Enterprise security architectural framework and metrics: application to secure electronic voting systems

Abstract

This work represents a comprehensive investigation into election systems security in particular and enterprise information systems security in general. It is organized into three interrelated parts: the development of a security architectural framework, the development of a security metric, and the security measure of an election system. In this work, election systems are characterized as enterprise, and concepts developed for enterprise architecture are applied to them. Since modern election systems rely on information technology and related systems, the security of these systems is essential to the security of the election systems. Unfortunately, the security of information systems is subject to misassessment and mischaracterization. Thus the development of a holistic measure of security for information systems is critical to the design of a secure election system. In this work an architectural framework for information systems security design is developed based on well defined information security components and requirements. The components defined in the framework serve as foundation for a security measure. The development of the architectural framework is the outcome of paradigm shift in the design of enterprise architectures where the security of the resulting system is the core objective. The framework highlights interactions among architectural components, which interactions also affect the security of enterprise information systems. These interactions are captured in the development of the security measure. The security measure is developed by utilizing well grounded mathematical techniques from financial econometrics, financial engineering and related field. The metric development adopts techniques from measure theorem and multivariate distribution analysis to develop a measure that is consistent and complete. The utility of a holistic security architectural framework is demonstrated in the analysis of an election system, characterized by the framework. The security of an illustrative election system is also computed to demonstrate the utility of the developed security metric. This work thus addresses the two fundamental requirements for a comprehensive security design for any enterprise, including an election system.