Abstract
Well-established security models exist for testing and proving the logical security of IT systems. For example, we can assert the strength of cryptographic protocols and hash functions that prevent attackers from unauthorized changes of data. By contrast, security models for physical security have received far less attention. This situation is problematic, especially because IT systems are converging with physical systems, as is the case when SCADA systems are controlling industrial processes, or digital door locks in apartment buildings are replacing physical keys. In such cases, it is necessary to understand the strengths, weaknesses and combinations of physical and digital security mechanisms. To realize this goal, we must first learn how security requirements are realized by the physical environment alone and this paper presents a method for analyzing this, based on the KAOS requirements engineering framework. We demonstrate our method on a security-critical case, namely an election process with paper ballots. Our analysis yields a simple ontology of physical objects used in this process, and their security-relevant properties such as visibility, inertness and spatial architecture. We conclude with a discussion of how our results can be applied to analyze and improve the security in other processes and perform trade-off analysis, ultimately contributing to models in which physical and logical security can be analyzed together.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
By a "digital X" we mean an X realized in software.
- 2.
For brevity, we will not elaborate on the distinction between KAOS goals and requirements.
- 3.
References
Grove J (2004) ACM statement on voting systems. Comm ACM 47(10):69–70
Yasinsac A, Bishop M (2008) The dynamics of counting and recounting votes. IEEE Secur Privacy 6(3):22–29
Kim KY, Kim DJ, Lee BG (2011) Pre-test analysis for first experiences of korean e-voting services, in future information technology, ser. communications in computer and information science. Park JJ, Yang LT, Lee C (eds) vol 185. Springer, Berlin, pp 272–279
Probst C, Hansen R, Nielson F (2007) Where can an insider attack? in formal aspects in security and trust, ser. LNCS, vol 4691. Springer, Berlin, pp 127–142
Dimkov T, Pieters W, Hartel P (2010) Portunes: representing attack scenarios spanning through the physical, digital and social domain, in ARSPA-WITS, 2010
Weldemariam K, Villafiorita A (2011) Procedural security analysis: a methodological approach. J Syst Softw 84(7):1114–1129
Bryl V, Dalpiaz F, Ferrario R, Mattioli A (2009) Evaluating procedural alternatives: a case study in e-voting. Electron Government, Int J 6(2):213–231
Pardue H, Landry J, Yasinsac A (2009) A risk assessment model for voting systems using threat trees and monte carlo simulation. In: Proceedings of the 2009 1st international workshop on requirements engineering for e-voting systems, IEEE Computer Society, pp 55–60
Harris J (1934) Election administration in the United States. The Brookings Institution, Washington
OSCE Office for Democratic Institutions and Human Rights (ODIHR), Guidelines for reviewing a legal framework for elections. ODIHR, 2001
Handbook for domestic election observers. ODIHR, 2003, ISBN 83-912750-8-6
Election observation handbook, 5th edn. ODIHR, 2005, ISBN 83-60190-00-3
Haley C, Laney R, Moffett J, Nuseibeh B (2008) Security requirements engineering: a framework for representation and analysis. IEEE Trans Softw Eng 34(1):133–153
OSCE/ODIHR Expert group report 11–30 May 2009, Elections to the European Parliament 4–7 June 2009. ODIHR, September 2009
Ministery van Binnenlandse Zaken en Koninkrijksrelaties (2009) Werkmap voor stembureauleden - versie ‘stemmen in een willekeurig stemlokaal’. (in Dutch)
van Lamsweerde A (2009) Requirements engineering: from system goals to UML models to software specifications. Wiley, New York
Jonker H (2009) Security matters: privacy in voting and fairness in digital exchange. Ph.D. dissertation, University of Luxembourg/Technische Universiteit Eindhoven, Luxembourg
Kalloniatis C, Kavakli E, Gritzalis S (2008) Addressing privacy requirements in system design: the PriS method. Requirements Eng 13(3):241–255
Langer L, Schmidt A, Buchmann J, Volkamer M (2010) A taxonomy refining the security requirements for electronic voting: analyzing helios as a proof of concept. In: 2010 international conference on availability, reliability and security. IEEE, pp 475–480
Puiggali J, Morales-Rocha V (2007) Remote voting schemes: a comparative analysis, in e-voting and identity ser. LNCS, vol 4896. Springer, Berlin, pp 16–28
van Cleeff A, Dimkov T, Pieters W, Wieringa RJ (2011) The security of paper voting. Universiteit Twente, Technical Report, October 2011, in preparation
California Institute of Technology and The Massachusetts Institute of Technology Corporation (2001) VOTING: What is; what could be
van Eerden J, de Jong R (eds) (2008) Fraude en ongewenste beĂ¯nvloeding bij verkiezingen. Kiesraad, (in Dutch
Norden L (2006) The Machinery of democracy: voting system security, accessibility, usability and cost. Brennan Center for Justice at NYU School of Law, New York
Jones D (2005) Threats to voting systems. In: NIST workshop on threats to voting systems, http://vote.nist.gov/threats/papers/threats_to_voting_systems.pdf. Retrieved 20 Aug 2011
Chaum D, Carback R, Clark J, Essex A, Popoveniuc A, Rivest R, Ryan P, Shen E, Sherman A (2008) Scantegrity ii: End-to-end verifiability for optical scan election systems using invisible ink confirmation codes. In: Proceedings of the USENIX/Accurate electronic voting technology workshop, 2008
Krimmer R, Volkamer M (2005) Bits or paper? comparing remote electronic voting to postal voting. In: EGOV (Workshops and Posters), 2005, pp 225–232
Jones D (2005) Chain voting http://vote.nist.gov/threats/papers/ChainVoting.pdf. Retrieved 20 Aug 2011
Spycher O, Haenni R, Dubuis E (2010) Coercion-resistant hybrid voting systems. In: Krimmer R, Grimm R (eds) 4th international workshop on electronic voting, Bregenz, Austria, 2010
Acknowledgements
This research is supported by the research program Sentinels (www.sentinels.nl). Sentinels is being financed by Technology Foundation STW, the Netherlands Organization for Scientific Research (NWO), and the Dutch Ministry of Economic Affairs.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer Science+Business Media B.V.
About this paper
Cite this paper
van Cleeff, A., Dimkov, T., Pieters, W., Wieringa, R. (2012). Realizing Security Requirements with Physical Properties: A Case Study on Paper Voting. In: Kim, K., Ahn, S. (eds) Proceedings of the International Conference on IT Convergence and Security 2011. Lecture Notes in Electrical Engineering, vol 120. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-2911-7_5
Download citation
DOI: https://doi.org/10.1007/978-94-007-2911-7_5
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-007-2910-0
Online ISBN: 978-94-007-2911-7
eBook Packages: EngineeringEngineering (R0)