Approach based on STPA extended with STRIDE and LINDDUN, and blockchain to develop a mission-critical e-voting system

Abstract

Voting is essential to assure democracy. The voting process is supported by mission-critical systems that have among others functional, cybersecurity, and data privacy requirements. Comprehensive approaches are required to identify the requirements and technologies needed to design the solution. STPA is a method for identifying system safety requirements that have been extended to identify cybersecurity requirements. LINDDUN is a privacy threat modeling methodology that supports analysts in privacy-eliciting and mitigating threats in software architectures. Blockchain is a technology that uses a peer-to-peer computer network as a public distributed ledger. We propose an approach that uses STPA and its extensions to identify the cybersecurity and data privacy requirements, and incorporates the blockchain technology to design the solution for the mission-critical e-voting system. We built a proof of concept of the solution and performed cybersecurity and data privacy tests. The tests showed that the solution meets the critical cybersecurity and data privacy requirements. The major contributions of this paper include an approach that employs cybersecurity and data privacy threat modeling techniques to enhance the STPA analysis of a system, and the design of a Blockchain-based, verifiable e-voting system.