Election Process Modeling and Analysis

We have had several different thrusts to our work with elections and electronic voting.

One key thrust was to explore process composition tools as applied to elections, concentrating particularly on mail-in and Internet voting. This included exploration of how to compose systems from pre-analyzed process components, how to analyze the vulnerability of these systems to attacks, and how to guarantee that important security properties are ensured for the resulting composed system. The underlying processes represent aspects of national and local elections, their composition produces an election process, and analysis of the composition gives insight into potential errors or attacks on the election. Providing an approach for formally reasoning about human participation extends current security work. The project also breaks new ground by exploring process-based approaches for modeling and defending against attacks.

Another thrust that we have examined looked at auditing. Election auditing verifies that the systems and procedures work as intended, and that the votes have been counted correctly. If a problem arises, forensic techniques enable auditors to determine what happened and how to compensate if possible. Complicating this is that the audit trails enabling analysis of failures may contain information that either exposes the identity of the voter (enabling voter coercion, for example); or that communicates a message to a third party (enabling vote selling). The goal of this project was to determine the information needed to assess whether the election process in general, and e-voting machines in particular, operate with the desired degree of assurance, especially with respect to anonymity and privacy.

The leads at UC Davis for this work were:

Matt Bishop (PI; UC Davis)
Sean Peisert (CoPI; UC Davis and LBNL)

This work was performed in close cooperation with the Marin County Registrar of Voters’ office and the Yolo County Clerk-Recorder’s office.

We also collaborated closely with Lee Osterweil, Lori Clarke, George Avrunin, and their graduate students and postdocs in the LASER Lab at UMass Amherst.

More information is available at the UC Davis elections and electronic voting project web site and UMass Amherst elections project web site.

Selected publications resulting from this project

Matt Bishop, Philip Stark, Josh Benaloh, Joseph Kiniry, Ron Rivest, Sean Peisert, Joseph Hall, and Vanessa Teague, “Open-Source Software Won’t Ensure Election Security,” Lawfare, August 24, 2017. [bib]

Leon J. Osterweil, Matt Bishop, Heather M. Conboy, Huong Phan, Borislava I. Simidchieva, George S. Avrunin, Lori A. Clarke, and Sean Peisert, “A Comprehensive Framework for Using Iterative Analysis to Improve Human-Intensive Process Security: An Election Example,” ACM Transactions on Privacy and Security (TOPS), 20(2), March 2017. [DOI] [OA] [CDL]

Matt Bishop, Heather Conboy, Huong Phan, Borislava I. Simidchieva, George Avrunin, Lori Clarke, Lee Osterweil, and Sean Peisert," Insider Detection by Process Analysis," Proceedings of the 2014 Workshop on Research for Insider Threat (WRIT), IEEE Computer Society Security and Privacy Workshops, San Jose, CA, May 18, 2014.

Matt Bishop and Sean Peisert, “Security and Elections,” IEEE Security and Privacy,10(5), pp. 64–67, Sept.-Oct. 2012. [BibTeX] [DOI]

Huong Phan, George Avrunin, Matt Bishop, Lori Clarke, and Leon J. Osterweil, “A Systematic Process-Model-Based Approach for Synthesizing Attacks and Evaluating Them,” Proceedings of the 2012 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (EVT/WOTE), Washinton, D.C., August 2012.

Borislava I. Simidchieva, Sophie J. Engle, Michael Clifford, Alicia Clay Jones, Sean Peisert, Matt Bishop, Lori A. Clarke, and Leon J. Osterweil, “Modeling Faults to Improve Election Process Robustness,” Proceedings of the 2010 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (EVT/WOTE), Washinton, D.C., August 11–13, 2010. [BibTeX] [Authoritative]

Matt Bishop, Sean Peisert, Candice Hoke, Mark Graff, and David Jefferson, “E-Voting and Forensics: Prying Open the Black Box,” Proceedings of the 2009 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (EVT/WOTE), Montreal, Canada, August 10–11, 2009. [BibTeX] [Authoritative]

Sean Peisert, Matt Bishop, and Alec Yasinsac, “Vote Selling, Voter Anonymity, and Forensic Logging of Electronic Voting Machines,” Proceedings of the 42nd Hawaii International Conference on System Sciences (HICSS), Decision Technologies and Service Sciences Track, Digital Forensics Pedagogy and Foundational Research Activity Minitrack, Waikoloa, HI, January 5–8, 2009. (Nominated for Best Paper Award) [BibTeX] [DOI]

Matt Bishop, Mark Graff, Candice Hoke, David Jefferson, and Sean Peisert, “Resolving the Unexpected in Elections: Election Officials’ Options,” October 8, 2008. [BibTeX] [CDL]

Distributed by the Center For Election Excellence and the American Bar Association.

Sponsors: National Science Foundation CCF-0905503, CNS-1049738, CNS-1258577, and NIST

More information is available on other Berkeley Lab R&D projects focusing on cybersecurity in general, as well as specifically on cybersecurity for scientific and high-performance computing.