Jeffrey P. Landry

A Risk Assessment Model for Voting Systems using Threat Trees and Monte Carlo Simulation

There continues to be a requirement for better models, tools, and techniques for conducting risk assessment of voting systems. We propose a model of risk and a technique for risk assessment, which builds on threat trees and Monte Carlo simulation. The goal is to provide a means of facilitating informed decisions regarding voting system security standards through a rational and parsimonious quantification of intuition or estimation of risk. Such a means should support an evaluation of trade-offs, sensitivity analysis, cost-benefit analysis, and estimation of residual risk of current and proposed voting systems, technologies and controls.

A common theme for IT degree programs

Effective IT curricula balances tradition with innovation. One way to enhance that balance is to examine the common threads in the various knowledge areas.

Towards Internet voting security: A threat tree for risk assessment

The Internet is a dangerous place for any critical application and is particularly risky for binding government elections where every vote must count. The complex interplay of people, processes, equipment, software, policies, and legislation in a networked environment that spans national boundaries makes, for example, determining the precise likelihood of a threat nearly impossible. This does not mean, however, that the risk analyst cannot model, understand, and assess the risks to Internet voting systems. To that end, this paper presents a threat tree for risks to Internet voting systems. The Internet voting threat tree was successfully vetted by a panel of elections officials, security experts, academics, election law attorneys, representation from governmental agencies, voting equipment vendors, and voting equipment testing labs. We submit that this threat tree is sufficiently abstract to be useful in a wide range of risk assessment techniques.

E-Voting Risk Assessment: A Threat Tree for Direct Recording Electronic Systems

Approximately 25% according to http://verifiedvoting.com/ of voting jurisdictions use direct recording electronic systems to record votes. Accurate tabulation of voter intent is critical to safeguard this fundamental act of democracy: voting. Electronic voting systems are known to be vulnerable to attack. Assessing risk to these systems requires a systematic treatment and cataloging of threats, vulnerabilities, technologies, controls, and operational environments. This paper presents a threat tree for direct recording electronic DRE voting systems. The threat tree is organized as a hierarchy of threat actions, the goal of which is to exploit a system vulnerability in the context of specific technologies, controls, and operational environment. As an abstraction, the threat tree allows the analyst to reason comparatively about threats. A panel of elections officials, security experts, academics, election law attorneys, representatives from governmental agencies, voting equipment vendors, and voting equipment testing labs vetted the DRE threat tree. The authors submit that the DRE threat tree supports both individual and group risk assessment processes and techniques.

A soft systems approach to input distribution estimation for a non-stationary demand process

A soft systems methodology is undertaken to develop a design for a communications system to support a political campaign. The focus is on the methodology to estimate an input distribution for a SLAM-based simulation model. Two problems-the lack of referent system data and the expectation of non-stationary system demand-indicate a need for a soft systems approach. The results of this study suggest that the approach is effective for estimating an input distribution for simulation analysis. The case provides an example of the contrast between the soft systems and hard systems approaches.

Risk assessment of voting systems for teaching the art of information security

This paper describes case study assignment in risk assessment for a course in information security management. The instructors approach in the course was to integrate various readings through discussion and assignments. The assignment described in this paper was based on an actual project and used in an information security management course taught in Summer 2010. Readers will benefit from the instructors description of this assignment, which teaches the art of information security management by creating a hybrid risk assessment process that provides a practical, reusable, scholarly, and realistic exercise. The assignment proved to be a useful, hands-on practice that students were able to satisfactorily complete.