Threat Analysis Lunar Security Services. 2 Overview Definitions Representation Challenges “The Unthinkable” Strategies & Recommendations.

Slides:



Advertisements
Similar presentations
I Think I Voted. E-voting vs. Democracy Prof. David L. Dill Department of Computer Science Stanford University
Advertisements

Electronic Voting Systems
Voting Systems.  DS200 – new 2013  DS850 – new 2013  AutoMARK Voting Equipment.
Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)
TGDC Meeting, Jan 2011 Evaluating risk within the context of the voting process Ann McGeehan Director of Elections Office of the Texas Secretary of State.
By Varun Jain. Introduction  Florida 2000 election fiasco, drew conclusion that paper ballots couldn’t be counted  Computerized voting system, DRE (Direct.
Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.
Is There a Security Problem in Computing? Network Security / G. Steffen1.
Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.
Lecture 1: Overview modified from slides of Lawrie Brown.
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.
CYBER CRIME AND SECURITY TRENDS
Guide to the Voting Action Planner Voting is the way we elect government officials, pass laws and decide on issues…
TESTING THE SECRUITY OF ELECTRONIC VOTING SYSTEM Presented By: NIPUN NANDA
Threat Analysis Natalie Podrazik February 27, 2006 CS 491V/691V.
12/9-10/2009 TGDC Meeting TGDC Recommendations Research as requested by the EAC John P. Wack National Institute of Standards and Technology
Introduction to Network Defense
Absentee Ballot Central Count General Introduction Step by step procedure Forms Tool Kit Dale Simmons, Co-General Counsel: (317) or (800)
Introduction (Based on Lecture slides by J. H. Wang)
 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.
TOWARDS OPEN VOTE VERIFICATION METHOD IN E-VOTING Ali Fawzi Najm Al-Shammari17’th July2012 Sec Vote 2012.
Chapter 16 Designing Effective Output. E – 2 Before H000 Produce Hardware Investment Report HI000 Produce Hardware Investment Lines H100 Read Hardware.
Computer Security: Principles and Practice
ELECTIONS Upcoming Trends. ELECTIONS ADMINSTRATORS Duties o Protect the security and integrity of the elections o Redistricting o Secure polling locations.
E-Voting Dissent Sara Wilson, Katie Noto, John Massie, Will Sutherland, Molly Cooper.
Taking Total Control of Voting Systems: Firmware Manipulations on an Optical Scan Voting Terminal Nicolas Nicolaou Voting Technology Research (VoTeR) Center.
1 A Vision for the Testing of Election Systems in a HAVA World Eric Lazarus
Georgia Electronic Voting System Testing and Security Voting Systems Testing Summit November 29, 2005.
Electronic Voting: The 2004 Election and Beyond Prof. David L. Dill Department of Computer Science Stanford University
Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.
Briefing for NIST Acting Director James Turner regarding visit from EAC Commissioners March 26, 2008 For internal use only 1.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
CSCE 522 Secure Software Development Best Practices.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 3.
What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
.  Define risk and risk management  Describe the components of risk management  List and describe vulnerability scanning tools  Define penetration.
SECURITY IN CLOUD COMPUTING By Bina Bhaskar Anand Mukundan.
Idaho Procedures M100 OPTICAL SCAN PRECINCT TABULATOR.
How and what to observe in e-enabled elections Presentation by Mats Lindberg, Election Adviser, Organisation for Security and Co-operation in Europe (OSCE)
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Security Codesign Steve Dawson and Victoria Stavridou Bruno Dutertre, Josh Levy, Bob Riemenschneider, Hassen Saidi, Tomas Uribe System Design Laboratory.
Against E-Voting Ryan Egan, Amber Jones, Alyssa Sankin, Page Stephens, Amber Straight, Philip Sugg, and Diana Troisi Direct recording electronic (DRE)
Computers in Society Electronic Voting. Team Projects What is your name? Application? Presentation? Copyright The software industry The open source business.
CSCE 201 Secure Software Development Best Practices.
Software Engineering1  Verification: The software should conform to its specification  Validation: The software should do what the user really requires.
How to Count Your Ballots Christina Worrell Adkins Election Law Seminar December 2015.
Absentee Voting Legal Discussion & Reminders for 2016.
CS223: Software Engineering Lecture 14: Architectural Patterns.
12/9-10/2009 TGDC Meeting The VVSG Version 1.1 Overview John P. Wack National Institute of Standards and Technology
DS200 PROCEDURES SPEAKER TOUCH SCREEN DISPLAY
Idaho Procedures M650 GREEN LIGHT OPTICAL SCAN TABULATOR.
Next VVSG Training Security: Testing Requirements October 15-17, 2007 Nelson Hastings Alicia Clay Jones National Institute of Standards and Technology.
ON “SOFTWARE ENGINEERING” SUBJECT TOPIC “RISK ANALYSIS AND MANAGEMENT” MASTER OF COMPUTER APPLICATION (5th Semester) Presented by: ANOOP GANGWAR SRMSCET,
1. Definition : Malicious code refers to a program that is covertly inserted into another program with the intent to Malicious activities. 2.
1 Election Day Operations for TSX Counties Prepared and Presented by: Matt Grubbs, Director of Elections/HAVA.
The VVSG 2005 Revision Overview EAC Standards Board Meeting February 26-27, 2009 John P. Wack NIST Voting Program National Institute.
Vulnerability Assessment Sequoia Voting Systems October 10, 2006.
Election Inspector Training
Information Systems Security
CS457 Introduction to Information Security Systems
Evaluating risk within the context of the voting process
E-voting …and why it’s good..
Con Electronic Voting Preston Pope, Zach White, Ankit Shrivastava, Max Alexander.
Improving Reliability of Direct Recording Electronic Voting Systems
Texas Secretary of State Elections Division
Engineering Secure Software
Making Every Vote Count
Presentation transcript:

Threat Analysis Lunar Security Services

2 Overview Definitions Representation Challenges “The Unthinkable” Strategies & Recommendations

3 Background What is threat analysis? – Potential Attacks/Threats/Risks – Analysis – Countermeasures – Future Preparations NIST’s “Introduction to Threat Analysis Workshop”, October 2005

4 Stakes People – Voters – Candidates – Poll Workers – Political Groups – Developers – Board of Elections – Attackers – More... Voting: A System of... – IT – American Politics – Duty – Trust – Inclusion – Safety – Process – Precedence...if it works

5 Means of Representation General tactic: – Identify possible attackers – Identify goals of attacker – Enumerate possible ways to achieve goals – Locate key system vulnerabilities – Create resolution plan

6 Bruce Sheneier, Dr. Dobb’s Journal, 1999: – Used to “model threats against computer systems” Continual breaking down of goals and means to achieve them Attack Tree Simple Example Cost propagationMultiple Costs

7 Attack Tree Evaluation Creation – Refining over time – Realistic costs Advantages – Identifies key security issues – Documenting plans of attack and likelihood – Knowing the system Disadvantages – Amount of documentation – Can only ameliorate foreseen circumstances – Difficult to prioritize/quantize factors Shortened version of an Attack Tree for the interception of a message send with a PGP header.

8 Other Means of Representation Threat Catalog – Doug Jones – Attacks -> vulnerabilities -> analysis of defense – Challenges Organization Technology Identity Scale of Attack Fault Tree Analysis – Ensures product performance from software – Attempts to avoid single-point, catastrophic failures

9 Challenges Vulnerabilities – System – Process Variety of possible attacks New Field: Systems Engineering Attack Detection Attack Resolution -> too many dimensions to predict all possibilities, but we’ll try to name a few…

10 “The Unthinkable”, Part 1 1.Chain Voting 2.Votes On A Roll 3.The Disoriented Optical Scanner 4.When A Number 2 Pencil Is Not Enough 5....we found these poll workers where?

11 “The Unthinkable”, Part 2 6.This DRE “fell off the delivery truck”... 7.The Disoriented Touch Screen 8.The Confusing Ballot (Florida 2000 Election) 9.Third Party “Whoopsies” 10.X-ray vision through walls of precinct

Natalie Podrazik – “The Unthinkable”, Part 3 11.“Oops” code 12.Do secure wireless connections exist? 13.I’d rather not have your help, thanks Trojan Horse 15.Replaceable firmware on Optical Scanners

Natalie Podrazik – “The Unthinkable”, Part 4 16.Unfinished vote = free vote for somebody else 17.“I think I know what they meant by...” 18.Group Conspiracy: “These machines are broken.” 19.“That’s weird. It’s a typo.” 20.Denial of Service Attack

Natalie Podrazik – My Ideas... Write-in bomb threat, terrorist attack, backdoor code Swapping of candidate boxes (developers) at last minute on touch-DRE; voters don’t know the difference Children in the voting booth

15 Strategies & Recommendations Create Fault Trees to counter Attack Tree goals using the components set forth in Brennan Study Tamper Tape Use of “independent expert security team” – Inspection – Assessment – Full Access Use of “Red Team Exercises” on: – Hardware design – Hardware/Firmware configuration – Software Design – Software Configuration – Voting Procedures (not hardware or software, but people and process)

16 Conclusions Attack Trees – Identify agents, scenarios, resources, system-wide flaws Challenges: dimensions in system analysis Unforeseen circumstances Independent Team of Experts, but how expert can they be?

17 Works Cited 1.All 20 “The Unthinkable” scenarios available at: Goldbrick Gallery’s 25 Best Editorial Cartoons of Online: Jones, Doug. “Threat Taxonomy Overview” slides, from the NIST Threats to Voting Workshop, 7 October Online: Mell, Peter. “Handling IT System Threat Information” slides, from the NIST Threats to Voting Workshop, 7 October Online: “Recommendations of the Brennan Center for Justice and the Leadership Conference on Civil Rights for Improving Reliability of Direct Recording Electronic Voting Systems”: ndations.pdf: ndations.pdf 6.Wack, John, and Skall, Mark. “Introduction to Threat Analysis Workshop” slides, from the NIST Threats to Voting Workshop, 7 October Online: Wikipedia Entry for fault tree:

18 Attack Tree: Open Safe The goal of the attacker here is to Open Safe. The means by which he/she accomplishes this is described by each subsequent box. The dotted lines denote the most likely possibilities. Attack Tree…

19 Attack Tree: Likelihood by Cost The goal of the attacker here is to Open Safe. The dollar amounts for each box are propagated from the leaf node(s) of each branch, making the most likely estimate along the dotted line, costing $10K to cut open the safe. Note that each parent-child relationship is an implied OR, unless explicitly noted, as in the Eavesdrop action. Attack Tree…

20 Attack Tree: Multiple Factors The goal of the attacker here is to Open Safe. Two factors are considered when calculating the most likely (efficient) approach an attacker would take: the use of special equipment and monetary cost to carry out the job. The dotted lines show the best plan of action. Attack Tree…

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.