Toward Clarifying Election Systems Standards
- E. Barr, M. Bishop, D. DeFigueiredo, M. Gondree, and P. Wheeler, “Toward Clarifying Election Systems Standards”, Technical Report CSE-2005-21, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (Sep. 2005).
About This Paper
From the Introduction:
One goal of this work is to answer the question: if systems that meet the standards can be induced to provide inaccurate or unreliable results in an election, is the problem that the standards are not adequate or is the problem that the testing is inadequate? If the standards are inadequate, or the testers fail to test the systems adequately, the problems that we see now will continue.
A complementary goal of this paper is to show how threat modeling can lead to clearer standards and help structure the testing and review of an automated election system. The lack of a detailed threat model leads to an inability to determine if the required security mechanisms provide adequate protection against attempts to compromise the electronic voting systems—or, indeed, what “compromise” means. The current certification process—involving the standards, vendors, and ITA—does not include threat modeling or threat identification. It is not immediately apparent how these processes from commercial software development can be integrated into the certification process.