During elections, incorrect or malicious ``deviations'' from the procedures defined by the law may results in violations of fundamental rights of citizens (e.g. secrecy of vote) or, even, in threats to the integrity of electoral data and of the election results. Lawmakers, therefore, need to carefully consider and analyze what happens when a procedure is not followed as prescribed and have to define mechanisms to ensure that violations can be detected.
We are interested in providing methodologies and tools to help assessing security of procedures and the effects of deviations from the ``nominal'' behaviors, with the goal of highlighting security vulnerabilities. Procedural security, therefore, deals with the identification, modeling, establishment, and enforcement of security policies about the procedures that regulate the usage of a system and system processes. The breach of security objectives during the execution of the procedures is known as threat to the procedures (or procedural threats). We call procedural security analysis the process of understanding the impact and effects of procedural threats, namely courses of actions that can take place during the execution of the procedures, and which are meant to alter, in an unlawful way, the assets manipulated by procedures.
The situation is depicted in Figure 1. Our target of evaluation is a (complex) organizational setting in which procedures transform and elaborate assets, which may not necessarily be just digital (e.g. a printed ballot). The procedures are meant to add value to the assets and to protect them from attacks, which can either come from external sources or from insiders. In particular, we distinguish the following kinds of attacks:
Security assessment (like [8,10]) usually focuses on understanding items 1 and 3, namely, types and effects of attacks on (software) systems. In the next section we propose a tool-supported methodology to tackle also points 2 and 4 above, namely types and effects of attacks on assets that are not (necessarily) digital and that derive from the way in which procedures are implemented and carried out.komminist 2008-06-30