SiliconValley.com Roundtables

E-voting follow-up - secure development is different

From:	cme1	10/16/2004 4:25 am
To:	ALL	(1 of 2)

2.1

I saw a question asking how someone could find flaws in a system that had been well tested.

The answer is that security development (as required for something like electronic voting machines) is different from normal development. Normal testing verifies that the machine/program performs as expected under expected conditions and with expected inputs.

Better testing verifies that the machine/program performs as expected even when conditions and inputs are unexpected.

Security testing verifies correct behavior even when conditions and inputs are set by an active adversary who is trying to make the machine/program fail.

In the case of an electronic voting machine (or many other truly critical devices), you have to assume that the developer is an active adversary, unless you can personally verify the correctness of his design and development.

E.g., a paper ballot can be verified correct independent of the malicious intent of the person who laid it out or the one running the printing press. Can electronic voting software be verified correct in the face of malicious attack, assuming that the company and developer that produced it were also malicious attackers - and also assuming that all the malicious attackers worked together in a conspiracy?

- Carl Ellison

Options

Reply

From:	tickleme	10/16/2004 2:08 pm
To:	cme1 unread	(2 of 2)

2.2 in reply to 2.1

I agree. Either we monitor the Diebold (or other company) technical staff, or we test the heck out of their software.

County registrars should be able to audit who worked on the software, what their bank accounts are, and what political activities they have.

Either that, or they should verify with all day full volume tests that the software counts accurately.

With electronic, there are new places to subvert the system. Let's have at least the same level of monitoring that we have now.

-- TKL me.

Options

Reply

Rate My Interest:

Adjust text size:

Is this too complicated? Switch to Basic View

Although we do not have any obligation to monitor this board, we reserve the right at all times to check this board and to remove any information or materials that are unlawful, threatening, abusive, libelous, defamatory, obscene, vulgar, pornographic, profane, indecent or otherwise objectionable to us in our sole discretion and to disclose any information necessary to satisfy the law, regulation, or government request. We also reserve the right to permanently block any user who violates these terms and conditions. All threats to systems or site infrastructure shall be assumed genuine in nature and will be reported to the appropriate law enforcement authorities.
� Copyright 2005 Knight Ridder. All Rights Reserved. Any copying, redistribution or retransmission of any of the contents of this service without the express written consent of Knight Ridder is expressly prohibited.