1 / 15

Dermot Cochran Supervisor : Joe Kiniry

Explore formal verification of computer-mediated remote voting for government elections. Define requirements & address conflicts. Assess trust in paper vs. electronic ballots. Proposal for secure electronic voting process. Methodology includes Business Object Notation and Java Modeling Language. Lessons learned from initial implementation to refinement. Future work includes complete formal specification and software verification. Engage with questions, criticisms, suggestions, and collaboration opportunities.

ronnie
Download Presentation

Dermot Cochran Supervisor : Joe Kiniry

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dermot Cochran Supervisor:Joe Kiniry Formal Verificationof Elections that use Electronic Voting

  2. PhD Thesis Statement: Verifiable Computer Mediated Remote Voting is appropriate for National and International Governmental Elections if (and only if) A proven and trustworthy election process is used.

  3. Definitions • Computer mediated voting: using a computer to record and count ballots • Remote voting: the voter need not be at a polling station e.g. might be using internet or mobile phone to cast a ballot • Verifiable: can be formally proven that each and every vote is counted as cast

  4. Voting Requirements • Privacy – no link between voter and ballot • Eligibility – proper registration of voters • Uniqueness – each vote counted once • Secrecy – inability to reveal a vote • Accuracy – all votes counted correctly • Robustness – no undetectable errors • Transparency – openness and verifiability

  5. Conflicting Requirements • Publishing anonymous ballots in a a bulletin board would allow for public transparency but violates secrecy, because vote signing is still possible • Receipt free voting schemes promote privacy and secrecy but deny transparency

  6. Are paper ballots trustworthy? • It depends on the process for: • Voter registration • Custody of ballot papers • Privacy within the polling stations; could I use a mobile phone camera to record my vote?

  7. Trustworthy vs Trusted • Some people trust paper ballots • Some election officialstrust voting machines • Most people won’t trust complicated mathematical proofs • I am not exploring the question of public trust in electronic voting

  8. Research Plan • Demonstrate that electronic vote counting can be made reliable and accurate; treat all counting errors with extreme suspicion • Model the election process as a whole, including security requirements • Prove that at least one such election process, is valid i.e. non-conflicting when electronic voting is allowed

  9. Preference Voting • Ireland uses Proportional Representation by Single Transferable Vote i.e. preference voting • Voters express multiple preferences for candidates in constituencies with between three and five seats • Formalized as a Java Modeling Language (JML) specification

  10. Methodology • Business Object Notation for analysis, design and architecture • Finite State Machine model • Java Modeling Language specification • Scenario tests from BON and state model • Unit tests from JML

  11. Finite State Machine for Ballot Counting

  12. Lessons Learnt • At first I went straight from the legal requirements to JML specifications, without using BON • When I implemented the JML into Java I then had to re-factor all my JML into the correct architecture and add a more detailed state machine

  13. Refinement • BON is object-oriented, although a classifier in BON might refine to either a field, method, class or package in Java • BON pre-conditions, post-conditions and constraints are written in structured English suitable for refinement into JML statements

  14. Future Work • Formally specify the whole election process including actions by people • Proved the correctness of the specification using software verification tools, including model checkers • Modular verification e.g. require that software and machines are verifiable

  15. Thank You for Listening • Questions? • Criticisms? • Suggestions? • Possible Collaborations?

More Related