Inside risks: risks in computerized elections
Communications of the ACM
The B-book: assigning programs to meanings
The B-book: assigning programs to meanings
Computer security: quality rather than quantity
Communications of the ACM
Communications of the ACM - Has the Internet become indispensable?
Early Appraisals of Electronic Voting
Social Science Computer Review
A contract-based approach to designing safe systems
SCS '03 Proceedings of the 8th Australian workshop on Safety critical systems and software - Volume 33
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Formal methods in industry: achievements, problems, future
Proceedings of the 28th international conference on Software engineering
B#: toward a synthesis between Z and B
ZB'03 Proceedings of the 3rd international conference on Formal specification and development in Z and B
Refinement and reachability in event_b
ZB'05 Proceedings of the 4th international conference on Formal Specification and Development in Z and B
Role-Based and Service-Oriented Security Management in the E-Government Environment
EGOV '09 Proceedings of the 8th International Conference on Electronic Government
Formal analysis of an electronic voting system: An experience report
Journal of Systems and Software
Formal object-oriented development of a voting system test oracle
Innovations in Systems and Software Engineering
Proof-Based design of security protocols
CSR'10 Proceedings of the 5th international conference on Computer Science: theory and Applications
Engineering a distributed e-voting system architecture: meeting critical requirements
ISARCS'10 Proceedings of the First international conference on Architecting Critical Systems
Hi-index | 0.00 |
Electronic voting machines have complex requirements. These machines should be developed following best practice with regards to the engineering of critical systems. The correctness and security of these systems is critical because an insecure system could be open to attack, potentially leading to an election returning an incorrect result or an election not being able to return any result. In the worst case scenario an incorrect result is returned - perhaps due to malicious intent - and this is not detected. We demonstrate that an incorrect interface is a major security threat and show the use of the formal method B in guaranteeing simple safety properties of the voting interface of a voting machine implementing a common variation of the single transferable vote (STV) election process. The interface properties we examine are concerned with the collection of only valid votes. Using the B-method, we apply an incremental refinement approach to verifying a sequence of designs of the interface for the collection and storage of votes, which we prove to be correct with respect to the simple requirement that only valid votes can be collected.