Formal and semi-formal verification of a web voting system

Abstract

Purpose – This paper aims to present the verification process conducted to assess the functional correctness of the voting system. Consejo Nacional de Investigaciones Científicas y Técnicas (CONICET) is the most important research institution in Argentina. It depends directly from Argentina’s President but its internal authorities are elected by around 8,000 research across the country. During 2011, the CONICET developed a Web voting system to replace the traditional mail-based process. In 2012 and 2014, CONICET conducted two Web election with no complaints from candidates and voters. Before moving the system into production, CONICET asked the authors to conduct a functional and security assessment of it. Design/methodology/approach – This process is the result of integrating formal, semi-formal and informal verification activities from formal proof to code inspection and model-based testing. Findings – Given the resources and time available, a reasonable level of confidence on the correctness of the application could be transmitted to senior management. Research limitations/implications – A formal specification of the requirements must be developed. Originality/value – Formal methods and semi-formal activities are seldom applied to Web applications.