EEMCS

Home > Publications
Home University of Twente
Education
Research
Prospective Students
Jobs
Publications
Intranet (internal)
 
 Nederlands
 Contact
 Search
 Organisation

EEMCS EPrints Service


21492 Realizing Security Requirements with Physical Properties: A Case Study on Paper Voting
Home Policy Brochure Browse Search User Area Contact Help

van Cleeff, A. and Dimkov, T. and Pieters, W. and Wieringa, R.J. (2011) Realizing Security Requirements with Physical Properties: A Case Study on Paper Voting. In: Proceedings of the International Conference on IT Convergence and Security (ICITCS 2011), 14-16 Dec, 2011, Suwon, South Korea. pp. 51-67. Lecture Notes in Electrical Engineering 120. Springer Verlag. ISSN 1876-1100 ISBN 978-94-007-2910-0

Full text available as:

PDF
- Univ. of Twente only
1071 Kb

Official URL: http://dx.doi.org/10.1007/978-94-007-2911-7_5

Exported to Metis

Abstract

Well-established security models exist for testing and proving the logical security of IT systems. For example, we can assert the strength of cryptographic protocols and hash functions that prevent attackers from unauthorized changes of data. By contrast, security models for physical security have received far less attention. This situation is problematic, especially because IT systems are converging with physical systems, as is the case when SCADA systems are controlling industrial processes, or digital door locks in apartment buildings are replacingphysical keys.In suchcases, it is necessary to understand the strengths, weaknesses and combinations of physical and digital security mechanisms. To realize this goal, we must first learnhow security requirements are realized by the physical environment alone and this paper presents a method for analyzing this, based on the KAOS requirements engineering framework. We demonstrate our method on a security-critical case, namely an election process with paper ballots. Our analysis yields a simple ontology of physical objects usedin this process, and their security-relevant properties such as visibility, inertness and spatial architecture. We conclude with a discussion of how our results can be applied to analyze and improve the security in other processesand perform trade-off analysis, ultimately contributing to models in which physical and logical security can be analyzed together.

Item Type:Conference or Workshop Paper (Full Paper, Talk)
Research Group:EWI-IS: Information Systems, EWI-DIES: Distributed and Embedded Security
Research Program:CTIT-ISTRICE: Integrated Security and Privacy in a Networked World, UT-CST: Crime Science Twente
Research Project:VISPER: The VIrtual Security PERimeter for digital, physical, and organisational security
ID Code:21492
Status:Published
Deposited On:06 February 2012
Refereed:Yes
International:Yes
More Information:statisticsmetis

Export this item as:

To request a copy of the PDF please email us request copy

To correct this item please ask your editor

Repository Staff Only: edit this item