Here is the abstract:
I examine the question of how to design election-related software, with particular attention to the threat of insider attacks, and propose the goal of simplifying the software in electronic voting machines. I apply a technique called prerendering to reduce the security-critical, voting-specific software by a factor of 10 to 100 while supporting similar or better usability and accessibility, compared to today’s voting machines. Smaller and simpler software generally contributes to easier verification and higher confidence.
I demonstrate and validate the prerendering approach by presenting Pvote, a vote-entry program that allows a high degree of freedom in the design of the user interface and supports synchronized audio and video, touchscreen input, and input devices for people with disabilities. Despite all its capabilities, Pvote is just 460 lines of Python code; thus, it directly addresses the conflict between flexibility and reliability that underlies much of the current controversy over electronic voting. A security review of Pvote found no bugs in the Pvote code and yielded lessons on the practice of adversarial code review. The analysis and design methods I used, including the prerendering technique, are also applicable to other high-assurance software.
Many people contributed to the work. The more I learned about things that other graduate students have had to deal with, the more I realized how lucky I was to have Dave Wagner and Marti Hearst as advisors — they got back to me quickly, read drafts carefully, and had lots of well-thought-out and constructive comments to offer. Candy Lopez showed me around the election office in Contra Costa County and patiently explained to me how everything was done in real life. Noel Runyan and Scott Luebking taught me about accessibility, and I appreciate their advice very much even though the dissertation doesn’t address accessibility as much as it could; the research didn’t include user testing with disabled voters. Matt Bishop, Ian Goldberg, Yoshi Kohno, Mark Miller, Dan Sandler, and Dan Wallach volunteered a huge amount of time to review my source code. Joe Hall has been a great help on questions about election law and policy.