Procedural security analysis: A methodological approach

This article introduces what we call procedural security analysis, an approach that allows for a systematic security assessment of (business) processes. The approach is based on explicit reasoning on asset flows and is implemented by building formal models to describe the nominal procedures under an...

Full description

Saved in:
Bibliographic Details
Published inThe Journal of systems and software Vol. 84; no. 7; pp. 1114 - 1129
Main Authors Weldemariam, Komminist, Villafiorita, Adolfo
Format Journal Article
LanguageEnglish
Published New York Elsevier Inc 01.07.2011
Elsevier Sequoia S.A
Subjects
Business
Business process reengineering
Computer programs
Elections
Electronic voting
Electronics
Formal specification and verification
Information systems
Mathematical models
Programming languages
Security
Security assessment
Security management
Software
Studies
Switches
Voting machines
Formal specification and verification
Security assessment
Electronic voting
Online AccessGet full text

Cover

More Information
Summary:This article introduces what we call procedural security analysis, an approach that allows for a systematic security assessment of (business) processes. The approach is based on explicit reasoning on asset flows and is implemented by building formal models to describe the nominal procedures under analysis, by injecting possible threat-actions of such models, and by assuming that any combination of threats can be possible in all steps into such models. We use the NuSMV input language to encode the asset flows, which are amenable for formal analysis. This allows us to understand how the switch to a new technological solution changes the requirements of an organization, with the ultimate goal of defining the new processes that ensure a sufficient level of security. We have applied the technique to a real-world electronic voting system named ProVotE to analyze the procedures used during and after elections. Such analyses are essential to identify the limits of the current procedures (i.e., conditions under which attacks are undetectable) and to identify the hypotheses that can guarantee reasonably secure electronic elections. Additionally, the results of the analyses can be a step forward to devise a set of requirements, to be applied both at the organizational level and on the (software) systems to make them more secure.
Bibliography:ObjectType-Article-2
SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 23
ISSN:0164-1212
1873-1228
DOI:10.1016/j.jss.2011.01.064