Melanie Volkamer (Research Manager) University of Passau, Innstraße 43, 94032 Passau, Germany, Tel: +49 851/509-3021 E-Mail: [email protected]; Webpage: http://www.isl.uni-passau.de Common Criteria Protection Profile for a Basic Set of Security Requirements for Online Voting Products CoE Meeting 16th October 2008, Madrid
13
Embed
Melanie Volkamer (Research Manager) University of Passau, Innstraße 43, 94032 Passau, Germany, Tel: +49 851/509-3021 E-Mail: [email protected]; Webpage:
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Melanie Volkamer (Research Manager)
University of Passau, Innstraße 43, 94032 Passau, Germany, Tel: +49 851/509-3021
Users: GI, Ministry of workers & social affairs, …
Companies: mainly Micromata and T-Systems
Others: CoE, e-Voting.cc, PTB, ASIT, BSI, …
Based on existing requirement documents:CoE, PTB and GI catalogue
Oct16th 2008 2CoE Meeting Madrid
Motivation
Oct16th 2008 3CoE Meeting Madrid
Council of Europe Recommendations
Swiss, Austrian, German Election Regulations
Austrian Election Regulations
IEEE Voting Equipment Standards
Voting System Standards
Network Voting System Standards
PTB requirement catalogue
…..
Good starting point but only lists of requirements
Problems:- Trust model is not defined- Evaluation method and depth is not made explicit
No meaningful evaluation No comparable evaluation results
Solution: Common Criteria
International standard (ISO/IEC15408) for Information Technology Security Evaluation (CC)
Australia, Canada, France, Germany, Japan, Republic of Korea, The Netherlands, New Zealand, Norway, Spain, United Kingdom, United States of America; Austria, Czech Republic, Denmark, Greece, Hungary, India, Israel, Italy, Republic of Singapore, Sweden, Turkey
Protection Profile = An implementation-independent set of security requirements for a category of TOEs that meet specific consumer needs. [TOE = target of evaluation]
CoE Recommendations made first steps
Oct16th 2008 4CoE Meeting Madrid
Basis Protection Profile
Not „one“ general Protection Profile for Online VotingBecause of different trust models and evaluation depths
Depending on the election in mind (societies vs. parliamentary)
Serves as basis which can be extended
Takes only the voting phase and the counting phase into account.