Formal analysis of attacks for e-voting system

Weldemariam, Komminist; Kemmerer, Richard A.; Villafiorita, Adolfo

doi:10.1109/crisis.2009.5411982

Cited by 4 publications

(2 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Existing works in this area present formal specification and verification of an e-voting system at different level of abstractions. In this area the work closest in sprit to ours can be grouped in two closely related directions: verifying cryptographic protocols (e.g., Kremer and Ryan (2005), Delaune et al (2009), Cansell et al (2007, Sampigethaya and Poovendran (2006) and Backes et al (2008)) and verifying system behavior (e.g., Tiella et al (2006), Weldemariam et al (2009b), Sturton et al (2009) and Weldemariam et al (2010)). Some of these works selectively apply formal modeling techniques where these techniques add rigor to the development or help assessing an e-voting systems.…”

Section: Related Workmentioning

confidence: 98%

Procedural security analysis: A methodological approach

Weldemariam

Villafiorita

2011

Journal of Systems and Software

Self Cite

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 98%

Procedural security analysis: A methodological approach

Weldemariam

Villafiorita

2011

Journal of Systems and Software

Self Cite

View full text Add to dashboard Cite

“…Finally, although not directly related with PbD for the sake of completeness are worth to mention approaches solely focused on either (i) quantitative threat modeling (e.g., in TMAP [19] which quantifies threats related with Commercial Off The Shelf systems -COTS -), (ii) security requirements elicitation methodologies based on risk analysis (e.g., CORAS [14], OCTAVE [20] and ISRAM [21] although they are not embedded into a TMM and -except for ISRAM -do not consider the quantitative aggregation of risks), (iii) rigorous methods for analyzing security specifications (e.g., Weldemariam and Villafiorita [22], [23] where model checking is used to derive security attacks in a e-voting scenario) and, (iv) qualitative methods to elicit security requirements (e.g., DESEREC [24]). …”

Section: Related Workmentioning

confidence: 99%

Privacy-by-design based on quantitative threat modeling

Luna

Suri

Krontiris

2012

2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS)

View full text Add to dashboard Cite

Abstract-While the general concept of "Privacy-by-Design (PbD)" is increasingly a popular one, there is considerable paucity of either rigorous or quantitative underpinnings supporting PbD. Drawing upon privacy-aware modeling techniques, this paper proposes a quantitative threat modeling methodology (QTMM) that can be used to draw objective conclusions about different privacy-related attacks that might compromise a service. The proposed QTMM has been empirically validated in the context of the EU project ABC4Trust, where the end-users actually elicited security and privacy requirements of the socalled privacy-Attribute Based Credentials (privacy-ABCs) in a real-world scenario. Our overall objective, is to provide architects of privacy-respecting systems with a set of quantitative and automated tools to help decide across functional system requirements and the corresponding trade-offs (security, privacy and economic), that should be taken into account before the actual deployment of their services.

show abstract