ConGolog, a concurrent programming language based on the situation calculus
Artificial Intelligence
Business Process Modelling and Design — A Formal Model and Methodology
BT Technology Journal
Combining Various Solution Techniques for Dynamic Fault Tree Analysis of Computer Systems
HASE '98 The 3rd IEEE International Symposium on High-Assurance Systems Engineering
A Formal Model for Business Process Modeling and Design
CAiSE '00 Proceedings of the 12th International Conference on Advanced Information Systems Engineering
Model driven security for process-oriented systems
Proceedings of the eighth ACM symposium on Access control models and technologies
Electronic Voting Systems: Security Implications of the Administrative Workflow
DEXA '03 Proceedings of the 14th International Workshop on Database and Expert Systems Applications
Tool Support for Verifying UML Activity Diagrams
IEEE Transactions on Software Engineering
Symbolic Model Checking of UML Statechart Diagrams with an Integrated Approach
ECBS '04 Proceedings of the 11th IEEE International Conference and Workshop on Engineering of Computer-Based Systems
Representation and analysis of coordinated attacks
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
Procedural Security and Social Acceptance in E-Voting
HICSS '05 Proceedings of the Proceedings of the 38th Annual Hawaii International Conference on System Sciences (HICSS'05) - Track 5 - Volume 05
Procedural security analysis of electronic voting
ICEC '04 Proceedings of the 6th international conference on Electronic commerce
Unified Modeling Language User Guide, The (2nd Edition) (Addison-Wesley Object Technology Series)
Unified Modeling Language User Guide, The (2nd Edition) (Addison-Wesley Object Technology Series)
A threat-driven approach to modeling and verifying secure software
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Symbolic model checking of UML activity diagrams
ACM Transactions on Software Engineering and Methodology (TOSEM)
The FSAP/NuSMV-SA Safety Analysis Platform
International Journal on Software Tools for Technology Transfer (STTT) - Special Section on Advances in Automated Verification of Critical Systems
Requirements and Evaluation Procedures for eVoting
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Model Checking Safety-Critical Systems Using Safecharts
IEEE Transactions on Computers
Designing voting machines for verification
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Static Analysis of Business Artifact-centric Operational Models
SOCA '07 Proceedings of the IEEE International Conference on Service-Oriented Computing and Applications
Advances in cryptographic voting systems
Advances in cryptographic voting systems
Formal verification of tamper-evident storage for e-voting
SEFM '07 Proceedings of the Fifth IEEE International Conference on Software Engineering and Formal Methods
Extending prerendered-interface voting software to support accessibility and other ballot features
EVT'07 Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology
Verifying security properties in electronic voting machines
Verifying security properties in electronic voting machines
Automated Verification of Remote Electronic Voting Protocols in the Applied Pi-Calculus
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
The temporal logic of programs
SFCS '77 Proceedings of the 18th Annual Symposium on Foundations of Computer Science
Are your votes really counted?: testing the security of real-world electronic voting systems
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Specification and Verification of Artifact Behaviors in Business Process Models
ICSOC '07 Proceedings of the 5th international conference on Service-Oriented Computing
Artifact-Centric Business Process Models: Brief Survey of Research Results and Challenges
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Modeling and analysis of procedural security in (e)voting: the Trentino's approach and experiences
EVT'08 Proceedings of the conference on Electronic voting technology
Automatic construction of simple artifact-based business processes
Proceedings of the 12th International Conference on Database Theory
Automatic verification of data-centric business processes
Proceedings of the 12th International Conference on Database Theory
Verifying privacy-type properties of electronic voting protocols
Journal of Computer Security
On voting machine design for verification and testability
Proceedings of the 16th ACM conference on Computer and communications security
Development, formal verification, and evaluation of an E-voting system with VVPAT
IEEE Transactions on Information Forensics and Security - Special issue on electronic voting
Towards formal analysis of artifact-centric business process models
BPM'07 Proceedings of the 5th international conference on Business process management
Managing Requirements for E-Voting Systems: Issues and Approaches
RE-VOTE '09 Proceedings of the 2009 First International Workshop on Requirements Engineering for e-Voting Systems
Analysis of an electronic voting protocol in the applied pi calculus
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Applying a reusable election threat model at the county level
EVT/WOTE'11 Proceedings of the 2011 conference on Electronic voting technology/workshop on trustworthy elections
Hi-index | 0.00 |
Abstract: This article introduces what we call procedural security analysis, an approach that allows for a systematic security assessment of (business) processes. The approach is based on explicit reasoning on asset flows and is implemented by building formal models to describe the nominal procedures under analysis, by injecting possible threat-actions of such models, and by assuming that any combination of threats can be possible in all steps into such models. We use the NuSMV input language to encode the asset flows, which are amenable for formal analysis. This allows us to understand how the switch to a new technological solution changes the requirements of an organization, with the ultimate goal of defining the new processes that ensure a sufficient level of security. We have applied the technique to a real-world electronic voting system named ProVotE to analyze the procedures used during and after elections. Such analyses are essential to identify the limits of the current procedures (i.e., conditions under which attacks are undetectable) and to identify the hypotheses that can guarantee reasonably secure electronic elections. Additionally, the results of the analyses can be a step forward to devise a set of requirements, to be applied both at the organizational level and on the (software) systems to make them more secure.