Security Requirements with Physical Properties: A Case Study on Paper Voting


Share/Save/Bookmark

Cleeff, André van and Dimkov, Trajce and Pieters, Wolter and Wieringa, Roel (2012) Security Requirements with Physical Properties: A Case Study on Paper Voting. In: Proceedings of the International Conference on IT Convergence and Security 2011. Lecture Notes in Electrical Engineering, 120 . Springer Verlag, London, pp. 51-67. ISBN 9789400729100

[img] PDF
Restricted to UT campus only

1MB
Abstract:Well-established security models exist for testing and proving the logical security of IT systems. For example, we can assert the strength of cryptographic protocols and hash functions that prevent attackers from unauthorized changes of data. By contrast, security models for physical security have received far less attention. This situation is problematic, especially because IT systems are converging with physical systems, as is the case when SCADA systems are controlling industrial processes, or digital door locks in apartment buildings are replacingphysical keys.In suchcases, it is necessary to understand the strengths, weaknesses and combinations of physical and digital security mechanisms. To realize this goal, we must first learnhow security requirements are realized by the physical environment alone and this paper presents a method for analyzing this, based on the KAOS requirements engineering framework. We demonstrate our method on a security-critical case, namely an election process with paper ballots. Our analysis yields a simple ontology of physical objects usedin this process, and their security-relevant properties such as visibility, inertness and spatial architecture. We conclude with a discussion of how our results can be applied to analyze and improve the security in other processesand perform trade-off analysis, ultimately contributing to models in which physical and logical security can be analyzed together.
Item Type:Book Section
Copyright:© 2012 Springer
Faculty:
Electrical Engineering, Mathematics and Computer Science (EEMCS)
Research Group:
Link to this item:http://purl.utwente.nl/publications/79653
Official URL:http://dx.doi.org/10.1007/978-94-007-2911-7_5
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page