Skip to main content
SpringerLink
Log in

Assessing Procedural Risks and Threats in e-Voting: Challenges and an Approach

  • Conference paper
E-Voting and Identity (Vote-ID 2007)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4896))

Included in the following conference series:

Abstract

Performing a good security analysis on the design of a system is an essential step in order to guarantee a reasonable level of protection. However, different attacks and threats may be carried out depending on the operational environment in which the system is used, i.e. the procedures that define how to operate the systems. We are interested in reasoning about the security of e-Voting procedures, namely on the risks and attacks that can be carried out during an election. Our focus is more on people and organizations than on systems and technologies. In this paper we describe some ongoing work that we are carrying out within the ProVotE project (a project sponsored by the Autonomous Province of Trento to switch to e-Voting for local elections) to analyze and (possibly) improve procedural security of electronic elections. To do so, we are providing models of the Italian electoral laws using the UML and we are developing a custom methodology for analyzing threats from the models. Our reasoning approach is based on asset mobility, asset values and existence of multiple instances.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bryans, J.W., Littlewood, B., Ryan, P.Y.A., Strigini, L.: E-voting: Dependability Requirements and Design for Dependability, pp. 988–995. IEEE Computer Society Press, Washington, DC, USA (2006)

    Google Scholar 

  2. Rebecca, T., Mercuri, R.T., Camp, L.J.: The Code of Elections. Commun. ACM 47(10), 52–57 (2004)

    Article  Google Scholar 

  3. Xenakis, A., Macintosh, A.: Procedural security analysis of electronic voting. In: Rauterberg, M. (ed.) ICEC 2004. LNCS, vol. 3166, pp. 541–546. Springer, Heidelberg (2004)

    Google Scholar 

  4. Xenakis, A., Macintosh, A.: Procedural Security and Social Acceptance in E-Voting. In: HICSS 2005: Proceedings of the Proceedings of the 38th Annual Hawaii International Conference on System Sciences (HICSS 2005) - Track 5, p. 118.1 IEEE Computer Society, Washington, DC, USA (2005)

    Google Scholar 

  5. Vetterling, M., Wimmel, G., Wisspeintner, A.: A Graphical Approach to Risk Identification, Motivated by Empirical Investigations. LNCS, pp. 574–588 (November 23, 2006)

    Google Scholar 

  6. Manadhata, P., Wing, J., Flynn, M., McQueen, M.: Measuring the attack surfaces of two FTP daemons. In: QoP 2006. Proceedings of the 2nd ACM workshop on Quality of protection, pp. 3–10. ACM Press, New York (2006)

    Chapter  Google Scholar 

  7. Braynov, S., Jadiwala, M.: Representation and Analysis of Coordinated Attacks. In: FMSE 2003. Proceedings of the 2003 ACM workshop on Formal methods in security engineering, pp. 43–51. ACM Press, New York (2003)

    Chapter  Google Scholar 

  8. Fovino, I.N., Masera, M.: Through the Description of Attacks: A Multidimensional View. In: Górski, J. (ed.) SAFECOMP 2006. LNCS, vol. 4166, pp. 15–28. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  9. Krimmer, R., Volkamer, M.: Observing Threats to Voter’s Anonymity: Election Observation of Electronic Voting. Working Paper Series on Electronic Voting and Participation Nr. 01/2006 (September 2006), Can be downloaded from http://static.twoday.net/evoting/files/Working-Paper-1-2006.pdf

  10. Prosser, A., Kofler, R., Krimmer, R., Unger, M.K.: Security Assets in E-Voting. In: Prosser, A., Krimmer, R. (eds.) [24], pp. 171–180

    Google Scholar 

  11. Clarke, E.M., Grumberg, O., Peled, D.A.: Model Checking. MIT Press, Cambridge (2000)

    Google Scholar 

  12. Villafiorita, A., Fasanelli, G.: Transitioning to e-Voting: the ProVotE Project and the Trentino’s Experience. In: Wimmer, M.A., et al. (eds.) EGOV 2006. LNCS, vol. 4084, Springer, Heidelberg (2006)

    Google Scholar 

  13. McGaley, M., McCarthy, J.: Transparency and e-Voting: Democratic vs. commercial interests. In: The International Workshop on Electronic Voting in Europe (2004)

    Google Scholar 

  14. Russell, N., van der Aalst, W.M.P., ter Hofstede, A.H.M., Wohed, P.: On the suitability of UML 2.0 activity diagrams for business process modelling. In: APCCM 2006: Proceedings of the 3rd Asia-Pacific conference on Conceptual modelling, Darlinghurst, Australia, pp. 95–104. Australian Computer Society, Inc. (2006)

    Google Scholar 

  15. Castela, N., Tribolet, J.M., Silva, A., Guerra, A.: Business Process Modeling with UML. In: ICEIS (2), pp. 679–685 (2001), http://citeseer.ist.psu.edu/article/castela01business.html

  16. Mattioli, A.: Analisi dei Processi in Ambito di Voto Elettronico per le Elezioni in Provincia di Trento. Master’s thesis, University of Trento (2005-2006)

    Google Scholar 

  17. Manica, A.: Dai processi ai sistemi informativi strumenti per la condivisione di modelli. Master’s thesis, University of Trento (2002–2003)

    Google Scholar 

  18. Visual Paradigm for UML (2007), http://www.visual-paradigm.com/product/vpuml/

  19. Common Criteria (2007), http://www.commoncriteriaportal.org/

  20. Bozzano, M., Villafiorita, A.: The FSAP/NuSMV-SA Safety Analysis Platform. Int. J. Softw. Tools Technol. Transf. 9(1), 5–24 (2007)

    Article  Google Scholar 

  21. Lambrinoudakis, C., Kokolakis, S., Karyda, M., Tsoumas, V., Gritzalis, D., Katsikas, S.: Electronic Voting Systems: Security Implications of the Administrative Workflow. In: Mařík, V., Štěpánková, O., Retschitzegger, W. (eds.) DEXA 2003. LNCS, vol. 2736, p. 467. Springer, Heidelberg (2003)

    Google Scholar 

  22. Xenakis, A., Macintosh, A.: Using Business Process Re-engineering (BPR) for the Effective Administration of Electronic Voting. The Electronic Journal of e-Government 3(2) (2005)

    Google Scholar 

  23. Howard, M., Pincus, J., Wing, J.: Measuring Relative Attack Surfaces (2003), http://citeseer.ist.psu.edu/howard03measuring.html

  24. Prosser, A., Krimmer, R.: Electronic Voting in Europe - Technology, Law, Politics and Society, Workshop of the ESF TED Programme together with GI and OCG. Schlod́f Hofen / Bregenz, Lake of Constance, Austria, Proceedings, July 7-9, 2004. LNI.GI, vol. 47 (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Fondazione Bruno Kessler (FBK-IRST),  

    Komminist Weldemariam, Adolfo Villafiorita & Andrea Mattioli

  2. ICT International Doctorate School, University of Trento,  

    Komminist Weldemariam

Authors
  1. Komminist Weldemariam
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Adolfo Villafiorita
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andrea Mattioli
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Ammar Alkassar Melanie Volkamer

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Weldemariam, K., Villafiorita, A., Mattioli, A. (2007). Assessing Procedural Risks and Threats in e-Voting: Challenges and an Approach. In: Alkassar, A., Volkamer, M. (eds) E-Voting and Identity. Vote-ID 2007. Lecture Notes in Computer Science, vol 4896. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77493-8_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-77493-8_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-77492-1

  • Online ISBN: 978-3-540-77493-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation