Procedural security analysis: A methodological approach

Abstract: This article introduces what we call procedural security analysis, an approach that allows for a systematic security assessment of (business) processes. The approach is based on explicit reasoning on asset flows and is implemented by building formal models to describe the nominal procedures under analysis, by injecting possible threat-actions of such models, and by assuming that any combination of threats can be possible in all steps into such models. We use the NuSMV input language to encode the asset flows, which are amenable for formal analysis. This allows us to understand how the switch to a new technological solution changes the requirements of an organization, with the ultimate goal of defining the new processes that ensure a sufficient level of security. We have applied the technique to a real-world electronic voting system named ProVotE to analyze the procedures used during and after elections. Such analyses are essential to identify the limits of the current procedures (i.e., conditions under which attacks are undetectable) and to identify the hypotheses that can guarantee reasonably secure electronic elections. Additionally, the results of the analyses can be a step forward to devise a set of requirements, to be applied both at the organizational level and on the (software) systems to make them more secure.

[1]  Richard A. Kemmerer,et al.  Formal Specification and Analysis of an E-voting System , 2010, 2010 International Conference on Availability, Reliability and Security.

[2]  Rik Eshuis,et al.  Symbolic model checking of UML activity diagrams , 2006, TSEM.

[3]  Melanie Volkamer,et al.  Requirements and Evaluation Procedures for eVoting , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[4]  David Basin,et al.  Proceedings of the 2003 ACM workshop on Formal methods in security engineering, FMSE 2003, Washington, DC, USA, October 30, 2003 , 2003, FMSE.

[5]  Komminist Weldemariam,et al.  Modeling and Analysis of Procedural Security in (e)Voting: The Trentino's Approach and Experiences , 2008, EVT.

[6]  Dan S. Wallach,et al.  Analysis of an electronic voting system , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[7]  Murtuza Jadliwala,et al.  Representation and analysis of coordinated attacks , 2003, FMSE '03.

[8]  Michael Backes,et al.  Automated Verification of Remote Electronic Voting Protocols in the Applied Pi-Calculus , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[9]  Marco Bozzano,et al.  The FSAP/NuSMV-SA Safety Analysis Platform , 2007, International Journal on Software Tools for Technology Transfer.

[10]  Ben Adida,et al.  Advances in cryptographic voting systems , 2006 .

[11]  Komminist Weldemariam,et al.  Development, Formal Verification, and Evaluation of an E-Voting System With VVPAT , 2009, IEEE Transactions on Information Forensics and Security.

[12]  Alin Deutsch,et al.  Automatic verification of data-centric business processes , 2009, ICDT '09.

[13]  Mark Ryan,et al.  Verifying privacy-type properties of electronic voting protocols , 2009, J. Comput. Secur..

[14]  Dominique Cansell,et al.  Formal verification of tamper-evident storage for e-voting , 2007, Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007).

[15]  David A. Basin,et al.  Model driven security for process-oriented systems , 2003, SACMAT '03.

[16]  Ivar Jacobson,et al.  Unified Modeling Language User Guide, The (2nd Edition) (Addison-Wesley Object Technology Series) , 2005 .

[17]  Mark Ryan,et al.  Analysis of an Electronic Voting Protocol in the Applied Pi Calculus , 2005, ESOP.

[18]  Costas Lambrinoudakis,et al.  Electronic voting systems: security implications of the administrative workflow , 2003, 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings..

[19]  Komminist Weldemariam,et al.  Managing Requirements for E-Voting Systems: Issues and Approaches , 1899, 2009 First International Workshop on Requirements Engineering for e-Voting Systems.

[20]  Pericles Loucopoulos,et al.  Enterprise Modelling and the Teleological Approach to Requirements Engineering , 1995, Int. J. Cooperative Inf. Syst..

[21]  Richard A. Kemmerer,et al.  Formal analysis of attacks for e-voting system , 2009, 2009 Fourth International Conference on Risks and Security of Internet and Systems (CRiSIS 2009).

[22]  Igor Nai Fovino,et al.  Through the Description of Attacks: A Multidimensional View , 2006, SAFECOMP.

[23]  Naveen Sastry Designing Voting Machines for Verification , 2006, USENIX Security Symposium.

[24]  Jianwen Su,et al.  Static Analysis of Business Artifact-centric Operational Models , 2007, IEEE International Conference on Service-Oriented Computing and Applications (SOCA '07).

[25]  Ida Hogganvik,et al.  A Graphical Approach to Security Risk Analysis , 2007 .

[26]  Hector J. Levesque,et al.  Foundations for the Situation Calculus , 1998, Electron. Trans. Artif. Intell..

[27]  Jianwen Su,et al.  Towards Formal Analysis of Artifact-Centric Business Process Models , 2007, BPM.

[28]  Ann Macintosh,et al.  Procedural Security and Social Acceptance in E-Voting , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[29]  Julian Padget,et al.  Symbolic model checking of UML statechart diagrams with an integrated approach , 2004, Proceedings. 11th IEEE International Conference and Workshop on the Engineering of Computer-Based Systems, 2004..

[30]  Dimitris Plexousakis,et al.  A Formal Model for Business Process Modeling and Design , 2000, CAiSE.

[31]  Marco Pistore,et al.  NuSMV 2: An OpenSource Tool for Symbolic Model Checking , 2002, CAV.

[32]  Richard Hull,et al.  Artifact-Centric Business Process Models: Brief Survey of Research Results and Challenges , 2008, OTM Conferences.

[33]  David Coppit,et al.  Combining various solution techniques for dynamic fault tree analysis of computer systems , 1998, Proceedings Third IEEE International High-Assurance Systems Engineering Symposium (Cat. No.98EX231).

[34]  Ann Macintosh,et al.  Procedural security analysis of electronic voting , 2004, ICEC '04.

[35]  Peter Kawalek,et al.  A methodology for business process redesign: experiences and issues , 1994, J. Strateg. Inf. Syst..

[36]  Rik Eshuis,et al.  Tool support for verifying UML activity diagrams , 2004, IEEE Transactions on Software Engineering.

[37]  Jianwen Su,et al.  Automatic construction of simple artifact-based business processes , 2009, ICDT '09.

[38]  W. Janssen,et al.  Verifying business processes using spin , 1998 .

[39]  Jianwen Su,et al.  Specification and Verification of Artifact Behaviors in Business Process Models , 2007, ICSOC.

[40]  Melanie Volkamer Evaluation of Electronic Voting - Requirements and Evaluation Procedures to Support Responsible Election Authorities , 2009, Lecture Notes in Business Information Processing.

[41]  Rik Eshuis,et al.  Semantics and Verification of UML Activity Diagrams for Workflow Modelling , 2002 .

[42]  Ka-Ping Yee Extending Prerendered-Interface Voting Software to Support Accessibility and Other Ballot Features , 2007, EVT.

[43]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[44]  Sanjit A. Seshia,et al.  On voting machine design for verification and testability , 2009, CCS.

[45]  Dimitris Plexousakis,et al.  Business Process Modelling and Design — A Formal Model and Methodology , 1999 .

[46]  Dianxiang Xu,et al.  A threat-driven approach to modeling and verifying secure software , 2005, ASE.

[47]  Zahir Tari,et al.  Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part I on On the Move to Meaningful Internet Systems: , 2008 .

[48]  Douglas W. Jones The Evaluation of Voting Technology , 2003, Secure Electronic Voting.

[49]  Komminist Weldemariam,et al.  Formal procedural security modeling and analysis , 2008, 2008 Third International Conference on Risks and Security of Internet and Systems.

[50]  Giovanni Vigna,et al.  Are your votes really counted?: testing the security of real-world electronic voting systems , 2008, ISSTA '08.

[51]  Hector J. Levesque,et al.  ConGolog, a concurrent programming language based on the situation calculus , 2000, Artif. Intell..

[52]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[53]  David Wagner,et al.  Verifying security properties in electronic voting machines , 2007 .

[54]  Marijn Janssen,et al.  Proceedings of the 6th international conference on Electronic commerce , 2004 .

[55]  Marco Pistore,et al.  Nusmv version 2: an opensource tool for symbolic model checking , 2002, CAV 2002.

[56]  Radha Poovendran,et al.  A framework and taxonomy for comparison of electronic voting schemes , 2006, Comput. Secur..

[57]  Pao-Ann Hsiung,et al.  Model Checking Safety-Critical Systems Using Safecharts , 2007, IEEE Transactions on Computers.