Are your votes really counted?: testing the security of real-world electronic voting systems
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Replayable voting machine audit logs
EVT'08 Proceedings of the conference on Electronic voting technology
Practical distributed voter-verifiable secret ballot system
Proceedings of the 2009 ACM symposium on Applied Computing
On voting machine design for verification and testability
Proceedings of the 16th ACM conference on Computer and communications security
TPM meets DRE: reducing the trust base for electronic voting using trusted platform modules
IEEE Transactions on Information Forensics and Security - Special issue on electronic voting
E-voting and forensics: prying open the black box
EVT/WOTE'09 Proceedings of the 2009 conference on Electronic voting technology/workshop on trustworthy elections
Modeling and analyzing faults to improve election process robustness
EVT/WOTE'10 Proceedings of the 2010 international conference on Electronic voting technology/workshop on trustworthy elections
Towards publishable event logs that reveal touchscreen faults
EVT/WOTE'10 Proceedings of the 2010 international conference on Electronic voting technology/workshop on trustworthy elections
A modular voting architecture (“frog voting”)
Towards Trustworthy Elections
Hi-index | 0.01 |
I examine the question of how to design election-related software, with particular attention to the threat of insider attacks, and propose the goal of simplifying the software in electronic voting machines. I apply a technique called prerendering to reduce the security-critical, voting-specific software by a factor of 10 to 100 while supporting similar or better usability and accessibility, compared to today's voting machines. Smaller and simpler software generally contributes to easier verification and higher confidence.I demonstrate and validate the prerendering approach by presenting Pvote, a vote-entry program that allows a high degree of freedom in the design of the user interface and supports synchronized audio and video, touchscreen input, and input devices for people with disabilities. Despite all its capabilities, Pvote is just 460 lines of Python code; thus, it directly addresses the conflict between flexibility and reliability that underlies much of the current controversy over electronic voting. A security review of Pvote found no bugs in the Pvote code and yielded lessons on the practice of adversarial code review. The analysis and design methods I used, including the prerendering technique, are also applicable to other high-assurance software.