Analysis of an Electronic Voting System
Adam Stubblefield, Johns Hopkins University
astubble at cs.jhu.edu
Abstract
Recent election problems have sparked great interest in managing the
election process through the use of electronic voting systems. While
computer scientists, for the most part, have been warning of the
perils of such action, vendors have forged ahead with their products,
claiming increased security and reliability. Many municipalities have
adopted electronic systems, and the number of deployed systems is
rising. For these new computerized voting systems, neither source
code nor the results of any third-party certification analyses have
been available for the general population to study, because vendors
claim that secrecy is a necessary requirement to keep their systems
secure. Recently, however, the source code purporting to be the
software for a voting system from a major manufacturer appeared on the
Internet. This manufacturer's systems were used in Georgia's
state-wide elections in 2002, and the company just announced that the
state of Maryland awarded them an order valued at up to $55.6 million
to deliver touch screen voting systems. This unique opportunity for
independent scientific analysis of voting system source code
demonstrates the fallacy of the closed-source argument for such a
critical system. Our analysis shows that this voting system is far
below even the most minimal security standards applicable in other
contexts. We highlight several issues including unauthorized
privilege escalation, incorrect use of cryptography, vulnerabilities
to network threats, and poor software development processes. For
example, common voters, without any insider privileges, can cast
unlimited votes without being detected by any mechanisms within the
voting terminal. Furthermore, we show that even the most serious of
our outsider attacks could have been discovered without the source
code. In the face of such attacks, the usual worries about insider
threats are not the only concerns; outsiders can do the damage. That
said, we demonstrate that the insider threat is also quite
considerable. We conclude that, as a society, we must carefully
consider the risks inherent in electronic voting, as it places our
very democracy at risk.
URL: https://avirubin.com/vote/
Validator: testing firewalls
Clif Flynt, Noumena Corporation
clif at cflynt.com
Abstract
Validator is a software framework for testing and validating firewalls.
The framework is open ended to allow creating customized validation
applications and scripts.
The validation system consist of pairs of attack and monitor
applications that use a dual-LAN test platform to send attacks and
legitimate interactions to the 'outside' interface of the test firewall
while monitoring the log files via the 'inside' interface.
This approach differs from the SATAN/SAINT approach of scanning for
active ports in that it provides information about how attacks and
legitimate uses are being processed by the test firewall. For example,
SAINT/SATAN can report that a port is not accessible, while a mis-written
firewall rule could be generating log data on each attempt (creating a
full disk DOS attack.)
The application is currently working at the Proof-of-Concept stage. It
consists of a packet generator, snort signature parser (to generate
attack packets), legitimate-use scripts (for telnet/ftp), monitor
applications, and a framework.
By August, I expect to have the framework filled in with more test
applications.
The implementation of subsystems is being described in ;login: magazine,
in a series of "Tclsh Spot" articles.
Need help? Use our Contacts page.
