US Election Assistance Commission - Voluntary Voting System Guidelines Vote
EAC Home
Introduction
View Guidelines
View Comments
Glossary

View Comments

Section CommentsGeneral CommentsGlossary Comments
 
Name :   Matt Bishop
Organization :   University of California Davis
Post Date :   9/30/2005

Section Comments
Section :  20.1.5
Page no. :  
Line no.:  
Comment :  In the absence of a threat model, the ITA has no other option but to perform ad-hoc testing which produces no real standard, minimal assurances.

We claim, for example, that defense-in-depth exists when an attack path includes a node with multiple countermeasures and a single-point-of-failure exists when multiple nodes employ the same countermeasure. Formalized using an attack tree, checking to be sure defense-in-depth is employed and there are no single-points-of-failure becomes straight-forward; whereas, currently, there is no clear way to enforce these principles.