Formal Specification and Analysis of an E-voting System

2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI:10.1109/ARES.2010.83

Komminist Weldemariam, R. Kemmerer, Adolfo Villafiorita

{"title":"Formal Specification and Analysis of an E-voting System","authors":"Komminist Weldemariam, R. Kemmerer, Adolfo Villafiorita","doi":"10.1109/ARES.2010.83","DOIUrl":null,"url":null,"abstract":"Electronic voting systems are a perfect example of security-critical computing. One of the critical and complex parts of such systems is the voting process, which is responsible for correctly and securely storing intentions and actions of the voters. Unfortunately, recent studies revealed that various e-voting systems show serious specification, design, and implementation flaws. The application of formal specification and verification can greatly help to better understand the system requirements of e-voting systems by thoroughly specifying and analyzing the underlying assumptions and the security specific properties.This paper presents the specification and verification of the electronic voting process for the Election Systems & Software (ES&S) system. We used the ASTRAL language to specify the voting process of ES&S machines and the critical security requirements for the system. Proof obligations that verify that the specified system meets the critical requirements were automatically generated by the ASTRAL Software Development Environment (SDE). The PVS interactive theorem prover was then used to apply the appropriate proof strategies and discharge the proof obligations.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"19","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2010.83","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 19

Abstract

Electronic voting systems are a perfect example of security-critical computing. One of the critical and complex parts of such systems is the voting process, which is responsible for correctly and securely storing intentions and actions of the voters. Unfortunately, recent studies revealed that various e-voting systems show serious specification, design, and implementation flaws. The application of formal specification and verification can greatly help to better understand the system requirements of e-voting systems by thoroughly specifying and analyzing the underlying assumptions and the security specific properties.This paper presents the specification and verification of the electronic voting process for the Election Systems & Software (ES&S) system. We used the ASTRAL language to specify the voting process of ES&S machines and the critical security requirements for the system. Proof obligations that verify that the specified system meets the critical requirements were automatically generated by the ASTRAL Software Development Environment (SDE). The PVS interactive theorem prover was then used to apply the appropriate proof strategies and discharge the proof obligations.

查看原文本刊更多论文

电子投票系统的形式化规范与分析

电子投票系统是安全关键型计算的完美范例。这种系统的一个关键和复杂的部分是投票过程，它负责正确和安全地存储选民的意图和行动。不幸的是，最近的研究表明，各种电子投票系统都存在严重的规范、设计和实现缺陷。正式规范和验证的应用可以通过彻底指定和分析底层假设和安全特定属性，极大地帮助更好地理解电子投票系统的系统需求。本文介绍了选举系统与软件(ES&S)系统中电子投票过程的规范和验证。我们使用ASTRAL语言来指定ES&S机器的投票过程和系统的关键安全要求。ASTRAL软件开发环境(SDE)自动生成验证指定系统满足关键需求的证明义务。然后使用PVS交互定理证明器应用适当的证明策略并履行证明义务。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2010 International Conference on Availability, Reliability and Security

自引率

0.00%

发文量