A systematic process-model-based approach for synthesizing attacks and evaluating them
作者: George Avrunin , Lori A. Clarke , Matt Bishop , Leon J. Osterweil , Huong Phan
DOI:
关键词:
摘要: This paper describes a systematic approach for incrementally improving the security of election processes by using model process to develop attack plans and then incorporating each plan into determine if it can complete successfully. More specifically, our first applies fault tree analysis detailed find vulnerabilities that an adversary might be able exploit, thus identifying potential attacks. Based on such vulnerability, we formally evaluate process's robustness against plan. If appropriate, also propose modifications reapply ensure will not succeed. Although is described in context domain, would seem effective analyzing vulnerability other domains.
ucdavis.edu 参考文章(39)
Saghar Estehghari, Yvo Desmedt, Exploiting the client vulnerabilities in internet E-voting systems: hacking Helios 2.0 as an example conference on electronic voting technology workshop on trustworthy elections. pp. 1- 9 ,(2010)
Sean Peisert, Mark Graff, Matt Bishop, Candice Hoke, David Jefferson, E-voting and forensics: prying open the black box conference on electronic voting technology workshop on trustworthy elections. ,vol. 2009, pp. 3- 3 ,(2009)
Natalia Stakhanova, Mark Slagell, Guy G. Helmer, Vasant Honavar, Johnny S. K. Wong, Yanxin Wang, Xia Wang, Les L. Miller, Software Fault Tree and Colored Petri Net Based Specification, Design and Implementation of Agent-Based Intrusion Detection Systems IEEE Transactions on Software Engineering. ,(2001)
P Buckle, PJ Clarkson, MN Lyons, S Barclay, Ward, J Anderson, Using fault tree analysis (FTA) in healthcare: a case study of repeat prescribing in primary care N/A. ,(2007)
David Gilliam, John D. Powell, Model based verification of the Secure Socket Layer (SSL) Protocol for NASA systems Pasadena, CA : Jet Propulsion Laboratory, National Aeronautics and Space Administration, 2004. ,(2004)
Mohammad S. Raunak, Bin Chen, Amr Elssamadisy, Lori A. Clarke, Leon J. Osterweil, Definition and Analysis of Election Processes Software Process Change. ,vol. 3966, pp. 178- 185 ,(2006) , 10.1007/11754305_20
Chris Karlof, David Wagner, Naveen Sastry, Cryptographic voting protocols: a systems perspective usenix security symposium. pp. 3- 3 ,(2005)
Rajeev Alur, Kousha Etessami, P. Madhusudan, A Temporal Logic of Nested Calls and Returns tools and algorithms for construction and analysis of systems. ,vol. 2988, pp. 467- 481 ,(2004) , 10.1007/978-3-540-24730-2_35
Adolfo Villafiorita, Komminist Weldemariam, Modeling and analysis of procedural security in (e)voting: the Trentino's approach and experiences conference on electronic voting technology workshop on trustworthy elections. pp. 10- ,(2008)
D. P. Gilliam, J. D. Powell, Model checking for network security requirements via a flexible modeling framework ,(2001)