Formal analysis of an electronic voting system: An experience report

We have seen that several currently deployed e-voting systems share critical failures in their design and implementation that render their technical and procedural controls insufficient to guarantee trustworthy voting. The application of formal methods would greatly help to better address problems a...

Full description

Saved in:
Bibliographic Details
Published inThe Journal of systems and software Vol. 84; no. 10; pp. 1618 - 1637
Main Authors Weldemariam, Komminist, Kemmerer, Richard A., Villafiorita, Adolfo
Format Journal Article
LanguageEnglish
Published New York Elsevier Inc 01.10.2011
Elsevier Sequoia S.A
Subjects
Critical requirements
E-voting
Electronic voting systems
ES&S system
Formal specification and verification
Online voting
Program verification (computers)
Programming languages
Proving
Security
Security management
Specifications
Strategy
Studies
Systems development
Voting
Voting machines
United States > US
Formal specification and verification
Electronic voting systems
Critical requirements
ES&S system
Online AccessGet full text

Cover

Abstract We have seen that several currently deployed e-voting systems share critical failures in their design and implementation that render their technical and procedural controls insufficient to guarantee trustworthy voting. The application of formal methods would greatly help to better address problems associated with assurance against requirements and standards. More specifically, it would help to thoroughly specify and analyze the underlying assumptions and security specific properties, and it would improve the trustworthiness of the final systems. In this article, we show how such techniques can be used to model and reason about the security of one of the currently deployed e-voting systems in the U.S.A named ES&S. We used the ASTRAL language to specify the voting process of ES&S machines and the critical security requirements for the system. Proof obligations that verify that the specified system meets the critical requirements were automatically generated by the ASTRAL Software Development Environment (SDE). The PVS interactive theorem prover was then used to apply the appropriate proof strategies and discharge the proof obligations. We also believe that besides analyzing the system against its requirements, it is equally important to perform an analysis under malicious circumstances where the execution model is augmented with attack behaviors. Thus, we extend the formal specification of the system by specifying attacks that have been shown to successfully compromise the system, and we then repeat the formal verification. This is helpful in detecting missing requirements or unwarranted assumptions about the specification of the system. In addition, this allows one to sketch countermeasure strategies to be used when the system behaves differently than it should and to build confidence about the system under development. Finally, we acknowledge the main problem that arises in e-voting system specification and verification: modeling attacks is very difficult because the different types of attack often cut across the structure of the original behavior models, thus making (incremental or compositional) verification very difficult.
AbstractList We have seen that several currently deployed e-voting systems share critical failures in their design and implementation that render their technical and procedural controls insufficient to guarantee trustworthy voting. The application of formal methods would greatly help to better address problems associated with assurance against requirements and standards. More specifically, it would help to thoroughly specify and analyze the underlying assumptions and security specific properties, and it would improve the trustworthiness of the final systems. In this article, we show how such techniques can be used to model and reason about the security of one of the currently deployed e-voting systems in the U.S.A named ES&S. We used the ASTRAL language to specify the voting process of ES&S machines and the critical security requirements for the system. Proof obligations that verify that the specified system meets the critical requirements were automatically generated by the ASTRAL Software Development Environment (SDE). The PVS interactive theorem prover was then used to apply the appropriate proof strategies and discharge the proof obligations. We also believe that besides analyzing the system against its requirements, it is equally important to perform an analysis under malicious circumstances where the execution model is augmented with attack behaviors. Thus, we extend the formal specification of the system by specifying attacks that have been shown to successfully compromise the system, and we then repeat the formal verification. This is helpful in detecting missing requirements or unwarranted assumptions about the specification of the system. In addition, this allows one to sketch countermeasure strategies to be used when the system behaves differently than it should and to build confidence about the system under development. Finally, we acknowledge the main problem that arises in e-voting system specification and verification: modeling attacks is very difficult because the different types of attack often cut across the structure of the original behavior models, thus making (incremental or compositional) verification very difficult.
This paper had seen that several currently deployed e-voting systems share critical failures in their design and implementation that render their technical and procedural controls insufficient to guarantee trustworthy voting. The application of formal methods would greatly help to better address problems associated with assurance against requirements and standards. This paper showed how such techniques can be used to model and reason about the security of one of the currently deployed e-voting systems in the US named ES&S. This paper used the ASTRAL language to specify the voting process of ES&S machines and the critical security requirements for the system. Proof obligations that verify that the specified system meets the critical requirements were automatically generated by the ASTRAL Software Development Environment. The PVS interactive theorem prover was then used to apply the appropriate proof strategies and discharge the proof obligations.
Author Villafiorita, Adolfo
Weldemariam, Komminist
Kemmerer, Richard A.
Author_xml – sequence: 1
  givenname: Komminist
  surname: Weldemariam
  fullname: Weldemariam, Komminist
  email: sisai@fbk.eu, komminist@gmail.com
  organization: Foundation Bruno Kessler, via Sommarive 18, TN 38123 Trento, Italy
– sequence: 2
  givenname: Richard A.
  surname: Kemmerer
  fullname: Kemmerer, Richard A.
  organization: Department of Computer Science, University of California, Santa Barbara, CA 93106-5110, United States
– sequence: 3
  givenname: Adolfo
  surname: Villafiorita
  fullname: Villafiorita, Adolfo
  organization: Foundation Bruno Kessler, via Sommarive 18, TN 38123 Trento, Italy
BookMark eNp9kEFLAzEQhYNUsFZ_gLfFi6etmSTN7uqpVKtCwYueQ5pOJMvuZk22xf57U-vJgzAwD-a9B_Odk1HnOyTkCugUKMjbelrHOGUUYEp5GnZCxlAWPAfGyhEZJ49IGtgZOY-xppQWjLIxeVj60Oom051u9tHFzNukM2zQDMF3zmQ7P7juI4v7OGB7l83T8avH4LAzmAXsfRguyKnVTcTL3z0h78vHt8Vzvnp9elnMV7nhMznkFYBmyMFWfA2ysDMq17bczCwyWcJabCS3GsBoq5kRBUq2riQaWdpZhZUAPiE3x94--M8txkG1LhpsGt2h30ZVgZBcVIVIzus_ztpvQ_oxqrKkvBQSDnVwNJngYwxoVR9cq8NeAVUHqqpWiao6UFWUp2Epc3_MYPpz5zCoaH5QbFxIyNTGu3_S33magMw
CODEN JSSODM
CitedBy_id crossref_primary_10_1007_s10586_018_2162_7
crossref_primary_10_1016_j_jss_2013_09_020
crossref_primary_10_4018_IJSI_309731
crossref_primary_10_1007_s11042_017_4853_0
Cites_doi 10.3233/JCS-2009-0340
10.1145/373243.360213
10.1109/52.57891
10.3233/JCS-2009-0339
10.1023/A:1018934104631
10.1109/TIFS.2009.2034903
10.1147/sj.411.0140
10.1109/TSE.2009.53
10.1007/3-540-45657-0_29
10.1145/1297797.1297827
10.1109/TSE.2007.70772
10.1007/978-3-642-13556-9_6
10.1504/EG.2009.024443
10.1109/MSP.2008.62
10.1109/HICSS.1997.661700
10.1109/5254.722359
10.1145/332159.332163
10.1016/j.entcs.2007.01.060
ContentType Journal Article
Copyright 2011 Elsevier Inc.
Copyright Elsevier Sequoia S.A. Oct 2011
Copyright_xml – notice: 2011 Elsevier Inc.
– notice: Copyright Elsevier Sequoia S.A. Oct 2011
DBID AAYXX
CITATION
7SC
8FD
JQ2
L7M
L~C
L~D
DOI 10.1016/j.jss.2011.03.032
DatabaseName CrossRef
Computer and Information Systems Abstracts
Technology Research Database
ProQuest Computer Science Collection
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts – Academic
Computer and Information Systems Abstracts Professional
DatabaseTitle CrossRef
Computer and Information Systems Abstracts
Technology Research Database
Computer and Information Systems Abstracts – Academic
Advanced Technologies Database with Aerospace
ProQuest Computer Science Collection
Computer and Information Systems Abstracts Professional
DatabaseTitleList Computer and Information Systems Abstracts
Computer and Information Systems Abstracts
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISSN 1873-1228
EndPage 1637
ExternalDocumentID 2413735291
10_1016_j_jss_2011_03_032
S0164121211000756
Genre Feature
GeographicLocations United States--US
GeographicLocations_xml – name: United States--US
GroupedDBID --K
--M
-~X
.DC
.~1
0R~
1B1
1~.
1~5
29L
4.4
457
4G.
5GY
5VS
7-5
71M
8P~
9JN
9M8
AABNK
AACTN
AAEDT
AAEDW
AAIKJ
AAKOC
AALRI
AAOAW
AAQFI
AAQXK
AAXUO
AAYFN
AAYOK
ABBOA
ABEFU
ABFNM
ABFRF
ABFSI
ABJNI
ABMAC
ABTAH
ABXDB
ABYKQ
ACDAQ
ACGFO
ACGFS
ACGOD
ACNNM
ACRLP
ACZNC
ADBBV
ADEZE
ADHUB
ADJOM
ADMUD
AEBSH
AEFWE
AEKER
AENEX
AFKWA
AFTJW
AGHFR
AGUBO
AGYEJ
AHHHB
AHZHX
AI.
AIALX
AIEXJ
AIKHN
AITUG
AJBFU
AJOXV
ALMA_UNASSIGNED_HOLDINGS
AMFUW
AMRAJ
AOUOD
ASPBG
AVWKF
AXJTR
AZFZN
BKOJK
BKOMP
BLXMC
CS3
DU5
E.L
EBS
EFJIC
EFLBG
EJD
EO8
EO9
EP2
EP3
FDB
FEDTE
FGOYB
FIRID
FNPLU
FYGXN
G-Q
G8K
GBLVA
GBOLZ
HLZ
HVGLF
HZ~
IHE
J1W
KOM
LG9
M41
MO0
MS~
N9A
O-L
O9-
OAUVE
OZT
P-8
P-9
P2P
PC.
PQQKQ
Q38
R2-
RIG
RNS
ROL
RPZ
RXW
SBC
SDF
SDG
SDP
SES
SEW
SPC
SPCBC
SSV
SSZ
T5K
TAE
TN5
TWZ
UHS
UNMZH
VH1
WUQ
XPP
ZMT
ZY4
~G-
AAXKI
AAYXX
AFJKZ
AKRWK
CITATION
7SC
8FD
JQ2
L7M
L~C
L~D
ID FETCH-LOGICAL-c356t-911a2e31f93b167f506bf8d5fe2681b4d63fa11cafa2c47e62b96ec68f59e9413
IEDL.DBID AIKHN
ISSN 0164-1212
IngestDate Fri Oct 25 23:33:33 EDT 2024
Thu Oct 10 17:07:05 EDT 2024
Thu Sep 26 17:43:31 EDT 2024
Fri Feb 23 02:32:33 EST 2024
IsPeerReviewed true
IsScholarly true
Issue 10
Keywords Formal specification and verification
Electronic voting systems
Critical requirements
ES&S system
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c356t-911a2e31f93b167f506bf8d5fe2681b4d63fa11cafa2c47e62b96ec68f59e9413
Notes ObjectType-Article-2
SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 23
PQID 880384611
PQPubID 45802
PageCount 20
ParticipantIDs proquest_miscellaneous_914634974
proquest_journals_880384611
crossref_primary_10_1016_j_jss_2011_03_032
elsevier_sciencedirect_doi_10_1016_j_jss_2011_03_032
PublicationCentury 2000
PublicationDate 2011-10-01
PublicationDateYYYYMMDD 2011-10-01
PublicationDate_xml – month: 10
  year: 2011
  text: 2011-10-01
  day: 01
PublicationDecade 2010
PublicationPlace New York
PublicationPlace_xml – name: New York
PublicationTitle The Journal of systems and software
PublicationYear 2011
Publisher Elsevier Inc
Elsevier Sequoia S.A
Publisher_xml – name: Elsevier Inc
– name: Elsevier Sequoia S.A
References Kemmerer (bib0170) 1990; 7
Bishop, Wagner (bib0040) 2007; 50
Abadi, Fournet (bib0005) 2001; 36
Cranor, Cytron (bib0110) 1997; 3
Cansell, Gibson, Mery (bib0070) 2007
Xu, Nygard (bib0305) 2005
Bryans, Littlewood, Ryan, Strigini (bib0050) 2006
Abrial (bib0010) 1996
Juels, Catalano, Jakobsson (bib0160) 2005
Villafiorita, Weldemariam, Tiella (bib0270) 2009; 4
Federal Election Commission, Voting System Standards, 2005. URL
Schmidt, Volkamer, Buchmann (bib0235) 2010
Tiella, Villafiorita, Tomasi (bib0265) 2007
Heitmeyer, C.L., Archer, M.M., Leonard, E.I., McLean, J.D., 2008. Applying formal methods to a certifiably secure software system. IEEE Transactions on Software Engineering (1), 34, pp. 82–98.
Aviv, Černy, Clark, Cronin, Shah, Sherr, Blaze (bib0020) 2008
Cimatti, Clarke, Giunchiglia, Giunchiglia, Pistore, Roveri, Sebastiani, Tacchella (bib0085) 2002
.
Ansari, Sakarindr, Haghani, Zhang, Jain, Shi (bib0015) 2008; 6
Bryl, Dalpiaz, Ferrario, Mattioli, Villafiorita (bib0055) 2009; 6
Council of Europe Recommendation on legal, Operational and Technical Standards for e-voting, Council of Europe, 2004.
Jones (bib0155) 2003
ES&S Inc, Election Systems & Software: iVotronic
Thomas, Moorby (bib0255) 1991
Sastry, N.K., 2007. Verifying Security Properties in Electronic Voting Machines, Ph.D. thesis, EECS Department, University of California, Berkeley, URL
Cobleigh, Clarke, Osterweil (bib0090) 2002; 41
Election Systems & Software, Video: Voting with the ES&S iVotronic, 2009.
Tiella, Villafiorita, Tomasi (bib0260) 2006
Gardner, Garera, Rubin (bib0130) 2007
McGaley, M.,2008. E-voting: an Immature Technology in a Critical Context. Ph.D. thesis, Departement of Computer Science, National University of Ireland, Maynooth, URL
Delaune, Kremer, Ryan (bib0115) 2009; 17
Sturton, Jha, Seshia, Wagner, D. (bib0250) 2009
Owre, S., Shankar, N., Rushby, J.M., 1993. The PVS Specification Language.
Küsters, Truderung, Vogt (bib0165) 2010
Balzarotti, Banks, Cova, Felmetsger, Kemmerer, Robertson, Valeur, Vigna (bib0035) 2008
Gibson, J.P., Lallet, E., Raffy, J.-L., 2010. Engineering a distributed e-voting system architecture: meeting critical requirements. In: ISARCS, pp. 89–108.
Cansell, Gibson, Méry (bib0075) 2007; 183
Voting System, version 9.1.x Election Day Operations Checklist, 2007.
Kolano, Dang, Kemmerer (bib0185) 1999; 7
Simidchieva, Marzilli, Clarke, Osterweil (bib0240) 2008
Backes, M., Hritcu, C., Maffei, M., 2008. Automated verification of remote electronic voting protocols in the applied pi-calculus. In: CSF, IEEE, ISBN 978-0-7695-3182-3, pp. 195–209.
Weldemariam, Villafiorita (bib0290) 2008
Kremer, Ryan (bib0190) 2005
Volkamer, Krimmer (bib0280) 2007
Grimm, Hupf, Volkamer (bib0140) 2010
Balzarotti, Banks, Cova, Felmetsger, Kemmerer, Robertson, Valeur, Vigna (bib0030) 2010; 36
Reinhard, Jung (bib0225) 2007
Smith, Avrunin, Clarke, Osterweil (bib0245) 2002
Weldemariam, Mattioli, Villafiorita (bib0295) 2009
California Secretary of State, 2007. Withdrawal of Approval of Diebold Election Systems, Inc., GEMS 1.18.24/AccuVote-TSWAccuVote-OS DRE & Optical Scan Voting System and conditional re-approval of use of Diebold Election Systems, Inc., GEMS 1.18.24/AccuVote-TSX/AccuVote-OS DRE & optical scan voting system, URL
Cass, Lerner, Sutton, McCall, Wise, Osterweil (bib0080) 2000
Volkamer, McGaley (bib0285) 2007
Common Criteria Common Criteria for Information Technology Security Evaluation, 2007.
Campanelli, Falleni, Martinelli, Petrocchi, Vaccarelli (bib0065) 2008
Kolano, P., 1999. Tools and Techniques for the Design and Systematic Analysis of Real-Time Systems. Ph.D. thesis, University of California, Santa Barbara).
Kohno, Stubblefield, Rubin, Wallach (bib0175) 2004
Wolchok, Wustrow, Halderman, Prasad, Kankipati, Sakhamuri, Yagati, Gonggrijp (bib0300) 2010
Blanchet (bib0045) 2009
Mercuri, R.T., 2001. Electronic Vote Tabulation Checks and Balances. Ph.D. thesis, University of Pennsylvania.
McDaniel, P., Butler, K., Enck, W., Hursti, H., McLaughlin, S., Traynor, P., Blaze, M., Aviv, A., Cerny, P., Clark, S., Vigna, G., Kemmerer, R., Balzarotti, D., Banks, G., Cova, M., Felmetsger, V., Robertson, W., Valeur, F., Hall, J.L., Quilter, L., 2007. EVEREST: Evaluation and Validation of Election-Related Equipment, Standards and Testing, Ohio Secretary of State’s EVEREST Project Report.
Volkamer (bib0275) 2009
Martinelli (bib0200) 2002
Cranor (bib0105) 1996; 2
Lowry, Dvorak (bib0195) 1998; 13
Volkamer (10.1016/j.jss.2011.03.032_bib0285) 2007
Simidchieva (10.1016/j.jss.2011.03.032_bib0240) 2008
Wolchok (10.1016/j.jss.2011.03.032_bib0300) 2010
Kremer (10.1016/j.jss.2011.03.032_bib0190) 2005
10.1016/j.jss.2011.03.032_bib0125
10.1016/j.jss.2011.03.032_bib0205
Martinelli (10.1016/j.jss.2011.03.032_bib0200) 2002
Schmidt (10.1016/j.jss.2011.03.032_bib0235) 2010
Cass (10.1016/j.jss.2011.03.032_bib0080) 2000
Balzarotti (10.1016/j.jss.2011.03.032_bib0035) 2008
Villafiorita (10.1016/j.jss.2011.03.032_bib0270) 2009; 4
10.1016/j.jss.2011.03.032_bib0120
Xu (10.1016/j.jss.2011.03.032_bib0305) 2005
Kolano (10.1016/j.jss.2011.03.032_bib0185) 1999; 7
Cimatti (10.1016/j.jss.2011.03.032_bib0085) 2002
Volkamer (10.1016/j.jss.2011.03.032_bib0275) 2009
Cansell (10.1016/j.jss.2011.03.032_bib0070) 2007
Delaune (10.1016/j.jss.2011.03.032_bib0115) 2009; 17
Bryans (10.1016/j.jss.2011.03.032_bib0050) 2006
Weldemariam (10.1016/j.jss.2011.03.032_bib0290) 2008
Bryl (10.1016/j.jss.2011.03.032_bib0055) 2009; 6
10.1016/j.jss.2011.03.032_bib0150
Grimm (10.1016/j.jss.2011.03.032_bib0140) 2010
10.1016/j.jss.2011.03.032_bib0230
Tiella (10.1016/j.jss.2011.03.032_bib0260) 2006
Gardner (10.1016/j.jss.2011.03.032_bib0130) 2007
Campanelli (10.1016/j.jss.2011.03.032_bib0065) 2008
Küsters (10.1016/j.jss.2011.03.032_bib0165) 2010
Cobleigh (10.1016/j.jss.2011.03.032_bib0090) 2002; 41
Cranor (10.1016/j.jss.2011.03.032_bib0110) 1997; 3
Juels (10.1016/j.jss.2011.03.032_bib0160) 2005
Sturton (10.1016/j.jss.2011.03.032_bib0250) 2009
Lowry (10.1016/j.jss.2011.03.032_bib0195) 1998; 13
Bishop (10.1016/j.jss.2011.03.032_bib0040) 2007; 50
Kohno (10.1016/j.jss.2011.03.032_bib0175) 2004
10.1016/j.jss.2011.03.032_bib0220
10.1016/j.jss.2011.03.032_bib0100
Cranor (10.1016/j.jss.2011.03.032_bib0105) 1996; 2
Kemmerer (10.1016/j.jss.2011.03.032_bib0170) 1990; 7
10.1016/j.jss.2011.03.032_bib0145
10.1016/j.jss.2011.03.032_bib0025
Volkamer (10.1016/j.jss.2011.03.032_bib0280) 2007
Abadi (10.1016/j.jss.2011.03.032_bib0005) 2001; 36
Abrial (10.1016/j.jss.2011.03.032_bib0010) 1996
Ansari (10.1016/j.jss.2011.03.032_bib0015) 2008; 6
10.1016/j.jss.2011.03.032_bib0180
10.1016/j.jss.2011.03.032_bib0060
Cansell (10.1016/j.jss.2011.03.032_bib0075) 2007; 183
Aviv (10.1016/j.jss.2011.03.032_bib0020) 2008
10.1016/j.jss.2011.03.032_bib0215
Reinhard (10.1016/j.jss.2011.03.032_bib0225) 2007
Smith (10.1016/j.jss.2011.03.032_bib0245) 2002
Tiella (10.1016/j.jss.2011.03.032_bib0265) 2007
Weldemariam (10.1016/j.jss.2011.03.032_bib0295) 2009
Blanchet (10.1016/j.jss.2011.03.032_bib0045) 2009
10.1016/j.jss.2011.03.032_bib0095
10.1016/j.jss.2011.03.032_bib0210
10.1016/j.jss.2011.03.032_bib0135
Jones (10.1016/j.jss.2011.03.032_bib0155) 2003
Thomas (10.1016/j.jss.2011.03.032_bib0255) 1991
Balzarotti (10.1016/j.jss.2011.03.032_bib0030) 2010; 36
References_xml – start-page: 1
  year: 2008
  end-page: 13
  ident: bib0020
  article-title: Security evaluation of ES&S voting machines and election management system
  publication-title: EVT: Proceedings of the Conference on Electronic Voting Technology
  contributor:
    fullname: Blaze
– volume: 41
  start-page: 140
  year: 2002
  end-page: 165
  ident: bib0090
  article-title: FLAVERS: a finite state verification technique for software systems
  publication-title: IBM Systems Journal
  contributor:
    fullname: Osterweil
– start-page: 84
  year: 2006
  end-page: 94
  ident: bib0260
  article-title: Specification of the Control Logic of an eVoting System in UML: the ProVotE experience
  publication-title: Csduml
  contributor:
    fullname: Tomasi
– volume: 36
  start-page: 104
  year: 2001
  end-page: 115
  ident: bib0005
  article-title: Mobile values new names and secure communication
  publication-title: SIGPLAN Notices
  contributor:
    fullname: Fournet
– year: 2003
  ident: bib0155
  article-title: The Evaluation of Voting Technology, Chap 1. Advances in Information Security
  contributor:
    fullname: Jones
– start-page: 754
  year: 2000
  end-page: 757
  ident: bib0080
  article-title: Little-JIL/Juliette: A process definition language and interpreter
  publication-title: Proceedings of the 22nd International Conference on Software Engineering
  contributor:
    fullname: Osterweil
– volume: 4
  start-page: 651
  year: 2009
  end-page: 661
  ident: bib0270
  article-title: Development, formal verification, and evaluation of an E-voting System with VVPAT
  publication-title: IEEE Transactions on Information Forensics and Security
  contributor:
    fullname: Tiella
– start-page: 29
  year: 2009
  end-page: 37
  ident: bib0295
  article-title: Managing Requirements for E-Voting Systems: Issues and Approaches
  publication-title: Proceedings of the 2009 First International Workshop on Requirements Engineering for e-Voting Systems
  contributor:
    fullname: Villafiorita
– start-page: 93
  year: 2007
  end-page: 102
  ident: bib0265
  article-title: FSMC+ a tool for the generation of Java code from statecharts
  publication-title: PPPJ: Proceedings of the 5th International Symposium on Principles and Practice of Programming in Java
  contributor:
    fullname: Tomasi
– start-page: 519
  year: 2002
  end-page: 531
  ident: bib0200
  article-title: Symbolic semantics and analysis for crypto-CCS with (almost) generic inference systems
  publication-title: MFCS: Proceedings of the 27th International Symposium on Mathematical Foundations of Computer Science
  contributor:
    fullname: Martinelli
– start-page: 463
  year: 2009
  end-page: 476
  ident: bib0250
  article-title: On voting machine design for verification and testability
  publication-title: ACM Conference on Computer and Communications Security
  contributor:
    fullname: D.
– year: 2007
  ident: bib0280
  article-title: Independent audits of remote electronic voting—developing a common criteria protection profile
  publication-title: Proceedings der EDEM 2007—Elektronische Demokratie in Österreich
  contributor:
    fullname: Krimmer
– year: 1991
  ident: bib0255
  article-title: The VERILOG Hardware Description Language
  contributor:
    fullname: Moorby
– start-page: 476
  year: 2008
  end-page: 481
  ident: bib0065
  article-title: Mobile Implementation and Formal Verification of an e-Voting System
  publication-title: Proceedings of the 2008 Third International Conference on Internet and Web Applications and Services, IEEE Computer Society
  contributor:
    fullname: Vaccarelli
– start-page: 89
  year: 2010
  end-page: 107
  ident: bib0140
  article-title: A formal IT-security model for the correction and abort requirement of electronic voting
  publication-title: Electronic Voting
  contributor:
    fullname: Volkamer
– year: 2008
  ident: bib0290
  article-title: Modeling and analysis of procedural security in (e)voting: the Trentino’s approach and experiences
  publication-title: EVT: Proceedings of the Conference on Electronic Voting Technology
  contributor:
    fullname: Villafiorita
– year: 2007
  ident: bib0130
  article-title: On the Difficulty of Validating Voting Machine Software with Software
  publication-title: EVT: Proceedings of the USENIX/Accurate Electronic Voting Technology on USENIX/Accurate Electronic Voting Technology Workshop
  contributor:
    fullname: Rubin
– start-page: 895
  year: 2007
  end-page: 902
  ident: bib0285
  article-title: Requirements and evaluation procedures for eVoting
  publication-title: ARES, IEEE Computer Society
  contributor:
    fullname: McGaley
– start-page: 186
  year: 2005
  end-page: 200
  ident: bib0190
  article-title: Analysis of an electronic voting protocol in the applied Pi-calculus
  publication-title: Programming Languages and Systems—Proceedings of the 14th European Symposium on Programming (ESOP’05)
  contributor:
    fullname: Ryan
– start-page: 988
  year: 2006
  end-page: 995
  ident: bib0050
  article-title: E-voting: dependability requirements and design for dependability
  publication-title: ARES
  contributor:
    fullname: Strigini
– start-page: 329
  year: 2007
  end-page: 338
  ident: bib0070
  article-title: Formal verification of tamper-evident storage for E-voting
  publication-title: SEFM, IEEE Computer Society
  contributor:
    fullname: Mery
– volume: 2
  start-page: 12
  year: 1996
  end-page: 16
  ident: bib0105
  article-title: Electronic voting: computerized polls may save money protect privacy
  publication-title: Crossroads
  contributor:
    fullname: Cranor
– start-page: 1
  year: 2010
  end-page: 14
  ident: bib0300
  article-title: Security analysis of India’s electronic voting machines
  publication-title: Proceedings of the 17th ACM Conference on Computer and Communications Security
  contributor:
    fullname: Gonggrijp
– volume: 6
  start-page: 213
  year: 2009
  end-page: 231
  ident: bib0055
  article-title: Evaluating procedural alternatives: a case study in e-voting
  publication-title: EG
  contributor:
    fullname: Villafiorita
– start-page: 241
  year: 2002
  end-page: 268
  ident: bib0085
  article-title: NuSMV 2: an open source tool for symbolic model checking
  publication-title: Computer Aided Verification, Lecture Notes in Computer Science
  contributor:
    fullname: Tacchella
– year: 1996
  ident: bib0010
  article-title: The B-book: Assigning Programs to Meanings
  contributor:
    fullname: Abrial
– start-page: 135
  year: 2010
  end-page: 148
  ident: bib0235
  article-title: An Evaluation and Certification Approach to Enable Voting Service Providers
  publication-title: Electronic Voting
  contributor:
    fullname: Buchmann
– volume: 17
  start-page: 435
  year: 2009
  end-page: 487
  ident: bib0115
  article-title: Verifying privacy-type properties of electronic voting protocols
  publication-title: Journal of Computer Security
  contributor:
    fullname: Ryan
– volume: 50
  start-page: 120
  year: 2007
  end-page: 1120
  ident: bib0040
  article-title: Risks of e-voting
  publication-title: Communication of ACM
  contributor:
    fullname: Wagner
– volume: 7
  start-page: 37
  year: 1990
  end-page: 50
  ident: bib0170
  article-title: Integrating Formal Methods into the Development Process
  publication-title: IEEE Software
  contributor:
    fullname: Kemmerer
– volume: 183
  start-page: 39
  year: 2007
  end-page: 55
  ident: bib0075
  article-title: Refinement: a constructive approach to formal software design for a secure e-voting interface
  publication-title: Electronic Notes in Theoretical Computer Science
  contributor:
    fullname: Méry
– start-page: 11
  year: 2002
  end-page: 21
  ident: bib0245
  article-title: PROPEL: an approach supporting property elucidation
  publication-title: ICSE’02: Proceedings of the 24th International Conference on Software Engineering
  contributor:
    fullname: Osterweil
– volume: 36
  start-page: 453
  year: 2010
  end-page: 473
  ident: bib0030
  article-title: An experience in testing the security of real-world electronic voting systems
  publication-title: IEEE Transaction on Software Engineering
  contributor:
    fullname: Vigna
– start-page: 363
  year: 2009
  end-page: 434
  ident: bib0045
  article-title: Automatic verification of correspondences for security protocols
  publication-title: Journal of Computer Security
  contributor:
    fullname: Blanchet
– start-page: 62
  year: 2007
  end-page: 75
  ident: bib0225
  article-title: Compliance of POLYAS with the BSI Protection Profile—Basic Requirements for Remote Electronic Voting Systems
  publication-title: VOTE-ID
  contributor:
    fullname: Jung
– year: 2009
  ident: bib0275
  article-title: Evaluation of Electronic Voting: Requirements and Evaluation Procedures to Support Responsible Election Authorities
  contributor:
    fullname: Volkamer
– start-page: 342
  year: 2005
  end-page: 346
  ident: bib0305
  article-title: A threat-driven approach to modeling and verifying secure software
  publication-title: Proceedings of the 20th IEEE/ACM International Conference on Automated Software Engineering
  contributor:
    fullname: Nygard
– start-page: 61
  year: 2005
  end-page: 70
  ident: bib0160
  article-title: Coercion-resistant electronic elections
  publication-title: WPES: Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society
  contributor:
    fullname: Jakobsson
– volume: 6
  start-page: 30
  year: 2008
  end-page: 39
  ident: bib0015
  article-title: Evaluating electronic voting systems equipped with voter-verified paper records
  publication-title: IEEE Security and Privacy
  contributor:
    fullname: Shi
– start-page: 27
  year: 2004
  ident: bib0175
  article-title: Analysis of an electronic voting system
  publication-title: IEEE Symposium on Security and Privacy
  contributor:
    fullname: Wallach
– start-page: 237
  year: 2008
  end-page: 248
  ident: bib0035
  article-title: Are your votes really counted? Testing the security of real-world electronic voting systems
  publication-title: ISSTA: International Symposium on Software Testing and Analysis
  contributor:
    fullname: Vigna
– start-page: 63
  year: 2008
  end-page: 72
  ident: bib0240
  article-title: Specifying and verifying requirements for election processes
  publication-title: Proceedings of the 2008 International Conference on Digital Government Research
  contributor:
    fullname: Osterweil
– volume: 7
  start-page: 177
  year: 1999
  end-page: 210
  ident: bib0185
  article-title: The Design and Analysis of Real-Time Systems Using the ASTRAL Software Development Environment
  publication-title: Annals of Software Engineering
  contributor:
    fullname: Kemmerer
– volume: 13
  start-page: 45
  year: 1998
  end-page: 49
  ident: bib0195
  article-title: Analytic Verification of Flight Software
  publication-title: IEEE Intelligent Systems
  contributor:
    fullname: Dvorak
– volume: 3
  start-page: 561
  year: 1997
  ident: bib0110
  article-title: Sensus: a security-conscious electronic polling system for the Internet
  publication-title: Hawaii International Conference on System Sciences
  contributor:
    fullname: Cytron
– start-page: 281
  year: 2010
  end-page: 295
  ident: bib0165
  publication-title: Proving coercion-resistance of scantegrity II
  contributor:
    fullname: Vogt
– volume: 17
  start-page: 435
  issue: 4
  year: 2009
  ident: 10.1016/j.jss.2011.03.032_bib0115
  article-title: Verifying privacy-type properties of electronic voting protocols
  publication-title: Journal of Computer Security
  doi: 10.3233/JCS-2009-0340
  contributor:
    fullname: Delaune
– start-page: 11
  year: 2002
  ident: 10.1016/j.jss.2011.03.032_bib0245
  article-title: PROPEL: an approach supporting property elucidation
  contributor:
    fullname: Smith
– volume: 36
  start-page: 104
  issue: 3
  year: 2001
  ident: 10.1016/j.jss.2011.03.032_bib0005
  article-title: Mobile values new names and secure communication
  publication-title: SIGPLAN Notices
  doi: 10.1145/373243.360213
  contributor:
    fullname: Abadi
– year: 1991
  ident: 10.1016/j.jss.2011.03.032_bib0255
  contributor:
    fullname: Thomas
– volume: 7
  start-page: 37
  issue: 5
  year: 1990
  ident: 10.1016/j.jss.2011.03.032_bib0170
  article-title: Integrating Formal Methods into the Development Process
  publication-title: IEEE Software
  doi: 10.1109/52.57891
  contributor:
    fullname: Kemmerer
– start-page: 89
  year: 2010
  ident: 10.1016/j.jss.2011.03.032_bib0140
  article-title: A formal IT-security model for the correction and abort requirement of electronic voting
  contributor:
    fullname: Grimm
– year: 1996
  ident: 10.1016/j.jss.2011.03.032_bib0010
  contributor:
    fullname: Abrial
– start-page: 519
  year: 2002
  ident: 10.1016/j.jss.2011.03.032_bib0200
  article-title: Symbolic semantics and analysis for crypto-CCS with (almost) generic inference systems
  contributor:
    fullname: Martinelli
– year: 2007
  ident: 10.1016/j.jss.2011.03.032_bib0280
  article-title: Independent audits of remote electronic voting—developing a common criteria protection profile
  contributor:
    fullname: Volkamer
– start-page: 895
  year: 2007
  ident: 10.1016/j.jss.2011.03.032_bib0285
  article-title: Requirements and evaluation procedures for eVoting
  contributor:
    fullname: Volkamer
– start-page: 363
  year: 2009
  ident: 10.1016/j.jss.2011.03.032_bib0045
  article-title: Automatic verification of correspondences for security protocols
  publication-title: Journal of Computer Security
  doi: 10.3233/JCS-2009-0339
  contributor:
    fullname: Blanchet
– start-page: 1
  year: 2008
  ident: 10.1016/j.jss.2011.03.032_bib0020
  article-title: Security evaluation of ES&S voting machines and election management system
  contributor:
    fullname: Aviv
– start-page: 988
  year: 2006
  ident: 10.1016/j.jss.2011.03.032_bib0050
  article-title: E-voting: dependability requirements and design for dependability
  contributor:
    fullname: Bryans
– volume: 7
  start-page: 177
  issue: 1–4
  year: 1999
  ident: 10.1016/j.jss.2011.03.032_bib0185
  article-title: The Design and Analysis of Real-Time Systems Using the ASTRAL Software Development Environment
  publication-title: Annals of Software Engineering
  doi: 10.1023/A:1018934104631
  contributor:
    fullname: Kolano
– start-page: 342
  year: 2005
  ident: 10.1016/j.jss.2011.03.032_bib0305
  article-title: A threat-driven approach to modeling and verifying secure software
  contributor:
    fullname: Xu
– year: 2007
  ident: 10.1016/j.jss.2011.03.032_bib0130
  article-title: On the Difficulty of Validating Voting Machine Software with Software
  contributor:
    fullname: Gardner
– start-page: 754
  year: 2000
  ident: 10.1016/j.jss.2011.03.032_bib0080
  article-title: Little-JIL/Juliette: A process definition language and interpreter
  contributor:
    fullname: Cass
– ident: 10.1016/j.jss.2011.03.032_bib0025
– start-page: 27
  year: 2004
  ident: 10.1016/j.jss.2011.03.032_bib0175
  article-title: Analysis of an electronic voting system
  contributor:
    fullname: Kohno
– start-page: 29
  year: 2009
  ident: 10.1016/j.jss.2011.03.032_bib0295
  article-title: Managing Requirements for E-Voting Systems: Issues and Approaches
  contributor:
    fullname: Weldemariam
– start-page: 63
  year: 2008
  ident: 10.1016/j.jss.2011.03.032_bib0240
  article-title: Specifying and verifying requirements for election processes
  contributor:
    fullname: Simidchieva
– start-page: 186
  year: 2005
  ident: 10.1016/j.jss.2011.03.032_bib0190
  article-title: Analysis of an electronic voting protocol in the applied Pi-calculus
  contributor:
    fullname: Kremer
– start-page: 61
  year: 2005
  ident: 10.1016/j.jss.2011.03.032_bib0160
  article-title: Coercion-resistant electronic elections
  contributor:
    fullname: Juels
– year: 2009
  ident: 10.1016/j.jss.2011.03.032_bib0275
  contributor:
    fullname: Volkamer
– start-page: 476
  year: 2008
  ident: 10.1016/j.jss.2011.03.032_bib0065
  article-title: Mobile Implementation and Formal Verification of an e-Voting System
  contributor:
    fullname: Campanelli
– ident: 10.1016/j.jss.2011.03.032_bib0205
– ident: 10.1016/j.jss.2011.03.032_bib0150
– year: 2003
  ident: 10.1016/j.jss.2011.03.032_bib0155
  contributor:
    fullname: Jones
– volume: 4
  start-page: 651
  issue: 4
  year: 2009
  ident: 10.1016/j.jss.2011.03.032_bib0270
  article-title: Development, formal verification, and evaluation of an E-voting System with VVPAT
  publication-title: IEEE Transactions on Information Forensics and Security
  doi: 10.1109/TIFS.2009.2034903
  contributor:
    fullname: Villafiorita
– start-page: 281
  year: 2010
  ident: 10.1016/j.jss.2011.03.032_bib0165
  contributor:
    fullname: Küsters
– ident: 10.1016/j.jss.2011.03.032_bib0215
– volume: 41
  start-page: 140
  issue: 1
  year: 2002
  ident: 10.1016/j.jss.2011.03.032_bib0090
  article-title: FLAVERS: a finite state verification technique for software systems
  publication-title: IBM Systems Journal
  doi: 10.1147/sj.411.0140
  contributor:
    fullname: Cobleigh
– year: 2008
  ident: 10.1016/j.jss.2011.03.032_bib0290
  article-title: Modeling and analysis of procedural security in (e)voting: the Trentino’s approach and experiences
  contributor:
    fullname: Weldemariam
– volume: 36
  start-page: 453
  issue: 4
  year: 2010
  ident: 10.1016/j.jss.2011.03.032_bib0030
  article-title: An experience in testing the security of real-world electronic voting systems
  publication-title: IEEE Transaction on Software Engineering
  doi: 10.1109/TSE.2009.53
  contributor:
    fullname: Balzarotti
– start-page: 241
  year: 2002
  ident: 10.1016/j.jss.2011.03.032_bib0085
  article-title: NuSMV 2: an open source tool for symbolic model checking
  doi: 10.1007/3-540-45657-0_29
  contributor:
    fullname: Cimatti
– start-page: 463
  year: 2009
  ident: 10.1016/j.jss.2011.03.032_bib0250
  article-title: On voting machine design for verification and testability
  contributor:
    fullname: Sturton
– start-page: 93
  year: 2007
  ident: 10.1016/j.jss.2011.03.032_bib0265
  article-title: FSMC+ a tool for the generation of Java code from statecharts
  contributor:
    fullname: Tiella
– volume: 50
  start-page: 120
  issue: 11
  year: 2007
  ident: 10.1016/j.jss.2011.03.032_bib0040
  article-title: Risks of e-voting
  publication-title: Communication of ACM
  doi: 10.1145/1297797.1297827
  contributor:
    fullname: Bishop
– start-page: 62
  year: 2007
  ident: 10.1016/j.jss.2011.03.032_bib0225
  article-title: Compliance of POLYAS with the BSI Protection Profile—Basic Requirements for Remote Electronic Voting Systems
  contributor:
    fullname: Reinhard
– ident: 10.1016/j.jss.2011.03.032_bib0095
– ident: 10.1016/j.jss.2011.03.032_bib0210
– ident: 10.1016/j.jss.2011.03.032_bib0120
– ident: 10.1016/j.jss.2011.03.032_bib0145
  doi: 10.1109/TSE.2007.70772
– ident: 10.1016/j.jss.2011.03.032_bib0135
  doi: 10.1007/978-3-642-13556-9_6
– volume: 6
  start-page: 213
  issue: 2
  year: 2009
  ident: 10.1016/j.jss.2011.03.032_bib0055
  article-title: Evaluating procedural alternatives: a case study in e-voting
  publication-title: EG
  doi: 10.1504/EG.2009.024443
  contributor:
    fullname: Bryl
– volume: 6
  start-page: 30
  issue: 3
  year: 2008
  ident: 10.1016/j.jss.2011.03.032_bib0015
  article-title: Evaluating electronic voting systems equipped with voter-verified paper records
  publication-title: IEEE Security and Privacy
  doi: 10.1109/MSP.2008.62
  contributor:
    fullname: Ansari
– start-page: 237
  year: 2008
  ident: 10.1016/j.jss.2011.03.032_bib0035
  article-title: Are your votes really counted? Testing the security of real-world electronic voting systems
  contributor:
    fullname: Balzarotti
– volume: 3
  start-page: 561
  year: 1997
  ident: 10.1016/j.jss.2011.03.032_bib0110
  article-title: Sensus: a security-conscious electronic polling system for the Internet
  publication-title: Hawaii International Conference on System Sciences
  doi: 10.1109/HICSS.1997.661700
  contributor:
    fullname: Cranor
– start-page: 84
  year: 2006
  ident: 10.1016/j.jss.2011.03.032_bib0260
  article-title: Specification of the Control Logic of an eVoting System in UML: the ProVotE experience
  publication-title: Csduml
  contributor:
    fullname: Tiella
– ident: 10.1016/j.jss.2011.03.032_bib0220
– ident: 10.1016/j.jss.2011.03.032_bib0125
– volume: 13
  start-page: 45
  issue: 5
  year: 1998
  ident: 10.1016/j.jss.2011.03.032_bib0195
  article-title: Analytic Verification of Flight Software
  publication-title: IEEE Intelligent Systems
  doi: 10.1109/5254.722359
  contributor:
    fullname: Lowry
– volume: 2
  start-page: 12
  issue: 4
  year: 1996
  ident: 10.1016/j.jss.2011.03.032_bib0105
  article-title: Electronic voting: computerized polls may save money protect privacy
  publication-title: Crossroads
  doi: 10.1145/332159.332163
  contributor:
    fullname: Cranor
– start-page: 135
  year: 2010
  ident: 10.1016/j.jss.2011.03.032_bib0235
  article-title: An Evaluation and Certification Approach to Enable Voting Service Providers
  contributor:
    fullname: Schmidt
– start-page: 329
  year: 2007
  ident: 10.1016/j.jss.2011.03.032_bib0070
  article-title: Formal verification of tamper-evident storage for E-voting
  contributor:
    fullname: Cansell
– volume: 183
  start-page: 39
  year: 2007
  ident: 10.1016/j.jss.2011.03.032_bib0075
  article-title: Refinement: a constructive approach to formal software design for a secure e-voting interface
  publication-title: Electronic Notes in Theoretical Computer Science
  doi: 10.1016/j.entcs.2007.01.060
  contributor:
    fullname: Cansell
– ident: 10.1016/j.jss.2011.03.032_bib0180
– ident: 10.1016/j.jss.2011.03.032_bib0060
– start-page: 1
  year: 2010
  ident: 10.1016/j.jss.2011.03.032_bib0300
  article-title: Security analysis of India’s electronic voting machines
  contributor:
    fullname: Wolchok
– ident: 10.1016/j.jss.2011.03.032_bib0100
– ident: 10.1016/j.jss.2011.03.032_bib0230
SSID ssj0007202
Score 2.0846148
Snippet We have seen that several currently deployed e-voting systems share critical failures in their design and implementation that render their technical and...
This paper had seen that several currently deployed e-voting systems share critical failures in their design and implementation that render their technical and...
SourceID proquest
crossref
elsevier
SourceType Aggregation Database
Publisher
StartPage 1618
SubjectTerms Critical requirements
E-voting
Electronic voting systems
ES&S system
Formal specification and verification
Online voting
Program verification (computers)
Programming languages
Proving
Security
Security management
Specifications
Strategy
Studies
Systems development
Voting
Voting machines
Title Formal analysis of an electronic voting system: An experience report
URI https://dx.doi.org/10.1016/j.jss.2011.03.032
https://www.proquest.com/docview/880384611
https://search.proquest.com/docview/914634974
Volume 84
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV3PS8MwFH7M7eLF3-Kcjhw8CXXLj6attzEdU9GLCruFpEtgIttwm0f_dl_adKKgByGH0jS0fGm-fOW9fg_gLNFcS0NFpHMjIyHjLNJj7SKTOZ52jeW0KDZx_yCHz-J2FI9q0K_-hfFplYH7S04v2Dqc6QQ0O_PJpPPozaEo8xZlxcYnN6BRBInq0Ojd3A0f1oScsCL10F8f-QFVcLNI83pZLIKRJ8fGftuefhB1sfsMdmAryEbSK59sF2p2ugfbVUkGElboPlwNvAZ9JTp4jZCZw2PyVeyGvM98ojMpHZwvSQ87127HpIwgHMDz4PqpP4xCoYQo57FcesLSDGF1GTdUJi7uSuPScewskyhLxVhypynNtdMsF4mVzGTS5jJ1cWYzxOwQ6tPZ1B4BSRKcVCGdROUtONcG5V6WJkLnWliauiacV_ioeemHoapEsReFYCoPpupybKwJokJQfZtUhXz917BWhbYKK2qhkGc4aiVKm0DWvbgUfHxDT-1stVAZsj4X-IF0_L_7tmCTVRl-9ATqy7eVPUXJsTRt2Lj4oO3wYn0CZmLVAg
link.rule.ids 315,783,787,4511,24130,27938,27939,45599,45693
linkProvider Elsevier
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV3JTsMwEB2xHODCjiirD5yQotZLnJhbBVRlaS-0Um-WndoSCLWIFr6fceIUgQQHpByiOFaiZ_vNizx5A3CeGW6kpSIxhZWJkKlKzNj4xCrP85Z1nJbFJnp92R2Ku1E6WoKr-l-YkFYZub_i9JKt45VmRLP5-vTUfAzmUJQFi7Iy8MllWEU1oHCyr7Zv77v9BSFnrEw9DPcnoUO9uVmmeT3PZtHIk-PBfgtPP4i6jD6dLdiIspG0qzfbhiU32YHNuiQDiSt0F647QYO-EBO9RsjU4zn5KnZDPqYh0ZlUDs6XpI2NC7djUu0g7MGwczO46iaxUEJS8FTOA2EZhrB6xS2VmU9b0vp8nHrHJMpSMZbcG0oL4w0rROYks0q6QuY-VU5hGNuHlcl04g6AZBkOqpBeovIWnBuLck_lmTCFEY7mvgEXNT76tfLD0HWi2LNGMHUAU7c4HqwBokZQfxtUjXz9V7ejGm0dV9RMI89w1EqUNoAsWnEphP0NM3HT95lWyPpc4AfS4f-eewZr3UHvQT_c9u-PYJ3V2X70GFbmb-_uBOXH3J7G6fUJpwfW_w
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Formal+analysis+of+an+electronic+voting+system%3A+An+experience+report&rft.jtitle=The+Journal+of+systems+and+software&rft.au=Weldemariam%2C+Komminist&rft.au=Kemmerer%2C+Richard+A.&rft.au=Villafiorita%2C+Adolfo&rft.date=2011-10-01&rft.issn=0164-1212&rft.volume=84&rft.issue=10&rft.spage=1618&rft.epage=1637&rft_id=info:doi/10.1016%2Fj.jss.2011.03.032&rft.externalDBID=n%2Fa&rft.externalDocID=10_1016_j_jss_2011_03_032
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0164-1212&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0164-1212&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0164-1212&client=summon