2,349 research outputs found
The Right to Vote Securely
American elections currently run on outdated and vulnerable technology. Computer science researchers have shown that voting machines and other election equipment used in many jurisdictions are plagued by serious security flaws, or even shipped with basic safeguards disabled. Making matters worse, it is unclear whether current law requires election authorities or companies to fix even the most egregious vulnerabilities in their systems, and whether voters have any recourse if they do not.
This Article argues that election law can, does, and should ensure that the right to vote is a right to vote securely. First, it argues that constitutional voting rights doctrines already prohibit election practices that fail to meet a bare minimum threshold of security. But the bare minimum is not enough to protect modern election infrastructure against sophisticated threats. This Article thus proposes new statutory measures to bolster election security beyond the constitutional baseline, with technical provisions designed to change the course of insecure election practices that have become regrettably commonplace, and to standardize best practices drawn from state-of-the-art research on election security
Recommended from our members
The Law Commission presumption concerning the dependability of computer evidence
We consider the condition set out in section 69(1)(b) of the Police and Criminal Evidence Act 1984 (PACE 1984) that reliance on computer evidence should be subject to proof of its correctness, and compare it to the 1997 Law Commission recommendation that acommon law presumption be used that a computer operated correctly unless there is explicit evidence to the contrary (LC Presumption). We understand the LC Presumption prevails in current legal proceedings. We demonstrate that neither section 69(1)(b) of PACE 1984 nor the LC presumption reflects the reality of general software-based system behaviour
Characterizing Cyber Attacks against Space Systems with Missing Data: Framework and Case Study
Cybersecurity of space systems is an emerging topic, but there is no single
dataset that documents cyber attacks against space systems that have occurred
in the past. These incidents are often scattered in media reports while missing
many details, which we dub the missing-data problem. Nevertheless, even
"low-quality" datasets containing such reports would be extremely valuable
because of the dearth of space cybersecurity data and the sensitivity of space
systems which are often restricted from disclosure by governments. This prompts
a research question: How can we characterize real-world cyber attacks against
space systems? In this paper, we address the problem by proposing a framework,
including metrics, while also addressing the missing-data problem, by
"extrapolating" the missing data in a principled fashion. To show the
usefulness of the framework, we extract data for 72 cyber attacks against space
systems and show how to extrapolate this "low-quality" dataset to derive 4,076
attack technique kill chains. Our findings include: cyber attacks against space
systems are getting increasingly sophisticated; and, successful protection
against on-path and social engineering attacks could have prevented 80% of the
attacks.Comment: Accepted for publication: IEEE International Conference on
Communications and Network Security 2023 (IEEE CNS
Beyond the Network: A Holistic Perspective on State Cybersecurity Governance
I. Introduction
II. Governance: The New Frontier of Information Assurance
III. State Cybersecurity Governance Extends Beyond the Network
IV. Centralizing Security Governance to Defend State Networks
V. Governance Beyond Network Defense ... A. Disruption Response ... B. Law Enforcement ... C. Cybersecurity Centers
VI. Conclusion
Appendix: States and Indicator
Cyber-security for embedded systems: methodologies, techniques and tools
L'abstract è presente nell'allegato / the abstract is in the attachmen
Formal Template-Based Generation of Attack–Defence Trees for Automated Security Analysis
Systems that integrate cyber and physical aspects to create cyber-physical systems (CPS) are becoming increasingly complex, but demonstrating the security of CPS is hard and security is frequently compromised. These compromises can lead to safety failures, putting lives at risk. Attack Defense Trees with sequential conjunction (ADS) are an approach to identifying attacks on a system and identifying the interaction between attacks and the defenses that are present within the CPS. We present a semantic model for ADS and propose a methodology for generating ADS automatically. The methodology takes as input a CPS system model and a library of templates of attacks and defenses. We demonstrate and validate the effectiveness of the ADS generation methodology using an example from the automotive domain
- …