Realizing Security Requirements with Physical Properties: A Case Study on Paper Voting

A. van Cleeff, T. Dimkov, Wolter Pieters, Roelf J. Wieringa

Research output: Chapter in Book/Report/Conference proceedingConference contribution

  • 1 Citations

Abstract

Well-established security models exist for testing and proving the logical security of IT systems. For example, we can assert the strength of cryptographic protocols and hash functions that prevent attackers from unauthorized changes of data. By contrast, security models for physical security have received far less attention. This situation is problematic, especially because IT systems are converging with physical systems, as is the case when SCADA systems are controlling industrial processes, or digital door locks in apartment buildings are replacingphysical keys.In suchcases, it is necessary to understand the strengths, weaknesses and combinations of physical and digital security mechanisms. To realize this goal, we must first learnhow security requirements are realized by the physical environment alone and this paper presents a method for analyzing this, based on the KAOS requirements engineering framework. We demonstrate our method on a security-critical case, namely an election process with paper ballots. Our analysis yields a simple ontology of physical objects usedin this process, and their security-relevant properties such as visibility, inertness and spatial architecture. We conclude with a discussion of how our results can be applied to analyze and improve the security in other processesand perform trade-off analysis, ultimately contributing to models in which physical and logical security can be analyzed together.
LanguageUndefined
Title of host publicationProceedings of the International Conference on IT Convergence and Security (ICITCS 2011)
EditorsKuinam J. Kim, Seong Jin Ahn
Place of PublicationLondon
PublisherSpringer Verlag
Pages51-67
Number of pages17
ISBN (Print)978-94-007-2910-0
DOIs
StatePublished - Dec 2011

Publication series

NameLecture Notes in Electrical Engineering
PublisherSpringer Verlag
Volume120
ISSN (Print)1876-1100

Keywords

  • METIS-285120
  • IR-79653
  • Electronic voting
  • KAOS
  • Security requirements engineering
  • EWI-21492
  • integrated security
  • paper-voting
  • SCS-Services
  • SCS-Cybersecurity
  • physical security

Cite this

van Cleeff, A., Dimkov, T., Pieters, W., & Wieringa, R. J. (2011). Realizing Security Requirements with Physical Properties: A Case Study on Paper Voting. In K. J. Kim, & S. J. Ahn (Eds.), Proceedings of the International Conference on IT Convergence and Security (ICITCS 2011) (pp. 51-67). (Lecture Notes in Electrical Engineering; Vol. 120). London: Springer Verlag. DOI: 10.1007/978-94-007-2911-7_5
van Cleeff, A. ; Dimkov, T. ; Pieters, Wolter ; Wieringa, Roelf J./ Realizing Security Requirements with Physical Properties: A Case Study on Paper Voting. Proceedings of the International Conference on IT Convergence and Security (ICITCS 2011). editor / Kuinam J. Kim ; Seong Jin Ahn. London : Springer Verlag, 2011. pp. 51-67 (Lecture Notes in Electrical Engineering).
@inproceedings{37ffe367aa8244008af30570ff828aea,
title = "Realizing Security Requirements with Physical Properties: A Case Study on Paper Voting",
abstract = "Well-established security models exist for testing and proving the logical security of IT systems. For example, we can assert the strength of cryptographic protocols and hash functions that prevent attackers from unauthorized changes of data. By contrast, security models for physical security have received far less attention. This situation is problematic, especially because IT systems are converging with physical systems, as is the case when SCADA systems are controlling industrial processes, or digital door locks in apartment buildings are replacingphysical keys.In suchcases, it is necessary to understand the strengths, weaknesses and combinations of physical and digital security mechanisms. To realize this goal, we must first learnhow security requirements are realized by the physical environment alone and this paper presents a method for analyzing this, based on the KAOS requirements engineering framework. We demonstrate our method on a security-critical case, namely an election process with paper ballots. Our analysis yields a simple ontology of physical objects usedin this process, and their security-relevant properties such as visibility, inertness and spatial architecture. We conclude with a discussion of how our results can be applied to analyze and improve the security in other processesand perform trade-off analysis, ultimately contributing to models in which physical and logical security can be analyzed together.",
keywords = "METIS-285120, IR-79653, Electronic voting, KAOS, Security requirements engineering, EWI-21492, integrated security, paper-voting, SCS-Services, SCS-Cybersecurity, physical security",
author = "{van Cleeff}, A. and T. Dimkov and Wolter Pieters and Wieringa, {Roelf J.}",
note = "10.1007/978-94-007-2911-7_5",
year = "2011",
month = "12",
doi = "10.1007/978-94-007-2911-7_5",
language = "Undefined",
isbn = "978-94-007-2910-0",
series = "Lecture Notes in Electrical Engineering",
publisher = "Springer Verlag",
pages = "51--67",
editor = "Kim, {Kuinam J.} and Ahn, {Seong Jin}",
booktitle = "Proceedings of the International Conference on IT Convergence and Security (ICITCS 2011)",
address = "Germany",

}

van Cleeff, A, Dimkov, T, Pieters, W & Wieringa, RJ 2011, Realizing Security Requirements with Physical Properties: A Case Study on Paper Voting. in KJ Kim & SJ Ahn (eds), Proceedings of the International Conference on IT Convergence and Security (ICITCS 2011). Lecture Notes in Electrical Engineering, vol. 120, Springer Verlag, London, pp. 51-67. DOI: 10.1007/978-94-007-2911-7_5

Realizing Security Requirements with Physical Properties: A Case Study on Paper Voting. / van Cleeff, A.; Dimkov, T.; Pieters, Wolter; Wieringa, Roelf J.

Proceedings of the International Conference on IT Convergence and Security (ICITCS 2011). ed. / Kuinam J. Kim; Seong Jin Ahn. London : Springer Verlag, 2011. p. 51-67 (Lecture Notes in Electrical Engineering; Vol. 120).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Realizing Security Requirements with Physical Properties: A Case Study on Paper Voting

AU - van Cleeff,A.

AU - Dimkov,T.

AU - Pieters,Wolter

AU - Wieringa,Roelf J.

N1 - 10.1007/978-94-007-2911-7_5

PY - 2011/12

Y1 - 2011/12

N2 - Well-established security models exist for testing and proving the logical security of IT systems. For example, we can assert the strength of cryptographic protocols and hash functions that prevent attackers from unauthorized changes of data. By contrast, security models for physical security have received far less attention. This situation is problematic, especially because IT systems are converging with physical systems, as is the case when SCADA systems are controlling industrial processes, or digital door locks in apartment buildings are replacingphysical keys.In suchcases, it is necessary to understand the strengths, weaknesses and combinations of physical and digital security mechanisms. To realize this goal, we must first learnhow security requirements are realized by the physical environment alone and this paper presents a method for analyzing this, based on the KAOS requirements engineering framework. We demonstrate our method on a security-critical case, namely an election process with paper ballots. Our analysis yields a simple ontology of physical objects usedin this process, and their security-relevant properties such as visibility, inertness and spatial architecture. We conclude with a discussion of how our results can be applied to analyze and improve the security in other processesand perform trade-off analysis, ultimately contributing to models in which physical and logical security can be analyzed together.

AB - Well-established security models exist for testing and proving the logical security of IT systems. For example, we can assert the strength of cryptographic protocols and hash functions that prevent attackers from unauthorized changes of data. By contrast, security models for physical security have received far less attention. This situation is problematic, especially because IT systems are converging with physical systems, as is the case when SCADA systems are controlling industrial processes, or digital door locks in apartment buildings are replacingphysical keys.In suchcases, it is necessary to understand the strengths, weaknesses and combinations of physical and digital security mechanisms. To realize this goal, we must first learnhow security requirements are realized by the physical environment alone and this paper presents a method for analyzing this, based on the KAOS requirements engineering framework. We demonstrate our method on a security-critical case, namely an election process with paper ballots. Our analysis yields a simple ontology of physical objects usedin this process, and their security-relevant properties such as visibility, inertness and spatial architecture. We conclude with a discussion of how our results can be applied to analyze and improve the security in other processesand perform trade-off analysis, ultimately contributing to models in which physical and logical security can be analyzed together.

KW - METIS-285120

KW - IR-79653

KW - Electronic voting

KW - KAOS

KW - Security requirements engineering

KW - EWI-21492

KW - integrated security

KW - paper-voting

KW - SCS-Services

KW - SCS-Cybersecurity

KW - physical security

U2 - 10.1007/978-94-007-2911-7_5

DO - 10.1007/978-94-007-2911-7_5

M3 - Conference contribution

SN - 978-94-007-2910-0

T3 - Lecture Notes in Electrical Engineering

SP - 51

EP - 67

BT - Proceedings of the International Conference on IT Convergence and Security (ICITCS 2011)

PB - Springer Verlag

CY - London

ER -

van Cleeff A, Dimkov T, Pieters W, Wieringa RJ. Realizing Security Requirements with Physical Properties: A Case Study on Paper Voting. In Kim KJ, Ahn SJ, editors, Proceedings of the International Conference on IT Convergence and Security (ICITCS 2011). London: Springer Verlag. 2011. p. 51-67. (Lecture Notes in Electrical Engineering). Available from, DOI: 10.1007/978-94-007-2911-7_5