TY - GEN
T1 - Formal verification of tamper-evident storage tor e-voting
AU - Cansell, Dominique
AU - Gibson, J. Paul
AU - Méry, Dominique
PY - 2007/12/1
Y1 - 2007/12/1
N2 - The storage of votes is a critical component of any voting system. In traditional systems there is a high level of transparency in the mechanisms used to store votes, and thus a reasonable degree of trustworthiness in the security of the votes in storage. This degree of transparency is much more difficult to attain in electronic voting systems, and so the specific mechanisms put in place to ensure the security of stored votes require much stronger verification in order for them to be trusted by the public. There are many desirable properties that one could reasonably expect a vote store to exhibit. From the point of view of security, we argue that tamper-evident storage is one of the most important requirements: the changing, or deletion of already validated and stored votes should be detectable; as should the addition of unauthorised votes after the election is concluded. We propose the application of formal methods (in this paper, event-B) for guaranteeing, through construction, the correctness of a vote store with respect to the requirement for tamperevident storage. We illustrate the utility of our refinementbased approach by verifying - through the application of a reusable formal design pattern - a store design that uses a specific PROM technology and applies a specific encoding mechanism.
AB - The storage of votes is a critical component of any voting system. In traditional systems there is a high level of transparency in the mechanisms used to store votes, and thus a reasonable degree of trustworthiness in the security of the votes in storage. This degree of transparency is much more difficult to attain in electronic voting systems, and so the specific mechanisms put in place to ensure the security of stored votes require much stronger verification in order for them to be trusted by the public. There are many desirable properties that one could reasonably expect a vote store to exhibit. From the point of view of security, we argue that tamper-evident storage is one of the most important requirements: the changing, or deletion of already validated and stored votes should be detectable; as should the addition of unauthorised votes after the election is concluded. We propose the application of formal methods (in this paper, event-B) for guaranteeing, through construction, the correctness of a vote store with respect to the requirement for tamperevident storage. We illustrate the utility of our refinementbased approach by verifying - through the application of a reusable formal design pattern - a store design that uses a specific PROM technology and applies a specific encoding mechanism.
U2 - 10.1109/SEFM.2007.21
DO - 10.1109/SEFM.2007.21
M3 - Conference contribution
AN - SCOPUS:47949083204
SN - 0769528848
SN - 9780769528847
T3 - Proceedings - 5th IEEE International Conference on Software Engineering and Formal Methods, SEFM 2007
SP - 329
EP - 338
BT - Proceedings - 5th IEEE International Conference on Software Engineering and Formal Methods, SEFM 2007
T2 - 5th IEEE International Conference on Software Engineering and Formal Methods, SEFM 2007
Y2 - 10 September 2007 through 14 September 2007
ER -