Modeling and analyzing faults to improve election process robustness

Authors:
Borislava I. Simidchieva;Sophie J. Engle;Michael Clifford;Alicia Clay Jones;Sean Peisert;Matt Bishop;Lori A. Clarke;Leon J. Osterweil
Affiliations:
Laboratory for Advanced Software Engineering Research, Department of Computer Science, University of Massachusetts Amherst;Computer Security Laboratory, Department of Computer Science, University of California, Davis;UC Davis;Booz Allen Hamilton;UC Davis and LBNL;UC Davis;UMass Amherst;UMass Amherst
Venue:
EVT/WOTE'10 Proceedings of the 2010 international conference on Electronic voting technology/workshop on trustworthy elections
Year:
2010

Citing 21
Cited 4

Process modeling

Communications of the ACM - Special issue on analysis and modeling in software development
An overview of workflow management: from process modeling to workflow automation infrastructure

Distributed and Parallel Databases - Special issue on software support for work flow management
A graph-based system for network-vulnerability analysis

Proceedings of the 1998 workshop on New security paradigms
Software engineering for safety: a roadmap

Proceedings of the Conference on The Future of Software Engineering
Little-JIL/Juliette: a process definition language and interpreter

Proceedings of the 22nd international conference on Software engineering
Attack net penetration testing

Proceedings of the 2000 workshop on New security paradigms
Automated Generation and Analysis of Attack Graphs

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Kepler: An Extensible System for Design and Execution of Scientific Workflows

SSDBM '04 Proceedings of the 16th International Conference on Scientific and Statistical Database Management
Fixing federal e-voting standards

Communications of the ACM - Emergency response information systems: emerging trends and technologies
Toward Models for Forensic Analysis

SADFE '07 Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering
An analysis of the hart intercivic DAU eSlate

EVT'07 Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology
Specifying and verifying requirements for election processes

dg.o '08 Proceedings of the 2008 international conference on Digital government research
Using software engineering technology to improve the quality of medical processes

Companion of the 30th international conference on Software engineering
Building reliable voting machine software

Building reliable voting machine software
Improving the security, transparency and efficiency of California's 1% manual tally procedures

EVT'08 Proceedings of the conference on Electronic voting technology
State-wide elections, optical scan voting systems, and the pursuit of integrity

IEEE Transactions on Information Forensics and Security - Special issue on electronic voting
E-voting and forensics: prying open the black box

EVT/WOTE'09 Proceedings of the 2009 conference on Electronic voting technology/workshop on trustworthy elections
Implementing risk-limiting post-election audits in California

EVT/WOTE'09 Proceedings of the 2009 conference on Electronic voting technology/workshop on trustworthy elections
Computer vulnerability evaluation using fault tree analysis

ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Using attack trees to identify malicious attacks from authorized insiders

ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Definition and analysis of election processes

SPW/ProSim'06 Proceedings of the 2006 international conference on Software Process Simulation and Modeling

Applying a reusable election threat model at the county level

EVT/WOTE'11 Proceedings of the 2011 conference on Electronic voting technology/workshop on trustworthy elections
A systematic process-model-based approach for synthesizing attacks and evaluating them

EVT/WOTE'12 Proceedings of the 2012 international conference on Electronic Voting Technology/Workshop on Trustworthy Elections
Turtles all the way down: a clean-slate, ground-up, first-principles approach to secure systems

Proceedings of the 2012 workshop on New security paradigms
Go with the flow: toward workflow-oriented security assessment

Proceedings of the 2013 workshop on New security paradigms workshop

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents an approach for continuous process improvement and illustrates its application to improving the robustness of election processes. In this approach, the Little-JIL process definition language is used to create a precise and detailed model of an election process. Given this process model and a potential undesirable event, or hazard, a fault tree is automatically derived. Fault tree analysis is then used to automatically identify combinations of failures that might allow the selected potential hazard to occur. Once these combinations have been identified, we iteratively improve the process model to increase the robustness of the election process against those combinations that seem the most likely to occur. We demonstrate this approach for the Yolo County election process. We focus our analysis on the ballot counting process and what happens when a discrepancy is found during the count. We identify two single points of failure (SPFs) in this process and propose process modifications that we then show remove these SPFs.