security auditability and threats the vvsg2007 security
play

Security, Auditability, and Threats: The VVSG2007 Security - PowerPoint PPT Presentation

Jan 12, 2024 •105 likes •292 views

Technical Guidelines Development Committee Meeting December 4 and 5, 2006 Security, Auditability, and Threats: The VVSG2007 Security Architecture Presentation for the Technical Guidelines Development Committee (TGDC) John Kelsey Dec 4/ 5,

  1. Technical Guidelines Development Committee Meeting December 4 and 5, 2006 Security, Auditability, and Threats: The VVSG2007 Security Architecture Presentation for the Technical Guidelines Development Committee (TGDC) John Kelsey Dec 4/ 5, 2006 National I nstitute of Standards and Technology VVSG Security Architecture--Kelsey Dec 4/ 5, 2006 - Page 1

  2. Technical Guidelines Development Committee Meeting December 4 and 5, 2006 Security Requirements � Goal: Write a standard that leads to secure voting systems! � We need to understand: � Security requirements and attacker goals/resources � Voting system architectures � Threats to voting systems � Write requirements to block attacks � Ensure those requirements are testable! Looking at the big picture VVSG Security Architecture--Kelsey Dec 4/ 5, 2006 - Page 2

  3. Technical Guidelines Development Committee Meeting December 4 and 5, 2006 Roadmap: Attackers-> Threats-> Standard � Understand attacker goals and resources � Determine how attacker might accomplish those goals --> Threats � Determine defenses to block threats � Write testable requirements to ensure presence and effectiveness of these defenses VVSG Security Architecture--Kelsey Dec 4/ 5, 2006 - Page 3

  4. Technical Guidelines Development Committee Meeting December 4 and 5, 2006 How Does VVSG2007 Address Threats? � For each voting system architecture: � Identify significant threats � Block threats (ideally, block whole classes of threat) � Blocking = Prevention or Detection Example: paper ballots in ballot box � Prevention: Padlock on ballot box � Detection: Tamper-evident seal on box VVSG Security Architecture--Kelsey Dec 4/ 5, 2006 - Page 4

  5. Technical Guidelines Development Committee Meeting December 4 and 5, 2006 Current Voting System Architectures � Precinct Count Optical Scan � Hand-marked � Ballot marking devices/ ballot printing devices � DRE+ VVPAT � Paper-roll � Cut-sheet � DRE VVSG Security Architecture--Kelsey Dec 4/ 5, 2006 - Page 5

  6. Technical Guidelines Development Committee Meeting December 4 and 5, 2006 What are the attacker’s goals? � Change outcome of election � This is where we spend most of our analysis! � Defeat ballot secrecy � With or without voter’s help � Disrupt election � Force election to be re-run or decided in courts VVSG Security Architecture--Kelsey Dec 4/ 5, 2006 - Page 6

  7. Technical Guidelines Development Committee Meeting December 4 and 5, 2006 How Do We Know About Threats? � History and folklore about voting systems � Harris book, election officials, voting people � Current information on computer attacks � Computer security literature, CERT, security people � Analysis of voting system components in the lab � Hopkins, RABA, Hursti, Princeton, Compuware,… � Analysis of voting systems w/ procedures � Brennan Center, NIST Threats Workshops VVSG Security Architecture--Kelsey Dec 4/ 5, 2006 - Page 7

  8. Technical Guidelines Development Committee Meeting December 4 and 5, 2006 Threat Methodology Wrong question: Can I tamper with a voting machine? Right question: Can I tamper with an election? � Consider a close statewide election: Look for ways to tamper with outcome! � Parameters like # voting machines, # polling places, how big change can be before noticed � Consider procedural defenses! � Evaluate attacks based on attack team size VVSG Security Architecture--Kelsey Dec 4/ 5, 2006 - Page 8

  9. Technical Guidelines Development Committee Meeting December 4 and 5, 2006 Roadmap: Attackers-> Threats-> Standard � Understand attacker goals and resources � Determine how attacker might accomplish those goals --> Threats � Determine defenses to block threats � Write testable requirements to ensure presence and effectiveness of these defenses VVSG Security Architecture--Kelsey Dec 4/ 5, 2006 - Page 9

  10. Technical Guidelines Development Committee Meeting December 4 and 5, 2006 Requiring Security Controls � Some threats can be prevented or detected by specific security controls � Event logs � Access control � Software distribtution � System configuration management � Digital signatures on electronic records VVSG Security Architecture--Kelsey Dec 4/ 5, 2006 - Page 10

  11. Technical Guidelines Development Committee Meeting December 4 and 5, 2006 Procedural Defenses � Some threats blocked by procedural defenses: � Example Threat : Tampering PCOS scanner software � Procedural Defense: Random auditing recount of ballots from a few precincts VVSG Security Architecture--Kelsey Dec 4/ 5, 2006 - Page 11

  12. Technical Guidelines Development Committee Meeting December 4 and 5, 2006 Procedures in an Equipment Standard? � Require equipment to support the procedures it needs to address threats for its architecture: � Specific hardware/software requirements to ensure that procedure can function effectively. � Documentation requirements: user documentation must show how to do procedure. � Technical documentation must show lab why procedure accomplishes desired security goals. VVSG Security Architecture--Kelsey Dec 4/ 5, 2006 - Page 12

  13. Technical Guidelines Development Committee Meeting December 4 and 5, 2006 Example: Parallel Testing � Determine if the voting machines are misbehaving on election day. � Procedure: Isolate a few random voting machines, run an all-day test on them. � Requirement: The voting machine must never be able to find out it’s being tested. VVSG Security Architecture--Kelsey Dec 4/ 5, 2006 - Page 13

  14. Technical Guidelines Development Committee Meeting December 4 and 5, 2006 This Leads to Equipment Req’ts � Voting machines…. � Must not receive signals during voting. � Must not learn they are being tested by authorizations to vote. � Must not have any observable change between test and voting environment � These are equipment requirements, needed to support parallel testing! VVSG Security Architecture--Kelsey Dec 4/ 5, 2006 - Page 14

  15. Technical Guidelines Development Committee Meeting December 4 and 5, 2006 And to Other Requirements � The voting machine documentation must explain how to carry out a parallel test � VSTL verifies that documentation gives a good parallel test--accomplishes security goals. � In open-ended testing, VSTL attempts to find: � Ways for voting machine to notice test environment � Ways for anyone to get message into voting machine VVSG Security Architecture--Kelsey Dec 4/ 5, 2006 - Page 15

  16. Technical Guidelines Development Committee Meeting December 4 and 5, 2006 How Are Requirements Enforced? Checklist -> Documentation -> OEVT � VSTL checks to make sure required security controls are present and correctly used. � Documentation requirements--VSTL reads and verifies correctness of documentation � OEVT--open-ended testing, VSTL attempts to find ways in which security of voting system can be violated. VVSG Security Architecture--Kelsey Dec 4/ 5, 2006 - Page 16

  17. Technical Guidelines Development Committee Meeting December 4 and 5, 2006 Conclusions � VVSG2007 security standards based heavily on threat analysis � Drawn from extensive literature review, historical data, and internal and external analysis, and workshops � Procedural requirements -> equipment and documentation requirements � Equipment, Documentation, and OEVT requirements fit together to improve chances of getting secure voting systems. VVSG Security Architecture--Kelsey Dec 4/ 5, 2006 - Page 17

  18. Technical Guidelines Development Committee Meeting December 4 and 5, 2006 VVSG Security Architecture--Kelsey Dec 4/ 5, 2006 - Page 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC 410 / 611 : Operating Systems CPSC410/611: Security Security Security Attacks Security Threats Crypto Authentication Examples SSL Security Threats Breach of confidentiality unauthorized access to

458 views • 18 slides
Module 20: Security The Security Problem Authentication Program Threats System

Module 20: Security The Security Problem Authentication Program Threats System

Module 20: Security The Security Problem Authentication Program Threats System Threats Threat Monitoring Encryption Silberschatz and Galvin 1999 Operating System Concepts 20.1 The Security Problem Security must

155 views • 11 slides
Module 19: Security The Security Problem Authentication Program Threats System

Module 19: Security The Security Problem Authentication Program Threats System

Module 19: Security The Security Problem Authentication Program Threats System Threats Securing Systems Intrusion Detection Encryption Windows NT Operating System Concepts Silberschatz, Galvin and Gagne 2002

425 views • 9 slides
Integrated Security Curriculum Conceptions of SECURITY RISK THREATS TECH VALUES The Big

Integrated Security Curriculum Conceptions of SECURITY RISK THREATS TECH VALUES The Big

5/18/2017 Integrated Security Curriculum Conceptions of SECURITY RISK THREATS TECH VALUES The Big Picture: Integrated Security Pathways Cyber Security ISERC Student portal National Security Studies CAPSTONE: Gateway course Peace Studies

298 views • 3 slides
Com puter Security - Part Three Last tim e Multilevel and multilateral security Threats

Com puter Security - Part Three Last tim e Multilevel and multilateral security Threats

Com puter Security - Part Three Last tim e Multilevel and multilateral security Threats Security policies Confidentiality Policies Policy The Bell-LaPadula Model Specification Integrity Policies The Biba

698 views • 49 slides
Roadmap for Section 7.1 The Security Problem - a Definition Program & System Threats

Roadmap for Section 7.1 The Security Problem - a Definition Program & System Threats

Unit OS7: Security 7.1. The Security Problem Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 7.1 The Security Problem - a Definition Program & System Threats Security

518 views • 6 slides
International and Global Security 1 Peer Discussion What is security? 2 International

International and Global Security 1 Peer Discussion What is security? 2 International

International and Global Security 1 Peer Discussion What is security? 2 International Security What is security? Freedom from threats to core values? Contestation over referent object: Individual? State? System? How is security achieved?

715 views • 11 slides
One Resilience Noel L.J. Miranda, Bio-security/Bio-threats Preparedness Consultant ARF

One Resilience Noel L.J. Miranda, Bio-security/Bio-threats Preparedness Consultant ARF

Bio-security and -preparedness within One Resilience Noel L.J. Miranda, Bio-security/Bio-threats Preparedness Consultant ARF CROSS-SECTORAL SECURITY COOPERATION ON BIO-PREPAREDNESS AND DISASTER RESPONSE WORKSHOP 26-28 August 2014, Makati City,

446 views • 19 slides
Com puter Security Part Tw o Previously Introduction Threat analysis Threats

Com puter Security Part Tw o Previously Introduction Threat analysis Threats

Com puter Security Part Tw o Previously Introduction Threat analysis Threats Policy Specification Design Implementation Operation and Maintenance Now Multilateral and Multilevel security Security policies

355 views • 24 slides
Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

ITS335 Intro. to Security Concepts Threats, Attacks, Assets Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2

965 views • 34 slides
Introduction What I do Research new vulnerabilities, malware, and other security threats

Introduction What I do Research new vulnerabilities, malware, and other security threats

Introduction What I do Research new vulnerabilities, malware, and other security threats Create defensive measures Evaluate security software What this talk is about Windows rootkits How they are used How they work

790 views • 54 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

374 views • 13 slides
Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

1.12k views • 92 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

932 views • 55 slides
Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security risks. Attacks in a cloud environment, top threats. Security, a major concern for cloud users. Privacy. Trust. Operating systems

661 views • 38 slides
17Nov19 Information Security Essentials Recognizing Threats in Your Daily Routine This

17Nov19 Information Security Essentials Recognizing Threats in Your Daily Routine This

17Nov19 Information Security Essentials Recognizing Threats in Your Daily Routine This module will teach you what is information security, how to identify and avoid potential security risks in the workplace and beyond. 1 Introduction

406 views • 7 slides
info@ttitel.com www.ttitel.com About Us TTI has been effectively implementing technologies for

info@ttitel.com www.ttitel.com About Us TTI has been effectively implementing technologies for

International Headquarters 483 10 th Ave Suite 425 New York, NY 10018 + 1 888-692-4262 info@ttitel.com www.ttitel.com About Us TTI has been effectively implementing technologies for the hospitality industry since 1991 serving hotels,

180 views • 17 slides
Tube Inspect TubeInspect Efficient quality assurance for tube and wire manufacturing About

Tube Inspect TubeInspect Efficient quality assurance for tube and wire manufacturing About

Tube Inspect TubeInspect Efficient quality assurance for tube and wire manufacturing About AICON Founded in 1990 as a spin-off from Volkswagen R&D and the Technical University Braunschweig by Carl-Thomas Schneider and Werner

595 views • 48 slides
Optical Position sensor (Finishing) Diamond Detector for Secondaries (Starting) Meeting - Wire

Optical Position sensor (Finishing) Diamond Detector for Secondaries (Starting) Meeting - Wire

Projects Review: Optical Position sensor (Finishing) Diamond Detector for Secondaries (Starting) Meeting - Wire Scanner Electronics 15/03/2013 Jose Luis Sirvent PhD. Student 1. Optical Position Sensor A)Electronics (Schematic): Laser

352 views • 17 slides
Framework Service Drawdown Available to all of Civil and Public Service 01 st October 2019 Derek

Framework Service Drawdown Available to all of Civil and Public Service 01 st October 2019 Derek

Robotic Process Automation Framework Service Drawdown Available to all of Civil and Public Service 01 st October 2019 Derek Melia and Oonagh Hackett 2 Framework Design Journey A Request for Information (RFI) issued to the market in

321 views • 16 slides
Agenda Introduction Predictive Simulation Simulated Sensors for AV Optis Overview

Agenda Introduction Predictive Simulation Simulated Sensors for AV Optis Overview

P R E D I C T I V E R E N D E R I N G S I M U L AT I O N F O R I N D U S T R I A L C A S E S N ICOLAS D ALMASSO | I NNOVA TION D IRECTOR www.optis-world.com Agenda Introduction Predictive Simulation Simulated Sensors for AV Optis Overview

611 views • 40 slides
Early Contractor Involvement and Project Productivity - Don't forget the people 12 November 2019

Early Contractor Involvement and Project Productivity - Don't forget the people 12 November 2019

Early Contractor Involvement and Project Productivity - Don't forget the people 12 November 2019 Jonathan Ralph A little about me Jonathan Ralph Consultant with Currie & Brown Chartered quantity surveyor 30 years in construction 29

599 views • 20 slides
Getting Too Real: Consequences of Immersion in Positive and Negative Outcomes Nofar Duani Stern

Getting Too Real: Consequences of Immersion in Positive and Negative Outcomes Nofar Duani Stern

Getting Too Real: Consequences of Immersion in Positive and Negative Outcomes Nofar Duani Stern School of Business, NYU Xun He Vlerick Business School Giulia Maimone Rady School of Management, UCSD Aleksey Myroniv Foster School of Business, UW

315 views • 4 slides
GIRI online members forum: Addressing a 'race to the bottom' attitude, post-COVID 19 2 nd July

GIRI online members forum: Addressing a 'race to the bottom' attitude, post-COVID 19 2 nd July

GIRI online members forum: Addressing a 'race to the bottom' attitude, post-COVID 19 2 nd July 2020 Working together to eliminate error, by industry, for industry. Online forum: housekeeping Presentation is being recorded Raise

363 views • 32 slides

More recommend