An Integrated Application of Security Testing Methodologies to e-voting Systems

Various technical bodies have devised methodologies to guide testers to the selection, design, and implementation of the most appropriate security testing procedures for various contexts. Their general applicability is obviously regarded as a necessary and positive feature, but its consequence is the need for a complex adaptation phase to the specific systems under test. In this work, we aim to devise a simplified, yet effective methodology tailored to suit the peculiar needs related to the security testing of e-voting systems. We pursue our goal by selecting, for each peculiar aspect of these systems, the best-fitting procedures found in the most widely adopted security testing methodologies, at the same time taking into account the specific constraints stemming from the e-voting context to prune the excess of generality that comes with them.

[1]  Michael Cohen,et al.  Developing and Retaining a Security Testing Mindset , 2008, IEEE Security & Privacy.

[2]  Gary McGraw,et al.  Software Penetration Testing , 2005, IEEE Secur. Priv..

[3]  Gary McGraw,et al.  Software Security Testing , 2004, IEEE Secur. Priv..

[4]  Jeffrey Horlick NIST HANDBOOK 150-20 2005 Edition National Voluntary Laboratory Accreditation Program INFORMATION TECHNOLOGY SECURITY TESTING: COMMON CRITERIA | NIST , 2005 .

[5]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[6]  Karen A. Scarfone,et al.  Technical Guide to Information Security Testing and Assessment , 2008 .

[7]  Giovanni Vigna,et al.  Are your votes really counted?: testing the security of real-world electronic voting systems , 2008, ISSTA '08.

[8]  General de Ciencias Sociales Voluntary Voting System Guidelines , 2010 .

[9]  Gregg Rothermel,et al.  Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis , 2004 .

[10]  Ariel J. Feldman,et al.  Security Analysis of the Diebold AccuVote-TS Voting Machine , 2007, EVT.

[11]  David A. Wagner,et al.  Risks of e-voting , 2007, CACM.

[12]  Jeremy Clark,et al.  Scantegrity: End-to-End Voter-Verifiable Optical- Scan Voting , 2008, IEEE Security & Privacy.

[13]  Murugiah P. Souppaya,et al.  Guideline on Network Security Testing , 2003 .

[14]  Herbert H. Thompson,et al.  Why Security Testing Is Hard , 2003, IEEE Secur. Priv..

[15]  Raymond Simon U.S. ELECTION ASSISTANCE COMMISSION , 2008 .

[16]  Karen A. Scarfone,et al.  SP 800-115. Technical Guide to Information Security Testing and Assessment , 2008 .