Iterative Analysis to Improve Key Properties of Critical Human-Intensive Processes: An Election Security Example
作者: Leon J. Osterweil , Matt Bishop , Heather M. Conboy , Huong Phan , Borislava I. Simidchieva
DOI: 10.1145/3041041
关键词:
摘要: In this article, we present an approach for systematically improving complex processes, especially those involving human agents, hardware devices, and software systems. We illustrate the utility of by applying it to part election process show how can improve security correctness that subprocess. use Little-JIL definition language create a precise detailed process. Given definition, two forms automated analysis explore whether specified key properties, such as safety policies, be undermined. First, model checking identify execution sequences fail conform event-sequence properties. After these are addressed, apply fault tree when misperformance steps might allow undesirable outcomes, breaches. The results analyses provide assurance about process; suggest areas improvement; and, applied modified evaluate proposed changes.
acm.org
sci-hub.se 参考文章(83)
Nayot Poolsapassit, Indrajit Ray, Investigating Computer Attacks Using Attack Trees international conference on digital forensics. pp. 331- 343 ,(2007) , 10.1007/978-0-387-73742-3_23
M.A. Friedman, Automated software fault-tree analysis of Pascal programs reliability and maintainability symposium. pp. 458- 461 ,(1993) , 10.1109/RAMS.1993.296815
Fatih Karayumak, Michaela Kauer, M Maina Olembo, Tobias Volk, Melanie Volkamer, None, User study of the improved Helios voting system interfaces 2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST). pp. 37- 44 ,(2011) , 10.1109/STAST.2011.6059254
J. P. McDermott, Attack net penetration testing new security paradigms workshop. pp. 15- 21 ,(2001) , 10.1145/366173.366183
Anandarup Sarkar, Sven Kohler, Sean Riddle, Bertram Ludaescher, Matt Bishop, Insider Attack Identification and Prevention Using a Declarative Approach ieee symposium on security and privacy. pp. 265- 276 ,(2014) , 10.1109/SPW.2014.41
Matt Bishop, Heather M. Conboy, Huong Phan, Borislava I. Simidchieva, George S. Avrunin, Lori A. Clarke, Leon J. Osterweil, Sean Peisert, Insider Threat Identification by Process Analysis ieee symposium on security and privacy. pp. 251- 264 ,(2014) , 10.1109/SPW.2014.40
Drew Springall, Travis Finkenauer, Zakir Durumeric, Jason Kitcat, Harri Hursti, Margaret MacAlpine, J. Alex Halderman, Security Analysis of the Estonian Internet Voting System computer and communications security. pp. 703- 715 ,(2014) , 10.1145/2660267.2660315
Matthew B. Dwyer, George S. Avrunin, James C. Corbett, Patterns in property specifications for finite-state verification international conference on software engineering. pp. 411- 420 ,(1999) , 10.1145/302405.302672
Shin-ichi Minato, Binary Decision Diagrams and Applications for VLSI CAD ,(2012)
George S. Avrunin, Lori A. Clarke, Elizabeth A. Henneman, Leon J. Osterweil, Complex medical processes as context for embedded systems ACM SIGBED Review. ,vol. 3, pp. 9- 14 ,(2006) , 10.1145/1183088.1183091