Information Assurance and Security

Final Deliverable

Estrada, Jeffrey Alvin G.

2016-100717

Page 1 of 5
Information Assurance and Security

Analysis of an Electronic Voting System

1. Summary of the paper

Voting equipment providers have held their systems safe for quite some time. and
that the nature of the closed source makes them even safer. Their view of such a system's
code shows that there is little distinction in how code is developed for voting machines
compared to other business efforts. Their understanding of such a system's code shows that
there is little distinction in how code is developed for voting machines compared to other
commercial endeavors. In reality, an open method would result in more cautious
development as more scientists, researchers, software engineers, political activists, and
others who appreciate their democracy would pay attention to the quality of the software
used for their election. Open source would not solve all the problems with automated
elections. It is still important to verify that the images of the binary program running on the
machine corresponds to the source code and that the compilers used on the source code
are non-malicious. Such open design methods have proven successful in projects ranging
from highly concentrated attempts such as specifying the Advanced Encryption Standard
(AES), through very massive and complex systems such as maintaining Linux operating
system. Australia is using an open source voting system right now.
Based on the analysis of the April 2002 snapshot of Diebold's electronic voting
system AccuVote-TS 4.3.1 that they conducted using a publicly available source code. They
discovered major safety faults: voters can trivially cast multiple votes with no built-in
traceability, regular voters can perform administrative tasks, and the threats posed by
insiders such as poll workers, software developers, and janitors is even greater. Based on
the analysis of the development environment, including change logs and remarks, we think
that a suitable level of programming discipline has not been maintained for a project such as
this. In fact, there appears to have been little quality control in the process.
Alternatively, security models like the voter-verified audit trail allow automated voting
systems to produce a paper trail that a voter can see and verify. In such a system, as voters
can see and verify a physical object that describes their vote, the correctness burden on the
code of the voting terminal is significantly less.
The model where individual vendors write proprietary code to run our elections
seems to be unreliable, and if we don't change the process of designing our voting systems,
we won't trust our election outcomes will reflect the electorate's will. To maintain the bedrock
of our democracy, we owe it to ourselves and to our future to have robust, well-designed
election systems.

Page 2 of 5
Information Assurance and Security

2. Worth noting and/or discussing

The part that struck me the most is that using an open source could be a better
choice because of the help of scientists, researchers, software engineers, political activists,
and others who appreciate their democracy would pay attention to the quality of the software
used for their election.

3. Security implication and severity of the threat?

A compromise on the election where it’s because of tampering of the system
configuration, processes and result would greatly affect the nation and once proven no body
will trust an automated voting system once again and democracy would be useless.

4. Surprising about the attack

Threats posed by insiders such as poll workers, software developers, and janitors is
even greater.
5. What I like as an attack paper
The paper contains proper, accurate, and proper analysis of an automated electronic
voting system. Provides and states the vulnerabilities on developing of system like this.
Particularly on Code Legacy, Coding style, Coding process, Code completeness and
correctness.
6. What I don't like as an attack paper?
As a whole, the paper is so great that I couldn’t find anything to dislike. But if I could
get down to nitpicking detail the paper did not provide a solid alternative besides using an
open source system, but we all know that open source would still be vulnerable to a
dedicated attacker.
.

Page 3 of 5
Information Assurance and Security

Hey, You, Get Off of My Cloud: Exploring Information

Leakage in Third-Party Compute Clouds

1. Summary of the paper

The use of “cloud computing” has become increasingly popular as the next
infrastructure for hosting data at deploying software services. Amazon’s Elastic Compute
Cloud (EC2), Microsoft’s Azure Service Platform, and Rack-space’s Mosso provides a
number of advantages including economies of scale, dynamic provisioning, and low capital
expenditures but it also introduces a range of new risks.
Some of these risks are self-evident and relate to the new trust relationship between
customer and cloud provider. Customers must trust their cloud providers to respect the
privacy of their data and the integrity of their computations. However, cloud infrastructures
can also introduce non-obvious threats from other customers due to how physical resources
can be shared between virtual machines.
There are plenty approaches for mitigating this risk. First, cloud providers may
obfuscate both the internal structure of their services and the placement policy to complicate
an adversary’s attempts to place a VM on the same physical machine as its target. For
example, providers might do well by inhibiting simple network-based co-residence checks.
However, such approaches might only slow down, and not entirely stop, a dedicated
attacker. Second, one may focus on the side-channel vulnerabilities themselves and employ
blinding techniques to minimize the information that can be leaked. This solution requires
being confident that all possible side-channels have been anticipated and blinded.
Ultimately, we believe that the best solution is simply to expose the risk and placement
decisions directly to users

2. Worth noting and/or discussing

When you get right down to it, the cloud provider is certainly in a position to violate
customer confidentiality or integrity. And this is a known risk with obvious analogs in virtually
any industry practicing outsourcing.

3. Security implication and severity of the threat?

These attacks require two main steps: placement and extraction. Placement refers to
the arranging to place their malicious VM on the same physical machine as that of a target
customer. Careful empirical “mapping” reveals how to launch VMs in a way that maximizes
the likelihood of an advantageous placement. The next step is to extract confidential
information via a cross-VM attack. cross-VM information leakage due to the sharing of
physical resources (e.g., the CPU’s data caches).

Page 4 of 5
Information Assurance and Security

4. Surprising about the attack

In some natural attack scenarios, just a few dollars invested in launching VMs can
produce a 40% chance of placing a malicious VM on the same physical server as a target
customer.
5. What I like as an attack paper
The paper exposes the vulnerabilities of a cloud computing services and
demonstrates different procedures on how attacks are performed while providing
approaches to mitigate these risks.
6. What I don't like as an attack paper?
As a whole, the paper is so great that I couldn’t find anything to dislike. Besides from
not providing proper solutions or alternatives.

Page 5 of 5