Abstract
Various technical bodies have devised methodologies to guide testers to the selection, design, and implementation of the most appropriate security testing procedures for various contexts. Their general applicability is obviously regarded as a necessary and positive feature, but its consequence is the need for a complex adaptation phase to the specific systems under test. In this work, we aim to devise a simplified, yet effective methodology tailored to suit the peculiar needs related to the security testing of e-voting systems. We pursue our goal by selecting, for each peculiar aspect of these systems, the best-fitting procedures found in the most widely adopted security testing methodologies, at the same time taking into account the specific constraints stemming from the e-voting context to prune the excess of generality that comes with them.
Chapter PDF
References
Arkin, B., Stender, S., McGraw, G.: Software penetration testing. Security & Privacy, IEEE 3(1), 84–87 (2005)
Bonver, E., Cohen, M.: Developing and retaining a security testing mindset. Security & Privacy, IEEE 6(5), 82–85 (2008)
Potter, B., McGraw, G.: Software security testing. Security & Privacy, IEEE 2(5), 81–85 (2004)
Thompson, H.: Why security testing is hard. Security & Privacy, IEEE 1(4), 83–86 (2003)
Brown, T., Anderson, W., et al.: Open vulnerability assessment system (December 2009)
Moser, M., Aharoni, M., Muench, M.J., et al.: Backtrack (June 2009)
Horlick, J.: HB 150-20 Information Technology Security Testing: Common Criteria. National Institute of Standards and Technology (October 2005)
Scarfone, K., Cody, A., Souppaya, M., Orebaugh, A.: SP 800-115 Technical Guide to Information Security Testing and Assessment. National Institute of Standards and Technology (September 2008)
Technical Guidelines Development Committee (ed.): 5.4. In: Voluntary Voting System Guidelines Recommendations to the Election Assistance Commission. U.S. Election Assistance Commission (August 2007)
U.S. Election Assistance Commission (ed.): Voluntary Voting System Guidelines. U.S. Election Assistance Commission (2005)
Chaum, D., Essex, A., Carback, R., Clark, J., Popoveniuc, S., Sherman, A., Vora, P.: Scantegrity: End-to-end voter-verifiable optical- scan voting. Security Privacy, IEEE 6(3), 40–46 (2008)
Adida, B.: Helios: web-based open-audit voting. In: SS’08: Proceedings of the 17th conference on Security symposium, pp. 335–348. USENIX Association, Berkeley (2008)
Feldman, A.J., Halderman, J.A., Felten, E.W.: Security analysis of the diebold accuvote-ts voting machine. In: EVT’07: Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology, p. 2. USENIX Association, Berkeley (2007)
Bishop, M., Wagner, D.: Risks of e-voting. ACM Commun. 50(11), 120–120 (2007)
Balzarotti, D., Banks, G., Cova, M., Felmetsger, V., Kemmerer, R., Robertson, W., Valeur, F., Vigna, G.: Are your votes really counted?: testing the security of real-world electronic voting systems. In: ISSTA ’08: Proceedings of the 2008 international symposium on Software testing and analysis, pp. 237–248. ACM, New York (2008)
Wagner, D.: Report of the california voting system review (USENIX Security Symposium (2007), http://www.usenix.org/events/sec07/tech/
Ohio secretary of state (pub): Evaluation & validation of election-related equipment, standards & testing - /SOS/elections/voterInformation/equipment/VotingSystemReviewFindings.aspx, http://www.sos.state.oh.us
Open Information Systems Security Group: Information systems security assessment framework (2006)
Institute for Security and Open Methodologies: Open source security testing methodology manual (2009)
Wack, J., Tracy, M., Souppaya, M.: SP 800-42 Guideline on Network Security Testing. National Institute of Standards and Technology (October 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 IFIP International Federation for Information Processing
About this paper
Cite this paper
Ramilli, M., Prandini, M. (2010). An Integrated Application of Security Testing Methodologies to e-voting Systems. In: Tambouris, E., Macintosh, A., Glassey, O. (eds) Electronic Participation. ePart 2010. Lecture Notes in Computer Science, vol 6229. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15158-3_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-15158-3_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15157-6
Online ISBN: 978-3-642-15158-3
eBook Packages: Computer ScienceComputer Science (R0)