10,697 research outputs found
Technique Integration for Requirements Assessment
In determining whether to permit a safety-critical software system to be certified and in performing independent verification and validation (IV&V) of safety- or mission-critical systems, the requirements traceability matrix (RTM) delivered by the developer must be assessed for accuracy. The current state of the practice is to perform this work manually, or with the help of general-purpose tools such as word processors and spreadsheets Such work is error-prone and person-power intensive. In this paper, we extend our prior work in application of Information Retrieval (IR) methods for candidate link generation to the problem of RTM accuracy assessment. We build voting committees from five IR methods, and use a variety of voting schemes to accept or reject links from given candidate RTMs. We report on the results of two experiments. In the first experiment, we used 25 candidate RTMs built by human analysts for a small tracing task involving a portion of a NASA scientific instrument specification. In the second experiment, we randomly seeded faults in the RTM for the entire specification. Results of the experiments are presented
Public Evidence from Secret Ballots
Elections seem simple---aren't they just counting? But they have a unique,
challenging combination of security and privacy requirements. The stakes are
high; the context is adversarial; the electorate needs to be convinced that the
results are correct; and the secrecy of the ballot must be ensured. And they
have practical constraints: time is of the essence, and voting systems need to
be affordable and maintainable, and usable by voters, election officials, and
pollworkers. It is thus not surprising that voting is a rich research area
spanning theory, applied cryptography, practical systems analysis, usable
security, and statistics. Election integrity involves two key concepts:
convincing evidence that outcomes are correct and privacy, which amounts to
convincing assurance that there is no evidence about how any given person
voted. These are obviously in tension. We examine how current systems walk this
tightrope.Comment: To appear in E-Vote-Id '1
Accuracy: The fundamental requirement for voting systems
There have been several attempts to develop a comprehensive account of the requirements for voting systems, particularly for public elections. Typically, these approaches identify a number of "high level" principals which are then refined either into more detailed statements or more formal constructs. Unfortunately, these approaches do not acknowledge the complexity and diversity of the contexts in which voting takes place. This paper takes a different approach by arguing that the only requirement for a voting system is that it is accurate. More detailed requirements can then be derived from this high level requirement for the particular context in which the system is implemented and deployed. A general, formal high level model for voting systems and their context is proposed. Several related definitions of accuracy for voting systems are then developed, illustrating how the term "accuracy" is in interpreted in different contexts. Finally, a context based requirement for voting system privacy is investigated as an example of deriving a subsidiary requirement from the high level requirement for accuracy
Formal Verification of Voting Schemes
Fundamental trust and credibility in democratic systems is commonly established through
the existence and execution of democratic elections. The vote-counting of an election,
usually formalised by a voting scheme, essentially boils down to a mechanism that
aggregates individual preferences of the voters to reach a decision. For this matter, there
are various differing voting schemes in use throughout the world, commonly based on
high expectations and means to ensure a sensible democratic process. However, incidents
such as the ruling by the German federal constitutional court which led to a change of
the German legislation in 2013 manifest that it is difficult for a voting scheme to meet
these legitimate expectations. In fact, there is no general notion of correctness
for a voting scheme and thus no universal mechanism as shown in Kenneth J. Arrow’s
Impossibility Theorem in 1951. As a consequence, designing a real-world voting
scheme without flaws, which still gives significant democratic guarantees, is a difficult
task as a trade-off between desirable properties is non-trivial and error-prone.
The approach in this thesis is based on the idea to tackle this issue by proposing an
incremental and iterative development process for voting schemes based on automated
formal reasoning methods using program verification. We analyse two different forms
of verification considering their role in this development process in order to achieve
formal correctness of voting schemes. We perform a comprehensive set of case studies
by applying ``medium-weight\u27\u27 and ``light-weight\u27\u27 verification techniques. The ``medium-
weight\u27\u27 approach uses the annotation-based deductive verification tool VCC based on
an auto-active methodology and the ``light-weight\u27\u27 technique is performed with the
bounded model checking tool LLBMC. Our analysis covers a set of well-known voting
schemes combined with a set of prominent voting scheme criteria. In addition to giving
precise formalisations for these criteria adapted to the specific voting schemes and tools
used, we advance the efficiency of the ``light-weight\u27\u27 approach by exploiting fundamental
symmetric properties. Furthermore, we investigate on encountered challenges posed by
the auto-active verification methodology, which lies in-between automatic and interactive
verification methodologies, with respect to specific characteristics in voting schemes
and also explore the potential of bounded verification techniques to produce precise
counterexamples in order to enhance the capability of our envisioned development process
to give early feedback. This thesis gives fundamental insights in general challenges and
the potential of automated formal reasoning with the goal of correct voting schemes
Reasoning About Vote Counting Schemes Using Light-weight and Heavy-weight Methods
We compare and contrast our experiences in specifying, implementing
and verifying the monotonicity property of a simple plurality voting
scheme using modern light-weight and heavy-weight verification tools
Distributed Protocols at the Rescue for Trustworthy Online Voting
While online services emerge in all areas of life, the voting procedure in
many democracies remains paper-based as the security of current online voting
technology is highly disputed. We address the issue of trustworthy online
voting protocols and recall therefore their security concepts with its trust
assumptions. Inspired by the Bitcoin protocol, the prospects of distributed
online voting protocols are analysed. No trusted authority is assumed to ensure
ballot secrecy. Further, the integrity of the voting is enforced by all voters
themselves and without a weakest link, the protocol becomes more robust. We
introduce a taxonomy of notions of distribution in online voting protocols that
we apply on selected online voting protocols. Accordingly, blockchain-based
protocols seem to be promising for online voting due to their similarity with
paper-based protocols
Standard interface definition for avionics data bus systems
Data bus for avionics system of space shuttle, noting functions of interface unit, error detection and recovery, redundancy, and bus control philosoph
Proving the monotonicity criterion for a plurality vote-counting program as a step towards verified vote-counting
We show how modern interactive verification tools
can be used to prove complex properties of vote-counting software.
Specifically, we give an ML implementation of a votecounting
program for plurality voting; we give an encoding of
this program into the higher-order logic of the HOL4 theorem
prover; we give an encoding of the monotonicity property in the
same higher-order logic; we then show how we proved that the
encoding of the program satisfies the encoding of the monotonicity
property using the interactive theorem prover HOL4. As an aside,
we also show how to prove the correctness of the vote-counting
program. We then discuss the robustness of our approach
- …