As voting systems evolve from paper ballots to electronic voting (E-voting) applications, we have noticed significant efforts to develop real-world securer solutions. E-voting systems are security-critical systems that require early identification of security requirements and controls based on the analyses of potential vulnerabilities, threats, attacks, and associated risks. General purpose modeling languages and current tool support to model security concerns exist. However, they lack a comprehensive solution that includes tool support for verification of security goal completeness and risk analysis in specific domains. Also, communication between stakeholders in large-scale systems is difficult, specially because security is not the core skill of many requirements engineers. To overcome these challenges in the electronic voting domain, we developed EVSec, a domain-specific visual modeling language. EVSec is process-centric language and allows modelers expressing activities and social interactions, while identifying security concerns with associated risks. Comprehensive tool support provides security goals completeness and assists users on the identification of critical parts of the model with higher security risks. We used EVSec to model the Brazilian national election, demonstrating its adequacy.
