Verifying System-Level Security of a Smart Ballot Box

Event-B, a refinement-based formal modelling language, has traditionally focused on safety, but now increasingly finds a new role in developing secure systems. In this paper we take a fresh look at security and focus on what security means for the system rather than looking at detailed protocols. We use Event-B for proving security from an abstract view and refining it towards design details, focusing on the refinement of the availability property of the system. We define a general approach to guarantee the availability of events by ensuring the non-strengthening of their guards, taking into consideration their parameter types. We illustrate our approach using a smart ballot system, an integral part of modern voting systems.

[1]  Gavin Lowe,et al.  Casper: a compiler for the analysis of security protocols , 1997, Proceedings 10th Computer Security Foundations Workshop.

[2]  Thai Son Hoang,et al.  Refinement of decomposed models by interface instantiation , 2014, Sci. Comput. Program..

[3]  Egon Börger,et al.  The ASM Ground Model Method as a Foundation for Requirements Engineering , 2003, Verification: Theory and Practice.

[4]  Thai Son Hoang,et al.  Rodin: an open toolset for modelling and reasoning in Event-B , 2010, International Journal on Software Tools for Technology Transfer.

[5]  Dominique Méry,et al.  Applying a Dependency Mechanism for Voting Protocol Models Using Event-B , 2017, FORTE.

[6]  Michael J. Butler,et al.  ProB: A Model Checker for B , 2003, FME.

[7]  Michael J. Butler,et al.  Verification of Liveness Properties in Distributed Systems , 2009, IC3.

[8]  Steve A. Schneider,et al.  A Peered Bulletin Board for Robust Use in Verifiable Voting Systems , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[9]  David A. Basin,et al.  Automated Analysis of Diffie-Hellman Protocols and Advanced Security Properties , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[10]  Jean-Raymond Abrial,et al.  Modeling in event-b - system and software engineering by Jean-Raymond Abrial , 2010, SOEN.