Proceedings of the 2011 Conference on Electronic Voting Technology/Workshop on Trustworthy Elections (EVT/WOTE). 1--14. Google Scholar
Digital Library
- N. G. Leveson, S. S. Cha, and T. J. Shimeall. 1991. Safety verification of Ada programs using software fault trees. IEEE Software 8, 4, 48--59. Google Scholar
Digital Library
- Gavin Lowe. 1996. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In Tools and Algorithms for the Construction and Analysis of Systems. Springer-Verlag, Berlin, Germany, 147--166. Google Scholar
Digital Library
- Declan McCullagh. 2007. E-Voting Predicament: Not-So-Secret Ballots. Retrieved February 3, 2017, from http://www.cnet.com/news/e-voting-predicament-not-so-secret-ballots/.Google Scholar
- John P. McDermott. 2001. Attack net penetration testing. In Proceedings of the 2001 Workshop on New Security Paradigms (NSPW’01). ACM, New York, NY, 15--21. Google Scholar
Digital Library
- Rebecca T. Mercuri and Peter G. Neumann. 2003. Verification for electronic balloting systems. In Secure Electronic Voting. Advances in Information Security, Vol. 7. Kluwer, Boston, MA, 31--42.Google Scholar
- Shin-ichi Minato. 1996. Binary Decision Diagrams and Applications for VLSI CAD. Kluwer, Boston, MA. Google Scholar
Digital Library
- Lilian Mitrou, Dimitris Gritzalis, Sokratis Katsikas, and Gerald Quirchmayr. 2003. Electronic voting: Constitutional and legal requirements, and their technical implications. In Secure Electronic Voting. Advances in Information Security, Vol. 7. Kluwer, Boston, MA, 43--60.Google Scholar
- A. P. Moore, R. J. Ellison, and R. C. Linger. 2001. Attack Modeling for Information Security and Survivability. Technical Report. Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA.Google Scholar
- Igor Nai Fovino, Marcelo Masera, and Alessio De Cian. 2009. Integrating cyber attacks within fault trees. Reliability Engineering and System Safety 94, 9, 1394--1402.Google Scholar
Cross Ref
- National Association of Secretaries of State (NASS). 2007. Survey Post Election Audits. Available at http://www.nass.org.Google Scholar
- Office of the California Secretary of State. 2007. Top to Bottom Review of Electronic Voting Machines. Office of the California Secretary of State, Sacramento, CA.Google Scholar
- Leon J. Osterweil, George S. Avrunin, Bin Chen, Lori A. Clarke, Rachel Cobleigh, Elizabeth A. Henneman, and Philip L. Henneman. 2007. Engineering medical processes to improve their safety. In Situational Method Engineering: Fundamentals and Experiences. IFIP International Federation for Information Processing, Vol. 244. Springer, Boston, MA, 267--282.Google Scholar
- G. J. Pai and J. Bechta Dugan. 2002. Automatic synthesis of dynamic fault trees from UML system models. In Proceedings of the 13th International Symposium on Software Reliability Engineering. IEEE, Los Alamitos, CA, 243--254. Google Scholar
Digital Library
- Sean Peisert. 2007. A Model of Forensic Analysis Using Goal-Oriented Logging. Ph.D. Dissertation. Department of Computer Science and Engineering, University of California, San Diego, CA. Google Scholar
Digital Library
- Sean Peisert, Matt Bishop, Sidney Karin, and Keith Marzullo. 2007. Toward models for forensic analysis. In Proceedings of the 2nd International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE’07). IEEE, Los Alamitos, CA, 3--15. Google Scholar
Digital Library
- Shari Lawrence Pfleeger, Joel B. Predd, Jeffrey Hunker, and Carla Bulford. 2010. Insiders behaving badly: Addressing bad actors and their actions. IEEE Transactions on Information Forensics and Security 5, 1, 169--179. Google Scholar
Digital Library
- Huong Phan, George Avrunin, Matt Bishop, Lori A. Clarke, and Leon J. Osterweil. 2012. A systematic process-model-based approach for synthesizing attacks and evaluating them. In Proceedings of the 2012 USENIX/ACCURATE Electronic Voting Technology Workshop. 10:1--10:16. Google Scholar
Digital Library
- Cynthia Phillips and Laura Painton Swiler. 1998. A graph-based system for network-vulnerability analysis. In Proceedings of the 1998 New Security Paradigms Workshop. ACM, New York, NY, 71--79. Google Scholar
Digital Library
- Nayot Poolsapassit and Indrajit Ray. 2007. Investigating computer attacks using attack trees. In Advances in Digital Forensics III. IFIP International Federation for Information Processing, Vol. 242. Springer, Boston, MA, 331--343.Google Scholar
- Christian W. Probst, Jeffrey Hunker, Dieter Gollmann, and Matt Bishop (Eds.). 2010. Insider Threats in Cyber Security. Advances in Information Security, Vol. 49. Springer, New York, NY. Google Scholar
Digital Library
- Elliot Proebstel, Sean Riddle, Francis Hsu, Justin Cummins, Freddie Oakley, Tom Stanionis, and Matt Bishop. 2007. An analysis of the Hart Intercivic DAU eSlate. In Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology. 3:1--3:12. Google Scholar
Digital Library
- RABA Innovative Solution Cell (RiSC). 2004. Trusted Agent Report Diebold AccuVote-TS Voting System. RABA Technologies, Columbia, MD.Google Scholar
- Mohammad S. Raunak, Bin Chen, Amr Elssamadisy, Lori A. Clarke, and Leon J. Osterweil. 2006. Definition and analysis of election processes. In Software Process Change. Lecture Notes in Computer Science, Vol. 3966. Springer, 178--185. Google Scholar
Digital Library
- Indrajit Ray and Nayot Poolsapassit. 2005. Using attack trees to identify malicious attacks from authorized insiders. In Computer Security—ESORICS 2005. Lecture Notes in Computer Science, Vol. 3679. Springer, 231--246. Google Scholar
Digital Library
- Ali M. Rushdi and Omar M. Ba-rukab. 2005. Fault-tree modelling of computer system security. International Journal of Computer Mathematics 82, 7, 805--819.Google Scholar
Cross Ref
- Roy G. Saltman. 2003. Public confidence and auditability in voting systems. In Secure Electronic Voting. Advances in Information Security, Vol. 7. Kluwer, Boston, MA, 31--42.Google Scholar
- Anandarup Sarkar, Sean Kohler, Sean Riddle, Bertram Ludaescher, and Matt Bishop. 2014. Insider attack identification and prevention using a declarative approach. In Proceedings of the 2014 IEEE Security and Privacy Workshops. IEEE, Los Alamitos, CA, 251--264. Google Scholar
Digital Library
- Bruce Schneier. 1999. Modeling security threats. Dr. Dobb’s Journal 22, 12, 4--6.Google Scholar
- Walter A. Shewhart. 1931. Economic Control of Quality of Manufactured Product. D. Van Nostrand Company, New York, NY.Google Scholar
- Oleg Sheyner, Joshua Haines, Somesh Jha, Richard Lippmann, and Jeannette M. Wing. 2002a. Automated generation and analysis of attack graphs. In Proceedings of the 2002 IEEE Symposium on Security and Privacy. 273--284. Google Scholar
Digital Library
- Oleg Sheyner, Joshua Haines, Somesh Jha, Richard Lippmann, and Jeannette M. Wing. 2002b. Automated generation and analysis of attack graphs. In Proceedings of the 2002 IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 273--284. Google Scholar
Digital Library
- Borislava I. Simidchieva, Sophie J. Engle, Michael Clifford, Alicia Clay Jones, Sean Peisert, Matt Bishop, Lori A. Clarke, and Leon J. Osterweil. 2010. Modeling and analyzing faults to improve election process robustness. In Proceedings of the 2010 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (EVT/WOTE’10). 6:1--6:16. Google Scholar
Digital Library
- Borislava I. Simidchieva, Matthew S. Marzilli, Lori A. Clarke, and Leon J. Osterweil. 2008. Specifying and verifying requirements for election processes. In Proceedings of the International Conference on Digital Government Research. 63--72. Google Scholar
Digital Library
- John A. Simpson and Edmund S. C. Weiner (Eds.). 1991. The Oxford English Dictionary (2nd ed.). Clarendon Press, Oxford, UK.Google Scholar
- Rachel L. Smith, George S. Avrunin, Lori A. Clarke, and Leon J. Osterweil. 2002. Propel: An approach supporting property elucidation. In Proceedings of the 24th International Conference on Software Engineering. ACM, New York, NY, 11--21. Google Scholar
Digital Library
- Drew Springall, Travis Finkenauer, Zakir Durumeric, Jason Kitcat, Harri Hursti, Margaret MacAlpine, and J. Alex Halderman. 2014. Security analysis of the Estonian Internet voting system. In Proceedings of the 23rd ACM Conference on Computer and Communication Security. ACM, New York, NY, 703--715. Google Scholar
Digital Library
- Technical Guidelines Development Committee (TGDC). 2007. Voluntary Voting System Guidelines Recommendations to the Election Assistance Commission. Technical Report. Technical Guidelines Development Committee, Election Assistance Commission, Washington, DC.Google Scholar
- Roberto Tiella, Adolfo Villafiorita, and Silvia Tomasi. 2006. Specification of the control logic of an evoting system in UML: The provote experience. In Proceedings of the 5th International Workshop on Critical Systems Development Using Modeling Languages.Google Scholar
- Verified Voting. 2013. Post Election Audit. Available at https://www.verifiedvoting.org/resources/post-election-audits/.Google Scholar
- Adolfo Villafiorita, Komminist Weldemariam, and Roberto Tiella. 2009. Development, formal verification, and evaluation of an e-voting system with VVPAT. IEEE Transactions on Information Forensics and Security 4, 4, 651--661. Google Scholar
Digital Library
- J. R. Ward, M. N. Lyons, S. Barclay, J. Anderson, P. Buckle, and P. J. Clarkson. 2007. Using fault tree analysis (FTA) in healthcare: A case study of repeat prescribing in primary care. In Proceedings of Patient Safety Research: Shaping the European Agenda.Google Scholar
- Komminist Weldemariam, Richard A. Kemmerer, and Adolfo Villafiorita. 2009. Specification and Analysis of the Electronic Voting Process for the ES8S Voting System. Technical Report. Department of Computer Science, University of California at Santa Barbara, Santa Barbara, CA.Google Scholar
- Komminist Weldemariam and Adolfo Villafiorita. 2008. Modeling and analysis of procedural security in (e)voting: The Trentino’s approach and experiences. In Proceedings of the 2008 USENIX/ACCURATE Electronic Voting Technology Workshop. 1--10. Google Scholar
Digital Library
- Oliver Wiegert. 1998. Business Process Modeling and Workflow Definition with UML. SAP AG.Google Scholar
- Alexander Wise, Aaron G. Cass, Barbara Staudt Lerner, Eric K. McCall, Leon J. Osterweil, and Stanley M. Sutton Jr. 2000. Using Little-JIL to coordinate agents in software engineering. In Proceedings of the 15th IEEE International Conference on Automated Software Engineering. IEEE, Los Alamitos, CA, 155--163. Google Scholar
Digital Library
- Scott Wolchok, Eric Wustrow, Dawn Isabel, and J. Alex Halderman. 2012. Attacking the Washington, D.C. Internet voting system. In Financial Cryptography and Data Security. Lecture Notes in Computer Science, Vol. 7397. Springer, 114--128.Google Scholar
- Christian Wolter, Philip Miseldine, and Christoph Meinel. 2009. Verification of business process entailment constraints using SPIN. In Engineering Secure Software and Systems. Lecture Notes in Computer Science, Vol. 5429. Springer, 1--15. Google Scholar
Digital Library
- Alec Yasinsac, David Wagner, Matt Bishop, Ted Baker, Breno de Medeiros, Gary Tyson, Michael Shamos, and Mike Burmester. 2007. Software Review and Security Analysis of the ES8S iVoteronic 8.0.1.2 Voting Machine Firmware. Security and Assurance in Information Technology Laboratory, Florida State University, Tallahassee, FL.Google Scholar
- Ka-Ping Yee. 2007. Building Reliable Voting Machine Software. Technical Report EECS-2007-167. Department of Electrical Engineering and Computer Science, University of California at Berkeley, Berkeley, CA.Google Scholar
- Tao Zhang, Mingzeng Hu, Xiaochun Yun, and Yongzheng Zhang. 2005. Computer vulnerability evaluation using fault tree analysis. In Information Security Practice and Experience. Lecture Notes in Computer Science, Vol. 3439. Springer, 302--313. Google Scholar
Digital Library
Index Terms
Iterative Analysis to Improve Key Properties of Critical Human-Intensive Processes: An Election Security Example
Recommendations
Automatic Compositional Verification of Probabilistic Safety Properties for Inter-organisationalWorkflow Processes
SIMULTECH 2016: Proceedings of the 6th International Conference on Simulation and Modeling Methodologies, Technologies and ApplicationsFor many complex systems, it is important to verify formally their correctness; the aim is to guarantee the
reliability and the correctness of such systems before their effective deployment. Several methods have been
proposed to this effect using ...
Specifying and verifying requirements for election processes
dg.o '08: Proceedings of the 2008 international conference on Digital government researchIn this paper we outline an approach for modeling election processes and then performing rigorous analysis to verify that these process models meet selected behavioral requirements. We briey outline some high-level requirements that an election process ...
Model checking timed properties of healthcare processes
Healthcare workflows (careflows) involve complex, distributive processes with a high degree of variability. There are ubiquitous communication and enormous data and knowledge management requirements and the processes involve complex timing requirements, ...






Comments