Applying a reusable election threat model at the county level

Authors:
Eric L. Lazarus;David L. Dill;Jeremy Epstein;Joseph Lorenzo Hall
Affiliations:
DecisionSmith;Stanford University, Computer Science Department;SRI International, Computer Science Laboratory;University of California, Berkeley, School of Information and Princeton University, Center for Information Technology Policy
Venue:
EVT/WOTE'11 Proceedings of the 2011 conference on Electronic voting technology/workshop on trustworthy elections
Year:
2011

Citing 11
Cited 2

Toward a secure system engineering methodolgy

Proceedings of the 1998 workshop on New security paradigms
Specifying and verifying requirements for election processes

dg.o '08 Proceedings of the 2008 international conference on Digital government research
You go to elections with the voting system you have: stop-gap mitigations for deployed voting systems

EVT'08 Proceedings of the conference on Electronic voting technology
Improving the security, transparency and efficiency of California's 1% manual tally procedures

EVT'08 Proceedings of the conference on Electronic voting technology
Practical security analysis of e-voting systems

IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
A Risk Assessment Model for Voting Systems using Threat Trees and Monte Carlo Simulation

RE-VOTE '09 Proceedings of the 2009 First International Workshop on Requirements Engineering for e-Voting Systems
Implementing risk-limiting post-election audits in California

EVT/WOTE'09 Proceedings of the 2009 conference on Electronic voting technology/workshop on trustworthy elections
Determining the causes of AccuVote optical scan voting terminal memory card failures

EVT/WOTE'10 Proceedings of the 2010 international conference on Electronic voting technology/workshop on trustworthy elections
Modeling and analyzing faults to improve election process robustness

EVT/WOTE'10 Proceedings of the 2010 international conference on Electronic voting technology/workshop on trustworthy elections
Procedural security analysis: A methodological approach

Journal of Systems and Software
Definition and analysis of election processes

SPW/ProSim'06 Proceedings of the 2006 international conference on Software Process Simulation and Modeling

A systematic process-model-based approach for synthesizing attacks and evaluating them

EVT/WOTE'12 Proceedings of the 2012 international conference on Electronic Voting Technology/Workshop on Trustworthy Elections
Go with the flow: toward workflow-oriented security assessment

Proceedings of the 2013 workshop on New security paradigms workshop

Quantified Score

Hi-index	0.00

Visualization

Abstract

We describe the first systematic, quantitative threat evaluation in a local election jurisdiction in the U.S., Marin County, California, in the November 2010 general election. We made use of a reusable threat model that we have developed over several years. The threat model is based on attack trees with several novel enhancements to promote model reuse and flexible metrics, implemented in a software tool, AttackDog. We assess the practicality of reusable threat models for local elections offices and analyze specific vulnerabilities in Marin County, using as our metric "attack team size" (ATS) - the number of individuals who are knowingly involved in election fraud.