Award Abstract # 1258588
EAGER: Collaborative: Process-Based Technology to Support Comparison and Evaluation of the Security of Elections

NSF Org: CNS
Division Of Computer and Network Systems
Recipient: UNIVERSITY OF MASSACHUSETTS
Initial Amendment Date: September 13, 2012
Latest Amendment Date: September 13, 2012
Award Number: 1258588
Award Instrument: Standard Grant
Program Manager: Michael Foster
CNS
 Division Of Computer and Network Systems
CSE
 Direct For Computer & Info Scie & Enginr
Start Date: October 1, 2012
End Date: September 30, 2013 (Estimated)
Total Intended Award Amount: $75,000.00
Total Awarded Amount to Date: $75,000.00
Funds Obligated to Date: FY 2012 = $75,000.00
History of Investigator:
  • Leon Osterweil (Principal Investigator)
    ljo@cs.umass.edu
  • Lori Clarke (Co-Principal Investigator)
  • George Avrunin (Co-Principal Investigator)
Recipient Sponsored Research Office: University of Massachusetts Amherst
101 COMMONWEALTH AVE
AMHERST
MA  US  01003-9252
(413)545-0698
Sponsor Congressional District: 02
Primary Place of Performance: University of Massachusetts Amherst
MA  US  01003-9242
Primary Place of Performance
Congressional District:
02
Unique Entity Identifier (UEI): VGJHK59NMPK9
Parent UEI: VGJHK59NMPK9
NSF Program(s): Secure &Trustworthy Cyberspace
Primary Program Source: 01001213DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s): 7434, 7916
Program Element Code(s): 8060
Award Agency Code: 4900
Fund Agency Code: 4900
Assistance Listing Number(s): 47.070

ABSTRACT

This project explores process composition tools as applied to elections, concentrating particularly on mail-in and Internet voting. This includes exploration of how to compose systems from pre-analyzed process components, how to analyze the vulnerability of these systems to attacks, and how to guarantee that important security properties are ensured for the resulting composed system. The underlying processes represent aspects of national and local elections, their composition produces an election process, and analysis of the composition gives insight into potential errors or attacks on the election.

Elections are human-intensive processes, processes that directly involve humans in important decision-making and coordination activities, including their interactions with hardware and software components. Providing an approach for formally reasoning about human participation extends current security work. The project also breaks new ground by exploring process-based approaches for modeling and defending against attacks.

The project works closely with government agencies at both the national and local levels to provide in-depth realistic evaluation of results.

Election officials in the U.S. can directly employ the results of this work to make U.S. election processes more verifiably secure, simpler, and easier to change as new technologies, laws, and regulations are imposed. Moreover the technologies developed in this project can be used in most human-intensive processes that have critical security concerns.

PROJECT OUTCOMES REPORT

Disclaimer

This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

 

This work has addressed the need to determine whether or not a process used to carry out an election contains defects or vulnerabilities that could jeopardize the correctness of the results reported, or violate the security of the election or the privacy of voters.  Elections are very complicated processes that begin with the creation of criteria for certifying voters, election officials, and devices used, proceeds through voter registration, purchase of equipment, deployment of personnel, performance of the actual balloting process, and concludes with canvassing and recounting when necessary and appropriate.  The sheer size and complexity of such a process creates the possibility of undetected defects and vulnerabilities to attacks that may come from insiders or outsiders.  The project has shown that some of these defects and vulnerabilities can be detected by the application of analysis approaches applied to rigorously defined, detailed models of election processes. Some of these analysis approaches are extensions of techniques that were originally developed to help improve the quality of software systems. Others involve automation and extensions to safety analysis approaches that have typically been manually applied by industrial and safety engineers.  The project has created some example models of key components of actual election processes used in California and has applied prototype tools based upon these software and safety analysis approaches.  The project has identified some actual defects and vulnerabilities in these models.  Thus this project suggests that creating precise and detailed election process models, and then subjecting them to rigorous analysis, can indeed improve the correctness and security of these process models.  Accordingly, the project outcomes suggest a systematic approach to improving the robustness and reliability of actual elections, which are key cornerstones of democracy in the US.


Last Modified: 12/09/2013
Modified by: Leon J Osterweil

Please report errors in award information by writing to: awardsearch@nsf.gov.

Print this page

Back to Top of page