Scribd Logo
Upload

Welcome to Scribd!

  • Threat Analysis Perception

    Uploaded by

    dhqgn zogty
    18 views17 pages
    This document summarizes a threat analysis for voting systems. It defines threat analysis and outlines challenges, potential attacks on voting systems called "the unthinkable", and strategies for addressing threats. These include using attack trees to model threats, fault trees to identify vulnerabilities, and independent expert reviews through "red team exercises" to test hardware, software, and procedures. While attack trees can identify risks, analyzing interactive systems poses challenges. The document advocates ongoing analysis to address unforeseen issues.

    Original Description:

    Original Title

    threat-analysis-perception

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes a threat analysis for voting systems. It defines threat analysis and outlines challenges, potential attacks on voting systems called "the unthinkable", and strategies for addressing threats. These include using attack trees to model threats, fault trees to identify vulnerabilities, and independent expert reviews through "red team exercises" to test hardware, software, and procedures. While attack trees can identify risks, analyzing interactive systems poses challenges. The document advocates ongoing analysis to address unforeseen issues.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    18 views17 pages

    Threat Analysis Perception

    Uploaded by

    dhqgn zogty
    This document summarizes a threat analysis for voting systems. It defines threat analysis and outlines challenges, potential attacks on voting systems called "the unthinkable", and strategies for addressing threats. These include using attack trees to model threats, fault trees to identify vulnerabilities, and independent expert reviews through "red team exercises" to test hardware, software, and procedures. While attack trees can identify risks, analyzing interactive systems poses challenges. The document advocates ongoing analysis to address unforeseen issues.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 17

    Threat Analysis

    Lunar Security Services


    Overview

    • Definitions
    • Representation
    • Challenges
    • “The Unthinkable”
    • Strategies & Recommendations

    2
    Background

    • What is threat analysis?


    – Potential Attacks/Threats/Risks
    – Analysis
    – Countermeasures
    – Future Preparations

    • NIST’s “Introduction to Threat Analysis


    Workshop”, October 2005

    3
    Stakes
    • People • Voting: A System of...
    – Voters – IT
    – Candidates – American Politics
    – Poll Workers – Duty
    – Political Groups – Trust
    – Developers – Inclusion
    – Board of Elections – Safety
    – Attackers – Process
    – More... – Precedence...if it works

    4
    Means of Representation

    General tactic:
    – Identify possible attackers
    – Identify goals of attacker
    – Enumerate possible ways to achieve goals
    – Locate key system vulnerabilities
    – Create resolution plan

    5
    Attack Tree
    • Bruce Sheneier, Dr. Dobb’s Journal, 1999:
    – Used to “model threats against computer systems”

    Simple Example Cost propagation Multiple Costs

    • Continual breaking down of goals and means to


    achieve them

    6
    Attack Tree Evaluation
    • Creation
    – Refining over time
    – Realistic costs
    • Advantages
    – Identifies key security issues
    – Documenting plans of attack and
    likelihood
    – Knowing the system
    • Disadvantages
    – Amount of documentation
    – Can only ameliorate foreseen
    circumstances
    – Difficult to prioritize/quantize
    factors
    Shortened version of an Attack Tree for
    the interception of a message send with
    a PGP header.
    7
    Other Means of Representation

    • Threat Catalog – Doug Jones


    – Attacks -> vulnerabilities -> analysis of defense
    – Challenges
    • Organization
    • Technology
    • Identity
    • Scale of Attack
    • Fault Tree Analysis
    – Ensures product performance from software
    – Attempts to avoid single-point, catastrophic failures
    8
    Challenges
    • Vulnerabilities
    – System
    – Process
    • Variety of possible attacks
    • New Field: Systems Engineering
    • Attack Detection
    • Attack Resolution
    -> too many dimensions to predict all possibilities, but
    we’ll try to name a few…

    9
    “The Unthinkable”, Part 1

    1. Chain Voting
    2. Votes On A Roll
    3. The Disoriented Optical Scanner
    4. When A Number 2 Pencil Is Not Enough
    5. ...we found these poll workers where?

    10
    “The Unthinkable”, Part 2

    6. This DRE “fell off the delivery truck”...


    7. The Disoriented Touch Screen
    8. The Confusing Ballot (Florida 2000 Election)
    9. Third Party “Whoopsies”
    10. X-ray vision through walls of precinct

    11
    “The Unthinkable”, Part 3

    11. “Oops” code


    12. Do secure wireless connections exist?
    13. I’d rather not have your help, thanks...
    14. Trojan Horse
    15. Replaceable firmware on Optical Scanners

    Natalie Podrazik – natalie2@umbc.edu 12


    “The Unthinkable”, Part 4

    16. Unfinished vote = free vote for somebody else


    17. “I think I know what they meant by...”
    18. Group Conspiracy: “These machines are
    broken.”
    19. “That’s weird. It’s a typo.”
    20. Denial of Service Attack

    Natalie Podrazik – natalie2@umbc.edu 13


    My Ideas...

    • Write-in bomb threat, terrorist attack, backdoor


    code
    • Swapping of candidate boxes (developers) at last
    minute on touch-DRE; voters don’t know the
    difference
    • Children in the voting booth

    Natalie Podrazik – natalie2@umbc.edu 14


    Strategies & Recommendations

    • Create Fault Trees to • Use of “Red Team


    counter Attack Tree Exercises” on:
    goals using the – Hardware design
    components set forth in
    – Hardware/Firmware
    Brennan Study
    configuration
    • Tamper Tape – Software Design
    • Use of “independent – Software Configuration
    expert security team”
    – Voting Procedures (not
    – Inspection
    hardware or software, but
    – Assessment people and process)
    – Full Access

    15
    Conclusions

    • Attack Trees
    – Identify agents, scenarios, resources, system-wide
    flaws
    • Challenges: dimensions in system analysis
    • Unforeseen circumstances
    • Independent Team of Experts, but how expert
    can they be?

    16
    Works Cited
    1. All 20 “The Unthinkable” scenarios available at:
    http://www.vote.nist.gov/threats/papers.htm
    2. Goldbrick Gallery’s 25 Best Editorial Cartoons of 2004. Online:
    http://www.goldbrickgallery.com/bestof2004_2.html
    3. Jones, Doug. “Threat Taxonomy Overview” slides, from the NIST Threats to
    Voting Workshop, 7 October 2005. Online:
    http://www.vote.nist.gov/threats/Jonesthreattalk.pdf
    4. Mell, Peter. “Handling IT System Threat Information” slides, from the NIST
    Threats to Voting Workshop, 7 October 2005. Online:
    http://www.vote.nist.gov/threats/mellthreat.pdf
    5. “Recommendations of the Brennan Center for Justice and the Leadership
    Conference on Civil Rights for Improving Reliability of Direct Recording Electronic
    Voting Systems”:
    http://www.brennancenter.org/programs/downloads/voting_systems_final_recomme
    ndations.pdf:
    6. Wack, John, and Skall, Mark. “Introduction to Threat Analysis Workshop” slides,
    from the NIST Threats to Voting Workshop, 7 October 2005. Online:
    http://www.vote.nist.gov/threats/wackthreat.pdf
    7. Wikipedia Entry for fault tree: http://en.wikipedia.org/wiki/Fault_tree

    17

    You might also like