skip to main content
research-article
Public Access

Iterative Analysis to Improve Key Properties of Critical Human-Intensive Processes: An Election Security Example

Published: 15 March 2017 Publication History

Abstract

In this article, we present an approach for systematically improving complex processes, especially those involving human agents, hardware devices, and software systems. We illustrate the utility of this approach by applying it to part of an election process and show how it can improve the security and correctness of that subprocess. We use the Little-JIL process definition language to create a precise and detailed definition of the process. Given this process definition, we use two forms of automated analysis to explore whether specified key properties, such as security and safety policies, can be undermined. First, we use model checking to identify process execution sequences that fail to conform to event-sequence properties. After these are addressed, we apply fault tree analysis to identify when the misperformance of steps might allow undesirable outcomes, such as security breaches. The results of these analyses can provide assurance about the process; suggest areas for improvement; and, when applied to a modified process definition, evaluate proposed changes.

References

[1]
Claudia Z. Acemyan, Philip Kortum, Michael D. Byrne, and Dan S. Wallach. 2014. Usability of voter verifiable, end-to-end voting systems: Baseline data for Helios, prêt à voter, and scantegrity II. USENIX Journal of Election Technology and Systems 2, 3, 26--56.
[2]
Claudia Z. Acemyan, Philip Kortum, Michael D. Byrne, and Dan S. Wallach. 2015. From error to error: Why voters could not cast a ballot and verify their vote with Helios, prêt à voter, and scantegrity II. USENIX Journal of Election Technology and Systems 3, 2, 1--25.
[3]
Ben Adida, Olivier de Marneffe, Olivier Pereira, and Jean-Jacques Quisquater. 2011. Electing a university president using open-audit voting: Analysis of real-world use of Helios. In Proceedings of the 2011 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections.
[4]
Ilkay Altintas, Chad Berkley, Efrat Jaeger, Matthew Jones, Bertram Ludäscher, and Steve Mock. 2004. Kepler: An extensible system for design and execution of scientific workflows. In Proceedings of the 16th International Conference on Scientific and Statistical Database Management (SSDBM’04). IEEE, Los Alamitos, CA, 423.
[5]
Tigran Antonyan, Seda Davtyan, Sotirios Kentros, Aggelos Kiayias, Laurent Michel, Nicolas Nicolaou, Alexander Russell, and Alexander A. Shvartsman. 2009. State-wide elections, optical scan voting systems, and the pursuit of integrity. IEEE Transactions on Information Forensics and Security 4, 4, 597--610.
[6]
Alessandro Armando and Serena Elisa Ponta. 2009. Model checking of security-sensitive business processes. In Formal Aspects in Security and Trust. Lecture Notes in Computer Science, Vol. 5983. Springer, 66--80.
[7]
George S. Avrunin, Lori A. Clarke, Elizabeth A. Henneman, and Leon J. Osterweil. 2006. Complex medical processes as context for embedded systems. ACM SIGBED Review 3, 4, 9--14.
[8]
George S. Avrunin, Lori A. Clarke, Leon J. Osterweil, Stefan C. Christov, Bin Chen, Elizabeth A. Henneman, Philip L. Henneman, Lucinda Cassells, and Wilson Mertens. 2010. Experience modeling and analyzing medical processes: UMass/Baystate medical safety project overview. In Proceedings of the 1st ACM International Health Informatics Symposium. ACM, New York, NY, 316--325.
[9]
Christel Baier and Joost-Pieter Katoen. 2008. Principles of Model Checking. MIT Press, Cambridge, MA.
[10]
Earl Barr, Matt Bishop, and Mark Gondree. 2007. Fixing federal e-voting standards. Communications of the ACM 50, 3, 19--24.
[11]
Matt Bishop. 2007. Overview of Red Team Reports. Technical Report. Office of the Secretary of State of California, Sacramento, CA.
[12]
Matt Bishop, Heather M. Conboy, Huong Phan, Borislava I. Simidchieva, George S. Avrunin, Lori A. Clarke, Leon J. Osterweil, and Sean Peisert. 2014. Insider threat identification by process analysis. In Proceedings of the 2014 IEEE Workshop on Research in Insider Threats. IEEE, Los Alamitos, CA, 251--264.
[13]
Matt Bishop, Sophie Engle, Sean Peisert, Sean Whalen, and Carrie Gates. 2008. We have met the enemy and he is us. In Proceedings of the 2008 New Security Paradigms Workshop (NSPW’08). ACM, New York, NY, 1--12.
[14]
Matt Bishop, Sean Peisert, Candice Hoke, Mark Graff, and David Jefferson. 2009. E-voting and forensics: Prying open the black box. In Proceedings of the 2009 Electronic Voting Technology Workshop/Workshop on Trustworthy Computing. 3:1--3:20.
[15]
Brennan Center Task Force on Voting System Security. 2006. The Machinery of Democracy: Protecting Elections in an Electronic World. Brennan Center for Justice, New York, NY.
[16]
Phillip J. Brooke and Richard F. Paige. 2003. Fault trees for security system design and analysis. Computers and Security 22, 3, 256--264.
[17]
Jennifer L. Brunner. 2007. Project EVEREST: Evaluation and Validation of Election-Related Equipment, Standards, and Testing. Office of the Ohio Secretary of State, Columbus, OH.
[18]
Aaron G. Cass, Barbara Staudt Lerner, Eric K. McCall, Leon J. Osterweil, Stanley M. Sutton Jr., and Alexander Wise. 2000. Little-JIL/Juliette: A process definition language and interpreter. In Proceedings of the 22nd International Conference on Software Engineering. ACM, New York, NY, 754--757.
[19]
David Chaum, Richard Carback, Jeremy Clark, Aleksander Essex, Stefan Popoveniuc, Ronald L. Rivest, Peter Y. A. Ryan, Emily Shen, and Alan T. Sherman. 2008. Scantegrity II: End-to-end verifiability for optical scan election systems using invisible ink confirmation codes. In Proceedings of the 2008 USENIX/ACCURATE Electronic Voting Technology Workshop. 14:1--14:13. https://www.usenix.org/legacy/events/evt08/tech/full_papers/chaum/chaum.pdf.
[20]
Bin Chen. 2010. Improving Processes Using Static Analysis Techniques. Ph.D. Dissertation. University of Massachusetts Amherst.
[21]
Bin Chen, George S. Avrunin, Elizabeth A. Henneman, Lori A. Clarke, Leon J. Osterweil, and Philip L. Henneman. 2008. Analyzing medical processes. In Proceedings of the 30th International Conference on Software Engineering. ACM, New York, NY, 623--632.
[22]
Edmund M. Clarke, Jr., Orna Grumberg, and Doron A. Peled. 2000. Model Checking. MIT Press, Cambridge, MA.
[23]
Lori A. Clarke, George A. Avrunin, and Leon J. Osterweil. 2008. Using software engineering technology to improve the quality of medical processes. In Companion of the 30th International Conference on Software Engineering (ICSE Companion’08). ACM, New York, NY, 889--898.
[24]
Rachel L. Cobleigh, George S. Avrunin, and Lori A. Clarke. 2006. User guidance for creating precise and accessible property specifications. In Proceedings of the 14th ACM SIGSOFT Symposium on the Foundations of Software Engineering. ACM, New York, NY, 208--218.
[25]
Bill Curtis, Marc I. Kellner, and Jim Over. 1992. Process modeling. Communications of the ACM 35, 9, 75--90.
[26]
W. Edwards Deming. 1982. Out of the Crisis. MIT Press, Cambridge, MA.
[27]
Rayna Dimitrova, Bernd Finkbeiner, Máté Kovács, Markus N. Rabe, and Helmut Seidl. 2012. Model checking information flow in reactive systems. In Verification, Model Checking, and Abstract Interpretation. Lecture Notes in Computer Science, Vol. 7148. Springer Berlin Heidelberg, Berlin, Germany, 169--185.
[28]
Matthew B. Dwyer, George S. Avrunin, and James C. Corbett. 1999. Patterns in property specifications for finite-state verification. In Proceedings of the 21st International Conference on Software Engineering. ACM, New York, NY, 411--420.
[29]
Matthew B. Dwyer, Lori A. Clarke, Jamieson M. Cobleigh, and Gleb Naumovich. 2004. Flow analysis for verifying properties of concurrent software systems. ACM Transactions on Software Engineering and Methodology 13, 4, 359--430.
[30]
Election Assistance Commission. 2005. 2005 Voluntary Voting Systems Guidelines. Election Assistance Commission, Washington, DC.
[31]
Election Assistance Commission. 2010. Election Management Guidelines. Election Assistance Commission, Washington, DC.
[32]
Aaron M. Ellison, Leon J. Osterweil, Lori Clarke, Julian L. Hadley, Alexander Wise, Emery Boose, David R. Foster, et al. 2006. Analytic webs support the synthesis of ecological data sets. Ecology 87, 6, 1345--1358.
[33]
Clifton A. Ericson II. 1999. Fault tree analysis—a history. In Proceedings of the 17th International System Safety Conference. 1--9.
[34]
Federal Election Commission. 1990. Performance and Test Standards for Punchcards, Marksense, and Direct Recording Electronic Voting Systems. Federal Election Commission, Washington, DC.
[35]
Federal Election Commission. 2002. Voting Systems Standards. Federal Election Commission, Washington, DC.
[36]
M. A. Friedman. 1993. Automated software fault-tree analysis of pascal programs. In Proceedings of the 1993 Annual Symposium on Reliability and Maintainability. IEEE, Los Alamitos, CA, 458--461.
[37]
Diimitrios Georgakopoulos, Mark Hornick, and Amit Sheth. 1995. An overview of workflow management: From process modeling to workflow automation infrastructure. Distributed and Parallel Databases 3, 2, 119--153.
[38]
Joseph Lorenzo Hall. 2008. Improving the security, transparency and efficiency of California’s 1% manual tally procedures. In Proceedings of the 2008 USENIX/ACCURATE Electronic Voting Technology Workshop (EVT’08). 1--12.
[39]
Joseph Lorenzo Hall, Emily Barabas, Gregory Shapiro, Coye Cheshire, and Deirdre K. Mulligan. 2012. Probing the front lines: Pollworker perceptions of security and privacy. In Proceedings of the 2012 Workshop on Electronic Voting Technology/Workshop on Trustworthy Elections. 2:1--2:15.
[40]
Joseph Lorenzo Hall, Luke W. Miratrix, Philip B. Stark, Melvin Briones, Elaine Ginnold, Freddie Oakley, Martin Peaden, Gail Pellerin, Tom Stanionis, and Tricia Webber. 2009. Implementing risk-limiting post-election audits in California. In Proceedings of the 2009 Electronic Voting Technology Workshop/Workshop on Trustworthy Computing. 19:1--19:24.
[41]
Mario Heiderich, Tilman Frosch, Marcus Niemietz, and Jörg Schwenk. 2011. The bug that made me president: A browser-- and Web-security case study on Helios voting. In E-Voting and Identity. Lection Notes in Computer Science, Vol. 7187. Springer, 89--103.
[42]
Guy Helmer, Johnny Wong, Mark Slagell, Vasant Honavar, Les Miller, and Robyn Lutz. 2002. A software fault tree approach to requirements analysis of an intrusion detection system. Requirements Engineering 7, 4, 207--220.
[43]
Elizabeth A. Henneman, George S. Avrunin, Lori A. Clarke, Leon J. Osterweil, Chester Andrzejewski Jr., Karen Merrigan, Rachel Cobleigh, Kimberly Frederick, Ethan Katz-Bassett, and Philip L. Henneman. 2007. Increasing patient safety and efficiency in transfusion therapy using formal process definitions. Transfusion Medicine Reviews 21, 1, 49--57.
[44]
L. Howard Holley and Barry K. Rosen. 1980. Qualified data flow problems. In Proceedings of the 7th ACM SIGPLAN-SIGACT Symposium on Principles of Programming languages. ACM, New York, NY, 68--82.
[45]
Jeffrey Hunker and Christian W. Probst. 2011. Insiders and insider threats—an overview of definitions and mitigation techniques. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications 2, 1, 4--27.
[46]
William A. Hyman and Erin Johnson. 2008. Fault tree analysis of clinical alarms. Journal of Clinical Engineering 33, 2, 85--94.
[47]
Radu Iosif, Matthew B. Dwyer, and John Hatcliff. 2005. Translating Java for multiple model checkers: The Bandera back end. Formal Methods in System Design 26, 2, 137--180.
[48]
Fatih Karayumak, Michaela Kauer, Maina Olembo, Tobias Volk, and Melanie Volkamer. 2011a. User study of the improved Helios voting system interfaces. In Proceedings of the 1st Workshop on Socio-Technical Aspects in Security and Trust. IEEE, Los Alamitos, CA, 37--44.
[49]
Fatih Karayumak, Maina Olembo, Michaela Kauer, and Melanie Volkamer. 2011b. Usability analysis of Helios—an open source verifiable remote electronic voting system. In Proceedings of the 2011 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections.
[50]
Tadayoshi Kohno, Adam Stubblefield, Aviel D. Rubin, and Dan S. Wallach. 2004. Analysis of an electronic voting system. In Proceedings of the 2004 IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 27--40.
[51]
Costas Lambrinoudakis, Vassilis Tsoumas, Maria Karyda, and Spyros Ikonomopoulos. 2003. Secure electronic voting: The current landscape. In Secure Electronic Voting. Advances in Information Security, Vol. 7. Kluwer, Boston, MA, 101--122.
[52]
Eric Lazarus, David Dill, Jeremy Epstein, and Joseph Lorenzo Hall. 2011. Applying a reusable election threat model at the county level. In Proceedings of the 2011 Conference on Electronic Voting Technology/Workshop on Trustworthy Elections (EVT/WOTE). 1--14.
[53]
N. G. Leveson, S. S. Cha, and T. J. Shimeall. 1991. Safety verification of Ada programs using software fault trees. IEEE Software 8, 4, 48--59.
[54]
Gavin Lowe. 1996. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In Tools and Algorithms for the Construction and Analysis of Systems. Springer-Verlag, Berlin, Germany, 147--166.
[55]
Declan McCullagh. 2007. E-Voting Predicament: Not-So-Secret Ballots. Retrieved February 3, 2017, from http://www.cnet.com/news/e-voting-predicament-not-so-secret-ballots/.
[56]
John P. McDermott. 2001. Attack net penetration testing. In Proceedings of the 2001 Workshop on New Security Paradigms (NSPW’01). ACM, New York, NY, 15--21.
[57]
Rebecca T. Mercuri and Peter G. Neumann. 2003. Verification for electronic balloting systems. In Secure Electronic Voting. Advances in Information Security, Vol. 7. Kluwer, Boston, MA, 31--42.
[58]
Shin-ichi Minato. 1996. Binary Decision Diagrams and Applications for VLSI CAD. Kluwer, Boston, MA.
[59]
Lilian Mitrou, Dimitris Gritzalis, Sokratis Katsikas, and Gerald Quirchmayr. 2003. Electronic voting: Constitutional and legal requirements, and their technical implications. In Secure Electronic Voting. Advances in Information Security, Vol. 7. Kluwer, Boston, MA, 43--60.
[60]
A. P. Moore, R. J. Ellison, and R. C. Linger. 2001. Attack Modeling for Information Security and Survivability. Technical Report. Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA.
[61]
Igor Nai Fovino, Marcelo Masera, and Alessio De Cian. 2009. Integrating cyber attacks within fault trees. Reliability Engineering and System Safety 94, 9, 1394--1402.
[62]
National Association of Secretaries of State (NASS). 2007. Survey Post Election Audits. Available at http://www.nass.org.
[63]
Office of the California Secretary of State. 2007. Top to Bottom Review of Electronic Voting Machines. Office of the California Secretary of State, Sacramento, CA.
[64]
Leon J. Osterweil, George S. Avrunin, Bin Chen, Lori A. Clarke, Rachel Cobleigh, Elizabeth A. Henneman, and Philip L. Henneman. 2007. Engineering medical processes to improve their safety. In Situational Method Engineering: Fundamentals and Experiences. IFIP International Federation for Information Processing, Vol. 244. Springer, Boston, MA, 267--282.
[65]
G. J. Pai and J. Bechta Dugan. 2002. Automatic synthesis of dynamic fault trees from UML system models. In Proceedings of the 13th International Symposium on Software Reliability Engineering. IEEE, Los Alamitos, CA, 243--254.
[66]
Sean Peisert. 2007. A Model of Forensic Analysis Using Goal-Oriented Logging. Ph.D. Dissertation. Department of Computer Science and Engineering, University of California, San Diego, CA.
[67]
Sean Peisert, Matt Bishop, Sidney Karin, and Keith Marzullo. 2007. Toward models for forensic analysis. In Proceedings of the 2nd International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE’07). IEEE, Los Alamitos, CA, 3--15.
[68]
Shari Lawrence Pfleeger, Joel B. Predd, Jeffrey Hunker, and Carla Bulford. 2010. Insiders behaving badly: Addressing bad actors and their actions. IEEE Transactions on Information Forensics and Security 5, 1, 169--179.
[69]
Huong Phan, George Avrunin, Matt Bishop, Lori A. Clarke, and Leon J. Osterweil. 2012. A systematic process-model-based approach for synthesizing attacks and evaluating them. In Proceedings of the 2012 USENIX/ACCURATE Electronic Voting Technology Workshop. 10:1--10:16.
[70]
Cynthia Phillips and Laura Painton Swiler. 1998. A graph-based system for network-vulnerability analysis. In Proceedings of the 1998 New Security Paradigms Workshop. ACM, New York, NY, 71--79.
[71]
Nayot Poolsapassit and Indrajit Ray. 2007. Investigating computer attacks using attack trees. In Advances in Digital Forensics III. IFIP International Federation for Information Processing, Vol. 242. Springer, Boston, MA, 331--343.
[72]
Christian W. Probst, Jeffrey Hunker, Dieter Gollmann, and Matt Bishop (Eds.). 2010. Insider Threats in Cyber Security. Advances in Information Security, Vol. 49. Springer, New York, NY.
[73]
Elliot Proebstel, Sean Riddle, Francis Hsu, Justin Cummins, Freddie Oakley, Tom Stanionis, and Matt Bishop. 2007. An analysis of the Hart Intercivic DAU eSlate. In Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology. 3:1--3:12.
[74]
RABA Innovative Solution Cell (RiSC). 2004. Trusted Agent Report Diebold AccuVote-TS Voting System. RABA Technologies, Columbia, MD.
[75]
Mohammad S. Raunak, Bin Chen, Amr Elssamadisy, Lori A. Clarke, and Leon J. Osterweil. 2006. Definition and analysis of election processes. In Software Process Change. Lecture Notes in Computer Science, Vol. 3966. Springer, 178--185.
[76]
Indrajit Ray and Nayot Poolsapassit. 2005. Using attack trees to identify malicious attacks from authorized insiders. In Computer Security—ESORICS 2005. Lecture Notes in Computer Science, Vol. 3679. Springer, 231--246.
[77]
Ali M. Rushdi and Omar M. Ba-rukab. 2005. Fault-tree modelling of computer system security. International Journal of Computer Mathematics 82, 7, 805--819.
[78]
Roy G. Saltman. 2003. Public confidence and auditability in voting systems. In Secure Electronic Voting. Advances in Information Security, Vol. 7. Kluwer, Boston, MA, 31--42.
[79]
Anandarup Sarkar, Sean Kohler, Sean Riddle, Bertram Ludaescher, and Matt Bishop. 2014. Insider attack identification and prevention using a declarative approach. In Proceedings of the 2014 IEEE Security and Privacy Workshops. IEEE, Los Alamitos, CA, 251--264.
[80]
Bruce Schneier. 1999. Modeling security threats. Dr. Dobb’s Journal 22, 12, 4--6.
[81]
Walter A. Shewhart. 1931. Economic Control of Quality of Manufactured Product. D. Van Nostrand Company, New York, NY.
[82]
Oleg Sheyner, Joshua Haines, Somesh Jha, Richard Lippmann, and Jeannette M. Wing. 2002a. Automated generation and analysis of attack graphs. In Proceedings of the 2002 IEEE Symposium on Security and Privacy. 273--284.
[83]
Oleg Sheyner, Joshua Haines, Somesh Jha, Richard Lippmann, and Jeannette M. Wing. 2002b. Automated generation and analysis of attack graphs. In Proceedings of the 2002 IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 273--284.
[84]
Borislava I. Simidchieva, Sophie J. Engle, Michael Clifford, Alicia Clay Jones, Sean Peisert, Matt Bishop, Lori A. Clarke, and Leon J. Osterweil. 2010. Modeling and analyzing faults to improve election process robustness. In Proceedings of the 2010 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (EVT/WOTE’10). 6:1--6:16.
[85]
Borislava I. Simidchieva, Matthew S. Marzilli, Lori A. Clarke, and Leon J. Osterweil. 2008. Specifying and verifying requirements for election processes. In Proceedings of the International Conference on Digital Government Research. 63--72.
[86]
John A. Simpson and Edmund S. C. Weiner (Eds.). 1991. The Oxford English Dictionary (2nd ed.). Clarendon Press, Oxford, UK.
[87]
Rachel L. Smith, George S. Avrunin, Lori A. Clarke, and Leon J. Osterweil. 2002. Propel: An approach supporting property elucidation. In Proceedings of the 24th International Conference on Software Engineering. ACM, New York, NY, 11--21.
[88]
Drew Springall, Travis Finkenauer, Zakir Durumeric, Jason Kitcat, Harri Hursti, Margaret MacAlpine, and J. Alex Halderman. 2014. Security analysis of the Estonian Internet voting system. In Proceedings of the 23rd ACM Conference on Computer and Communication Security. ACM, New York, NY, 703--715.
[89]
Technical Guidelines Development Committee (TGDC). 2007. Voluntary Voting System Guidelines Recommendations to the Election Assistance Commission. Technical Report. Technical Guidelines Development Committee, Election Assistance Commission, Washington, DC.
[90]
Roberto Tiella, Adolfo Villafiorita, and Silvia Tomasi. 2006. Specification of the control logic of an evoting system in UML: The provote experience. In Proceedings of the 5th International Workshop on Critical Systems Development Using Modeling Languages.
[91]
Verified Voting. 2013. Post Election Audit. Available at https://www.verifiedvoting.org/resources/post-election-audits/.
[92]
Adolfo Villafiorita, Komminist Weldemariam, and Roberto Tiella. 2009. Development, formal verification, and evaluation of an e-voting system with VVPAT. IEEE Transactions on Information Forensics and Security 4, 4, 651--661.
[93]
J. R. Ward, M. N. Lyons, S. Barclay, J. Anderson, P. Buckle, and P. J. Clarkson. 2007. Using fault tree analysis (FTA) in healthcare: A case study of repeat prescribing in primary care. In Proceedings of Patient Safety Research: Shaping the European Agenda.
[94]
Komminist Weldemariam, Richard A. Kemmerer, and Adolfo Villafiorita. 2009. Specification and Analysis of the Electronic Voting Process for the ES8S Voting System. Technical Report. Department of Computer Science, University of California at Santa Barbara, Santa Barbara, CA.
[95]
Komminist Weldemariam and Adolfo Villafiorita. 2008. Modeling and analysis of procedural security in (e)voting: The Trentino’s approach and experiences. In Proceedings of the 2008 USENIX/ACCURATE Electronic Voting Technology Workshop. 1--10.
[96]
Oliver Wiegert. 1998. Business Process Modeling and Workflow Definition with UML. SAP AG.
[97]
Alexander Wise, Aaron G. Cass, Barbara Staudt Lerner, Eric K. McCall, Leon J. Osterweil, and Stanley M. Sutton Jr. 2000. Using Little-JIL to coordinate agents in software engineering. In Proceedings of the 15th IEEE International Conference on Automated Software Engineering. IEEE, Los Alamitos, CA, 155--163.
[98]
Scott Wolchok, Eric Wustrow, Dawn Isabel, and J. Alex Halderman. 2012. Attacking the Washington, D.C. Internet voting system. In Financial Cryptography and Data Security. Lecture Notes in Computer Science, Vol. 7397. Springer, 114--128.
[99]
Christian Wolter, Philip Miseldine, and Christoph Meinel. 2009. Verification of business process entailment constraints using SPIN. In Engineering Secure Software and Systems. Lecture Notes in Computer Science, Vol. 5429. Springer, 1--15.
[100]
Alec Yasinsac, David Wagner, Matt Bishop, Ted Baker, Breno de Medeiros, Gary Tyson, Michael Shamos, and Mike Burmester. 2007. Software Review and Security Analysis of the ES8S iVoteronic 8.0.1.2 Voting Machine Firmware. Security and Assurance in Information Technology Laboratory, Florida State University, Tallahassee, FL.
[101]
Ka-Ping Yee. 2007. Building Reliable Voting Machine Software. Technical Report EECS-2007-167. Department of Electrical Engineering and Computer Science, University of California at Berkeley, Berkeley, CA.
[102]
Tao Zhang, Mingzeng Hu, Xiaochun Yun, and Yongzheng Zhang. 2005. Computer vulnerability evaluation using fault tree analysis. In Information Security Practice and Experience. Lecture Notes in Computer Science, Vol. 3439. Springer, 302--313.

Cited By

View all
  • (2024)Process Query Language: Design, Implementation, and EvaluationInformation Systems10.1016/j.is.2023.102337122(102337)Online publication date: May-2024
  • (2023)On using the Task Models for Validation and Evolution of Usable Security Design PatternsHuman Aspects of Information Security and Assurance10.1007/978-3-031-38530-8_32(405-417)Online publication date: 26-Jul-2023
  • (2021)Electronic Voting Technology Inspired Interactive Teaching and Learning Pedagogy and Curriculum Development for Cybersecurity EducationInformation Security Education for Cyber Resilience10.1007/978-3-030-80865-5_3(27-43)Online publication date: 7-Jul-2021
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Privacy and Security
ACM Transactions on Privacy and Security  Volume 20, Issue 2
May 2017
87 pages
ISSN:2471-2566
EISSN:2471-2574
DOI:10.1145/3064808
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 March 2017
Accepted: 01 January 2017
Revised: 01 November 2016
Received: 01 July 2016
Published in TOPS Volume 20, Issue 2

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Process modeling
  2. elections
  3. fault tree analysis
  4. iterative analysis
  5. model checking

Qualifiers

  • Research-article
  • Research
  • Refereed

Funding Sources

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)93
  • Downloads (Last 6 weeks)15
Reflects downloads up to 20 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Process Query Language: Design, Implementation, and EvaluationInformation Systems10.1016/j.is.2023.102337122(102337)Online publication date: May-2024
  • (2023)On using the Task Models for Validation and Evolution of Usable Security Design PatternsHuman Aspects of Information Security and Assurance10.1007/978-3-031-38530-8_32(405-417)Online publication date: 26-Jul-2023
  • (2021)Electronic Voting Technology Inspired Interactive Teaching and Learning Pedagogy and Curriculum Development for Cybersecurity EducationInformation Security Education for Cyber Resilience10.1007/978-3-030-80865-5_3(27-43)Online publication date: 7-Jul-2021
  • (2020)EcoKnowProceedings of the International Conference on Software and System Processes10.1145/3379177.3388908(155-164)Online publication date: 26-Jun-2020
  • (2019)Process and WorkflowHandbook of Software Engineering10.1007/978-3-030-00262-6_1(1-49)Online publication date: 12-Feb-2019
  • (2018)Augmenting Machine Learning with ArgumentationProceedings of the New Security Paradigms Workshop10.1145/3285002.3285005(1-11)Online publication date: 28-Aug-2018

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Full Access

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media