|

 
|
| | Name : | Matt Bishop | Organization : | University of California Davis | Post Date : | 9/30/2005 |
| Section : | 20.1.5 | Page no. : | | Line no.: | | Comment : | *Note: Comment referring to threat modeling section of author's document
The current standards seem to have certain threats in mind, but no language to describe them. The lack of a generic description of a voting system (i.e. a model) prohibits the standards from describing the threats in a meaningful way.
The standards could describe these threats in a generic way and place the burden on the vendor (to make these meaningful to their models) and on the ITA (to check the trees and models).
Instead, the standards require defenses against a specific attack (for an unnamed threat) set in an implicit model, and provides no infrastructure to inspect if other attacks could result in the same goal. | |
|
|