Procedural security analysis: A methodological approach

Weldemariam, Komminist; Villafiorita, Adolfo

doi:10.1016/j.jss.2011.01.064

Cited by 9 publications

(8 citation statements)

References 44 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Work Brief description Requirement Engineering, e.g., [9], [10], [11], [12], [13] Contribute to the definition, development and structuring of requirements for e-voting systems with a clear separation between functional and non-functional requirements (e.g., audits log features) as well as the specifications for various hardware components' requirements. Business Process (Re)engineering, e.g., [14], [15], [16], [17], [18] Understand the effective implementation of e-voting procedures, namely by using BPR to understand what changes could be introduced to the conventional voting procedures to allow a safe and secure transition to electronic elections. Design & Implementation, e.g., [19], [20], [21], [22], [23], [24] Design of cryptographic schemes, protocols, and/or techniques to improve the design of voting systems or machines, as well as the actual implementation of the voting systems themselves.…”

Section: Classification Of the Development Trendsmentioning

confidence: 99%

“…Here, the authors aimed at understanding the problematic trust/delegation relationships and eventually finding ways to adopt a solution to detect security properties violations at design time. Finally, a methodology based on formal notion specifically to support the procedural security analysis is discussed in [17].…”

Section: A Requirements Engineering and Bprmentioning

confidence: 99%

“…The current trends in this area can be grouped into three closely related verification focuses: verifying cryptographic protocols, e.g., [28], [29], system behavior, e.g., [30], [31], [32], and procedures, e.g., [17], [40].…”

Section: A Security Assessmentmentioning

confidence: 99%

“…The authors in [17] complemented the works discussed above by widening their analysis scope with procedures analysis. An approach to reason on security properties of the to-be models (which are derived from asis model) in order to evaluate procedural alternatives in evoting systems is presented [40].…”

Section: A Security Assessmentmentioning

confidence: 99%

See 3 more Smart Citations

Understanding the Development Trends of Electronic Voting Systems

Al-Shammari

Villafiorita

Weldemariam

2012

2012 Seventh International Conference on Availability, Reliability and Security

Self Cite

View full text Add to dashboard Cite

During the past few years a huge interests in evoting has occurred, which resulted in a significant funding for e-voting research and development (R&D) projects with the aim of developing trustworthy e-voting systems. Although it is good that major e-voting development trends are capitalizing on previous R&D efforts in other domains, it is difficult to say that the necessary R&D efforts has been utilized to realize the vision and principles of e-voting. Today, we now have a much better understanding of the issues that pose the development of a trustworthy e-voting system. In this paper, we categorize and analyze the most important research and development trends in e-voting systems. We identify the lessons learned from these projects and analyze whether the existing R&D projects meet the identified flaws in past. Finally, based on these results the way to the future of e-voting R&D is postulated.

show abstract

Section: Classification Of the Development Trendsmentioning

confidence: 99%

Section: A Requirements Engineering and Bprmentioning

confidence: 99%

Section: A Security Assessmentmentioning

confidence: 99%

Section: A Security Assessmentmentioning

confidence: 99%

See 2 more Smart Citations

Understanding the Development Trends of Electronic Voting Systems

Al-Shammari

Villafiorita

Weldemariam

2012

2012 Seventh International Conference on Availability, Reliability and Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…The majority of current proposals in the active research on security in the domain of BPM address either the analysis of security properties (e.g., [8,22]) or the augmentation of business process models with security requirement or control specifications (e.g., [6,7,23]). …”

Section: Related Workmentioning

confidence: 99%

SecEPM: A Security Engineering Process Model for Electronic Business Processes

Eichler

2012

2012 IEEE Ninth International Conference on E-Business Engineering

View full text Add to dashboard Cite

Abstract-Business process management (BPM) and accompanying systems allow organizations to react faster both to environmental and market changes. Therefore, BPM is widely applied in industry. Although organizations depend on the secure enactment of electronic business processes, existing BPM languages and techniques provide only little support for security. Several approaches have been proposed to close the gap for security in the domain of BPM. Nevertheless, an approach to develop secure electronic business processes systematically is still missing. In this paper, we provide the design as well as key entities of our Security Engineering Process Model (SecEPM) for electronic business processes. SecEPM guides security, business process, and domain experts through the development of secure business processes from the identification of security goals to the selection and configuration of security controls. It integrates security in the development life cycle of electronic business processes in a flexible way, thus allowing for a secure, adaptable organization.

show abstract