Iterative Analysis to Improve Key Properties of Critical Human-Intensive Processes-Reference-Cited by-同舟云学术

Iterative Analysis to Improve Key Properties of Critical Human-Intensive Processes

Published:2017-05-28 Issue:2 Volume:20 Page:1-31
ISSN:2471-2566
Container-title:ACM Transactions on Privacy and Security
language:en
Short-container-title:ACM Trans. Priv. Secur.

Author:

Osterweil Leon J.¹,Bishop Matt²,Conboy Heather M.¹,Phan Huong¹,Simidchieva Borislava I.³,Avrunin George S.¹,Clarke Lori A.¹,Peisert Sean⁴

Affiliation:

1. University of Massachusetts Amherst, MA

2. University of California at Davis, CA

3. University of Massachusetts Amherst and Raytheon BBN Technologies

4. University of California at Davis and Lawrence Berkeley National Laboratory

Abstract

In this article, we present an approach for systematically improving complex processes, especially those involving human agents, hardware devices, and software systems. We illustrate the utility of this approach by applying it to part of an election process and show how it can improve the security and correctness of that subprocess. We use the Little-JIL process definition language to create a precise and detailed definition of the process. Given this process definition, we use two forms of automated analysis to explore whether specified key properties, such as security and safety policies, can be undermined. First, we use model checking to identify process execution sequences that fail to conform to event-sequence properties. After these are addressed, we apply fault tree analysis to identify when the misperformance of steps might allow undesirable outcomes, such as security breaches. The results of these analyses can provide assurance about the process; suggest areas for improvement; and, when applied to a modified process definition, evaluate proposed changes.

Funder

National Science Foundation

National Institute for Standards and Technology

Publisher

Association for Computing Machinery (ACM)

Subject

Safety, Risk, Reliability and Quality,General Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/3041041

Reference98 articles.

1. Usability of voter verifiable, end-to-end voting systems: Baseline data for Helios, prêt à voter, and scantegrity II;Acemyan Claudia Z.;USENIX Journal of Election Technology and Systems,2014

2. From error to error: Why voters could not cast a ballot and verify their vote with Helios, prêt à voter, and scantegrity II;Acemyan Claudia Z.;USENIX Journal of Election Technology and Systems,2015

3. State-Wide Elections, Optical Scan Voting Systems, and the Pursuit of Integrity

Cited by 7 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Process Query Language: Design, Implementation, and Evaluation;Information Systems;2024-05

2. On using the Task Models for Validation and Evolution of Usable Security Design Patterns;Human Aspects of Information Security and Assurance;2023

3. Electronic Voting Technology Inspired Interactive Teaching and Learning Pedagogy and Curriculum Development for Cybersecurity Education;Information Security Education for Cyber Resilience;2021

4. EcoKnow;Proceedings of the International Conference on Software and System Processes;2020-06-26

5. White Privilege and the Decolonization Work Needed in Evaluation to Support Indigenous Sovereignty and Self-Determination;Canadian Journal of Program Evaluation;2019-12-09