Formal and semi-formal verification of a web voting system

Purpose: CONICET is the most important research institution in Argentina. It depends directly from Argentina’s President but its internal authorities are elected by around 8,000 researches across the country. During 2011 the CONICET developed a web voting system to replace the traditional mail-based process. In 2012 and 2014 CONICET conducted two web election with no complains from candidates and voters. Before moving the system into production, CONICET asked the authors to conduct a functional and security assessment of it.In this paper we present the verification process conducted to assess the functional correctness of the voting system. Design/methodology/approach: This process is the result of integrating formal, semi-formal and informal verification activities from formal proof to code inspection and model-based testing. Findings: Given the resources and time available we were able to transmit to senior management a reasonable level of confidence on the correctness of the application. Research limitations/implications: A formal specification of the requirements must be developed. Practical implications: N/A Social Implications: N/A Originality/value: Formal methods and semi-formal activities are seldom applied to Web applications.