Abstract
As voting systems evolve from paper ballots to electronic voting (E-voting) applications, we have noticed significant efforts to develop real-world securer solutions. E-voting systems are security-critical systems that require early identification of security requirements and controls based on the analyses of potential vulnerabilities, threats, attacks, and associated risks. General purpose modeling languages and current tool support to model security concerns exist. However, they lack a comprehensive solution that includes tool support for verification of security goal completeness and risk analysis in specific domains. Also, communication between stakeholders in large-scale systems is difficult, specially because security is not the core skill of many requirements engineers. To overcome these challenges in the electronic voting domain, we developed EVSec, a domain-specific visual modeling language. EVSec is process-centric language and allows modelers expressing activities and social interactions, while identifying security concerns with associated risks. Comprehensive tool support provides security goals completeness and assists users on the identification of critical parts of the model with higher security risks. We used EVSec to model the Brazilian national election, demonstrating its adequacy.
Original language | English |
---|---|
Title of host publication | Proceedings - 2016 IEEE 24th International Requirements Engineering Conference Workshops, REW 2016 |
Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
Pages | 145-154 |
Number of pages | 10 |
ISBN (Electronic) | 9781509036943 |
DOIs | |
Publication status | Published - 12 Jan 2017 |
Event | 24th IEEE International Requirements Engineering Conference Workshops, REW 2016 - Beijing, China Duration: 12 Sept 2016 → 16 Sept 2016 |
Conference
Conference | 24th IEEE International Requirements Engineering Conference Workshops, REW 2016 |
---|---|
Country/Territory | China |
City | Beijing |
Period | 12/09/16 → 16/09/16 |
Keywords
- Domain-specific languages
- E-voting
- Model-driven development
- Security