Applying a Reusable Election Threat Model at the County Level

We describe the first systematic, quantitative threat evaluation in a local election jurisdiction in the U.S., Marin County, California, in the November 2010 general election. We made use of a reusable threat model that we have developed over several years. The threat model is based on attack trees with several novel enhancements to promote model reuse and flexible metrics, implemented in a software tool, AttackDog. We assess the practicality of reusable threat models for local elections offices and analyze specific vulnerabilities in Marin County, using as our metric "attack team size" (ATS) - the number of individuals who are knowingly involved in election fraud.

[1]  Komminist Weldemariam,et al.  Procedural security analysis: A methodological approach , 2011, J. Syst. Softw..

[2]  Jeffrey P. Landry,et al.  A Risk Assessment Model for Voting Systems using Threat Trees and Monte Carlo Simulation , 2009, 2009 First International Workshop on Requirements Engineering for e-Voting Systems.

[3]  Dan S. Wallach,et al.  Analysis of an electronic voting system , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[4]  Bruce Schneier,et al.  Toward a secure system engineering methodolgy , 1998, NSPW '98.

[5]  D. Dill,et al.  The Role of Dice in Election Audits – Extended Abstract , 2006 .

[6]  Bin Chen,et al.  Definition and Analysis of Election Processes , 2006, SPW/ProSim.

[7]  Borislava I. Simidchieva,et al.  Modeling and Analyzing Faults to Improve Election Process Robustness , 2010, EVT/WOTE.

[8]  Nicolas C. Nicolaou,et al.  Determining the Causes of AccuVote Optical Scan Voting Terminal Memory Card Failures , 2010, EVT/WOTE.

[9]  Ahto Buldas,et al.  Practical Security Analysis of E-Voting Systems , 2007, IWSEC.

[10]  E. Wheeler,et al.  Toward Clarifying Election Systems Standards , 2005 .

[11]  Philip B. Stark,et al.  Implementing Risk-Limiting Post-Election Audits in California , 2009, EVT/WOTE.

[12]  Borislava I. Simidchieva,et al.  Specifying and verifying requirements for election processes , 2008, DG.O.

[13]  Joseph Lorenzo Hall Improving the Security, Transparency and Efficiency of California's 1% Manual Tally Procedures , 2008, EVT.

[14]  Hovav Shacham,et al.  You Go to Elections with the Voting System You Have: Stop-Gap Mitigations for Deployed Voting Systems , 2008, EVT.

[15]  Giovanni Vigna,et al.  EVEREST: Evaluation and Validation of Election-Related Equipment, Standards and Testing , 2007 .

[16]  Lawrence D. Norden,et al.  The Machinery of Democracy - Protecting Elections in an Electronic World , 2007 .

[17]  J. Harold Pardue,et al.  A Process for Assessing Voting System Risk Using Threat Trees , 2010 .