A Methodology for Assessing Procedural Security: A Case Study in E-Voting

This paper presents a methodology for procedural security analysis in order to analyze and eventually try to make elections more secure. Our approach is based on modelling the electoral procedures in the form of business process models (which we write in a strict simplified subset of UML), systematically translate the models into executable formal specifications, and analyze the specifications against security properties. We believe such an analysis to be essential to identifying the limits of the current procedures (i.e. undetected attacks) and to identify more precisely under what hypotheses we can guarantee secure elections. This paper presents the approach and demonstrates with an example taken from the e-Voting procedures enacted within the ProVotE project, current trial of the Italian legislation.