Find weaknesses in system's security
Customers can ask LaQuSo to judge the security of their system. First of all the customer should provide
priorities in security aspects of the system. LaQuSo can also propose relevant security aspects based on a
model of the system. This model should describe which objects play a role in the system (this can be the
data structure, component structure but also the hardware structure) and how the processes make use of these objects.
For the important security aspects threats have to be identified. As a structured mechanism attack trees can be used.
When all threats (and possibly defenses) have been described, it has to be determined if the customer's
system is resistant against these threats. These results are the input for the LaQuSo certificate.
- System model:
- Objects;
- Processes;
- Security requirements of customer.
List with system weaknesses and known countermeasures.
- Security analysis of two related websites and development of the attack trees. One website is a consumer website, the other services businesses. Both websites exchange information and must be secure and independent of each other.
- Refinement of the attack tree approach in LaQuSo case studies.
- An online voting system must have the same properties like a normal voting system. Requirements that are essential are that a person only can vote once, the privacy is guaranteed; recounting of the votes is possible, etc. In online situations additional demands on the security site are authorization and authentication. The system we validated is used twice in the fall of 2004 for in total approximately two million potential voters.
We not only validated the identified issues but developed an approach that shows how the outcome of the elections can be verified and also how it has been verified by us the voter.
Furthermore in our diagnosis we described some possible points for improvement