KOA - A Remote Voting Experimentation Platform

KOA Evaluation and Demonstration Installation and Implementation

Note: This project was accomplished as a 2004-2005 Final Year Project by Alan Morkan (report).

  • Supervisor Dr. Joseph Kiniry
  • Subject Area Software Engineering
  • Pre-requisites Good knowledge of Java
  • Co-requisites (things you must learn along the way) Knowledge of J2EE, JDBC, web services, encryption and security, JML, BON will be obtained during the course of this project
  • Subject Coverage Electronic and Internet Voting Systems, Application (J2EE) and Web Services, Databases, Security
  • Project Type Design and Implementation
  • Hardware/Software Machine running anything but Windows

Description

The Kiezen op Afstand (KOA) system is the world's first Open Source Internet Voting System. The KOA system was designed, developed, tested, and deployed by LogicaCMG, a Dutch consulting firm, under contract with the Dutch Government. The KOA system was Open Sourced by the Dutch Government under the GPL license in July of 2004, partially due to the influence of my previous research group (the Security of Systems [SoS] Group at the University of Nijmegen).

The KOA system is quite large (100s of Java classes) and was released with a moderate amount of documentation. Unfortunately, several pieces of functionality in the deployed KOA system for the EU elections were proprietary and owned by LogicaCMG. Thus, the code released under the GPL is incomplete.

The purpose of this project is to complete the KOA system by identifying, reverse engineering, and writing from scratch (with specs and docs) those missing parts. The new full-GPL system will be re-released to the world as the world's first complete GPL Internet voting system. Fame and fortune follow.

Mandatory Goals

  1. Gain familiarity with the BON specification language.
  2. Gain familiarity with JML, basic use of ESC/Java2, and the KOA system.
  3. Perform a code review of the KOA system to determine which pieces are missing, critical, and need better test coverage.
  4. Write BON specifications for the full KOA system.
  5. Determine an appropriate approach for completing missing pieces.
  6. Reverse engineering missing classes.
  7. Design, spec, implement and test missing functionality.
  8. Post new version of KOA application to the world. Fame and fortune follow.
  9. Write, submit, and publish a paper on the results.

Discretionary Goals

  1. Analyzing the system's test code coverage, CPU and memory usage, load capabilities, etc. would all have great utility. We have professional tools for performing such audits.
  2. Writing formal specification in JML for critical portions of the KOA system would make the system more comprehensible to future users, developers, code reviews, etc. Such specifications would be used to test the system for correctness and security flaws using runtime assertion checking, unit test generation, and extended static checking.

Exceptional Goals

  1. The results of an initial security audit of the KOA system would result in at least two quality publications (one scientific and one general).

Sources of Information and Preparatory Reading

  1. Electronic and Internet Voting in The Netherlands
  2. The JML web site
  3. The ESC/Java2 web site
  4. Read the two recent papers available via the JML web page: "An overview of JML tools and applications" and "JML: notations and tools supporting detailed design in Java".
  5. Read introduction to J2EE technologies.
  6. Read about Open Source J2EE and web services like JBoss, Tomcat, etc.
  7. Download, install, and play around with the JML tool suite and ESC/Java2 to get a feel for the technology.
  8. Download, install, run, play around with the full KOA system and the JML annotated vote counting software available from UCD's KOA web pages