Refinement: A Constructive Approach to Formal Software Design for a Secure e-voting Interface

Authors:
Dominique Cansell;J. Paul Gibson;Dominique Méry
Affiliations:
LORIA, Université de Metz, Metz, France;Computer Science Department, NUI Maynooth, Ireland;LORIA, Université Henri Poincaré Nancy 1, Nancy, France
Venue:
Electronic Notes in Theoretical Computer Science (ENTCS)
Year:
2007

Citing 10
Cited 5

Inside risks: risks in computerized elections

Communications of the ACM
The B-book: assigning programs to meanings

The B-book: assigning programs to meanings
Computer security: quality rather than quantity

Communications of the ACM
Insider risks in elections

Communications of the ACM - Has the Internet become indispensable?
Early Appraisals of Electronic Voting

Social Science Computer Review
A contract-based approach to designing safe systems

SCS '03 Proceedings of the 8th Australian workshop on Safety critical systems and software - Volume 33
Tamper-Evident, History-Independent, Subliminal-Free Data Structures on PROM Storage-or-How to Store Ballots on a Voting Machine (Extended Abstract)

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Formal methods in industry: achievements, problems, future

Proceedings of the 28th international conference on Software engineering
B#: toward a synthesis between Z and B

ZB'03 Proceedings of the 3rd international conference on Formal specification and development in Z and B
Refinement and reachability in event_b

ZB'05 Proceedings of the 4th international conference on Formal Specification and Development in Z and B

Role-Based and Service-Oriented Security Management in the E-Government Environment

EGOV '09 Proceedings of the 8th International Conference on Electronic Government
Formal analysis of an electronic voting system: An experience report

Journal of Systems and Software
Formal object-oriented development of a voting system test oracle

Innovations in Systems and Software Engineering
Proof-Based design of security protocols

CSR'10 Proceedings of the 5th international conference on Computer Science: theory and Applications
Engineering a distributed e-voting system architecture: meeting critical requirements

ISARCS'10 Proceedings of the First international conference on Architecting Critical Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Electronic voting machines have complex requirements. These machines should be developed following best practice with regards to the engineering of critical systems. The correctness and security of these systems is critical because an insecure system could be open to attack, potentially leading to an election returning an incorrect result or an election not being able to return any result. In the worst case scenario an incorrect result is returned - perhaps due to malicious intent - and this is not detected. We demonstrate that an incorrect interface is a major security threat and show the use of the formal method B in guaranteeing simple safety properties of the voting interface of a voting machine implementing a common variation of the single transferable vote (STV) election process. The interface properties we examine are concerned with the collection of only valid votes. Using the B-method, we apply an incremental refinement approach to verifying a sequence of designs of the interface for the collection and storage of votes, which we prove to be correct with respect to the simple requirement that only valid votes can be collected.