The B-book: assigning programs to meanings
The B-book: assigning programs to meanings
Electronic voting: computerized polls may save money, protect privacy
Crossroads - Special issue on computer security
Little-JIL/Juliette: a process definition language and interpreter
Proceedings of the 22nd international conference on Software engineering
Mobile values, new names, and secure communication
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
PROPEL: an approach supporting property elucidation
Proceedings of the 24th International Conference on Software Engineering
The design and analysis of real-time systems using the ASTRAL software development environment
Annals of Software Engineering
Integrating Formal Methods into the Development Process
IEEE Software
Analytic Verification of Flight Software
IEEE Intelligent Systems
Symbolic Semantics and Analysis for Crypto-CCS with (Almost) Generic Inference Systems
MFCS '02 Proceedings of the 27th International Symposium on Mathematical Foundations of Computer Science
Tools and techniques for the design and systematic analysis of real-time systems
Tools and techniques for the design and systematic analysis of real-time systems
Electronic vote tabulation checks and balances
Electronic vote tabulation checks and balances
Sensus: A Security-Conscious Electronic Polling System for the Internet
HICSS '97 Proceedings of the 30th Hawaii International Conference on System Sciences: Information System Track-Organizational Systems and Technology - Volume 3
A threat-driven approach to modeling and verifying secure software
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Coercion-resistant electronic elections
Proceedings of the 2005 ACM workshop on Privacy in the electronic society
E-voting: Dependability Requirements and Design for Dependability
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Requirements and Evaluation Procedures for eVoting
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Refinement: A Constructive Approach to Formal Software Design for a Secure e-voting Interface
Electronic Notes in Theoretical Computer Science (ENTCS)
FSMC+, a tool for the generation of Java code from statecharts
Proceedings of the 5th international symposium on Principles and practice of programming in Java
Communications of the ACM
Formal verification of tamper-evident storage for e-voting
SEFM '07 Proceedings of the Fifth IEEE International Conference on Software Engineering and Formal Methods
On the difficulty of validating voting machine software with software
EVT'07 Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology
Applying Formal Methods to a Certifiably Secure Software System
IEEE Transactions on Software Engineering
Verifying security properties in electronic voting machines
Verifying security properties in electronic voting machines
Specifying and verifying requirements for election processes
dg.o '08 Proceedings of the 2008 international conference on Digital government research
Automated Verification of Remote Electronic Voting Protocols in the Applied Pi-Calculus
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Mobile Implementation and Formal Verification of an e-Voting System
ICIW '08 Proceedings of the 2008 Third International Conference on Internet and Web Applications and Services
Evaluating Electronic Voting Systems Equipped with Voter-Verified Paper Records
IEEE Security and Privacy
Are your votes really counted?: testing the security of real-world electronic voting systems
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Modeling and analysis of procedural security in (e)voting: the Trentino's approach and experiences
EVT'08 Proceedings of the conference on Electronic voting technology
Security evaluation of ES&S voting machines and election management system
EVT'08 Proceedings of the conference on Electronic voting technology
Evaluation of Electronic Voting: Requirements and Evaluation Procedures to Support Responsible Election Authorities
Automatic verification of correspondences for security protocols
Journal of Computer Security
Verifying privacy-type properties of electronic voting protocols
Journal of Computer Security
On voting machine design for verification and testability
Proceedings of the 16th ACM conference on Computer and communications security
FLAVERS: a finite state verification technique for software systems
IBM Systems Journal
Development, formal verification, and evaluation of an E-voting system with VVPAT
IEEE Transactions on Information Forensics and Security - Special issue on electronic voting
VOTE-ID'07 Proceedings of the 1st international conference on E-voting and identity
Managing Requirements for E-Voting Systems: Issues and Approaches
RE-VOTE '09 Proceedings of the 2009 First International Workshop on Requirements Engineering for e-Voting Systems
An Experience in Testing the Security of Real-World Electronic Voting Systems
IEEE Transactions on Software Engineering
Security analysis of India's electronic voting machines
Proceedings of the 17th ACM conference on Computer and communications security
Proving coercion-resistance of scantegrity II
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Analysis of an electronic voting protocol in the applied pi calculus
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Engineering a distributed e-voting system architecture: meeting critical requirements
ISARCS'10 Proceedings of the First international conference on Architecting Critical Systems
A systematic process-model-based approach for synthesizing attacks and evaluating them
EVT/WOTE'12 Proceedings of the 2012 international conference on Electronic Voting Technology/Workshop on Trustworthy Elections
A formal methodology for integral security design and verification of network protocols
Journal of Systems and Software
| Hi-index | 0.00 |
Abstract: We have seen that several currently deployed e-voting systems share critical failures in their design and implementation that render their technical and procedural controls insufficient to guarantee trustworthy voting. The application of formal methods would greatly help to better address problems associated with assurance against requirements and standards. More specifically, it would help to thoroughly specify and analyze the underlying assumptions and security specific properties, and it would improve the trustworthiness of the final systems. In this article, we show how such techniques can be used to model and reason about the security of one of the currently deployed e-voting systems in the U.S.A named ES&S. We used the ASTRAL language to specify the voting process of ES&S machines and the critical security requirements for the system. Proof obligations that verify that the specified system meets the critical requirements were automatically generated by the ASTRAL Software Development Environment (SDE). The PVS interactive theorem prover was then used to apply the appropriate proof strategies and discharge the proof obligations. We also believe that besides analyzing the system against its requirements, it is equally important to perform an analysis under malicious circumstances where the execution model is augmented with attack behaviors. Thus, we extend the formal specification of the system by specifying attacks that have been shown to successfully compromise the system, and we then repeat the formal verification. This is helpful in detecting missing requirements or unwarranted assumptions about the specification of the system. In addition, this allows one to sketch countermeasure strategies to be used when the system behaves differently than it should and to build confidence about the system under development. Finally, we acknowledge the main problem that arises in e-voting system specification and verification: modeling attacks is very difficult because the different types of attack often cut across the structure of the original behavior models, thus making (incremental or compositional) verification very difficult.