Compliance of POLYAS with the Common Criteria Protection Profile
Niels Menke, Kai Reinhard
TL;DR
This paper evaluates the POLYAS electronic voting system for compliance with the 2008 German Common Criteria Protection Profile, detailing the process, requirements, and modifications needed for certification.
Contribution
It presents the first comprehensive assessment of POLYAS against the CC protection profile, including security target development and system modifications.
Findings
POLYAS achieved compliance with the protection profile.
Necessary architectural and procedural changes were identified.
The evaluation process informed security improvements.
Abstract
In 2008, the German Federal Office for Information Security issued the common criteria protection profile for Online Voting Products (PP-0037). Accord- ingly, we evaluated the Polyas electronic voting system, which is used for legally binding elections in several international organizations (German Gesellschaft for Informatik, GI, among others), for compliance with the common criteria protection profile and worked toward fulfilling the given requirements. In this article we pre- sent the findings of the process of creating a compliant security target, necessary restrictions and assumptions to the system design as well as the workings of the committee, and architectural and procedural changes made necessary.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInternet Traffic Analysis and Secure E-voting · Digital Rights Management and Security · Access Control and Trust