Professional Documents
Culture Documents
Threat Analysis Perception
Threat Analysis Perception
• Definitions
• Representation
• Challenges
• “The Unthinkable”
• Strategies & Recommendations
2
Background
3
Stakes
• People • Voting: A System of...
– Voters – IT
– Candidates – American Politics
– Poll Workers – Duty
– Political Groups – Trust
– Developers – Inclusion
– Board of Elections – Safety
– Attackers – Process
– More... – Precedence...if it works
4
Means of Representation
General tactic:
– Identify possible attackers
– Identify goals of attacker
– Enumerate possible ways to achieve goals
– Locate key system vulnerabilities
– Create resolution plan
5
Attack Tree
• Bruce Sheneier, Dr. Dobb’s Journal, 1999:
– Used to “model threats against computer systems”
6
Attack Tree Evaluation
• Creation
– Refining over time
– Realistic costs
• Advantages
– Identifies key security issues
– Documenting plans of attack and
likelihood
– Knowing the system
• Disadvantages
– Amount of documentation
– Can only ameliorate foreseen
circumstances
– Difficult to prioritize/quantize
factors
Shortened version of an Attack Tree for
the interception of a message send with
a PGP header.
7
Other Means of Representation
9
“The Unthinkable”, Part 1
1. Chain Voting
2. Votes On A Roll
3. The Disoriented Optical Scanner
4. When A Number 2 Pencil Is Not Enough
5. ...we found these poll workers where?
10
“The Unthinkable”, Part 2
11
“The Unthinkable”, Part 3
15
Conclusions
• Attack Trees
– Identify agents, scenarios, resources, system-wide
flaws
• Challenges: dimensions in system analysis
• Unforeseen circumstances
• Independent Team of Experts, but how expert
can they be?
16
Works Cited
1. All 20 “The Unthinkable” scenarios available at:
http://www.vote.nist.gov/threats/papers.htm
2. Goldbrick Gallery’s 25 Best Editorial Cartoons of 2004. Online:
http://www.goldbrickgallery.com/bestof2004_2.html
3. Jones, Doug. “Threat Taxonomy Overview” slides, from the NIST Threats to
Voting Workshop, 7 October 2005. Online:
http://www.vote.nist.gov/threats/Jonesthreattalk.pdf
4. Mell, Peter. “Handling IT System Threat Information” slides, from the NIST
Threats to Voting Workshop, 7 October 2005. Online:
http://www.vote.nist.gov/threats/mellthreat.pdf
5. “Recommendations of the Brennan Center for Justice and the Leadership
Conference on Civil Rights for Improving Reliability of Direct Recording Electronic
Voting Systems”:
http://www.brennancenter.org/programs/downloads/voting_systems_final_recomme
ndations.pdf:
6. Wack, John, and Skall, Mark. “Introduction to Threat Analysis Workshop” slides,
from the NIST Threats to Voting Workshop, 7 October 2005. Online:
http://www.vote.nist.gov/threats/wackthreat.pdf
7. Wikipedia Entry for fault tree: http://en.wikipedia.org/wiki/Fault_tree
17