An independent audit framework for software dependent voting systems

The electronic voting machines known as Direct Recording Electronic (DRE), that are used in many states in the US have been shown to contain security vulnerabilities [16, 9, 3]. One of the problems is that the elections held on these machines cannot be independently audited. In this paper we address this issue by designing a new all-electronic independent audit framework for DRE voting systems. Our framework leverages system virtualization concepts and image recognition techniques to maintain an audit of the vote totals. The architecture we present is a step towards meeting the software independence requirements as defined by Rivest et al. [21, 2]. We have implemented a prototype using the Diebold Accuvote TS DRE voting software and the XEN hypervisor and demonstrate that our system can achieve a robust election audit with negligible overhead.

[1]  David A. Wagner,et al.  Prerendered User Interfaces for Higher-Assurance Electronic Voting , 2006, EVT.

[2]  Ronald L Rivest,et al.  On the notion of ‘software independence’ in voting systems , 2008, Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences.

[3]  Michael D. Byrne,et al.  An Examination of the Auditability of Voter Verified Paper Audit Trail (VVPAT) Ballots , 2007, EVT.

[4]  William A. Edelstein New Voting Systems for NY— Long Lines and High Cost , 2006 .

[5]  Samuel T. King,et al.  ReVirt: enabling intrusion analysis through virtual-machine logging and replay , 2002, OPSR.

[6]  Fabrice Bellard,et al.  QEMU, a Fast and Portable Dynamic Translator , 2005, USENIX ATC, FREENIX Track.

[7]  Naveen Sastry Designing Voting Machines for Verification , 2006, USENIX Security Symposium.

[8]  Yaozu Dong Extending Xen* with IntelŴVirtualization Technology , 2006 .

[9]  Yaozu Dong,et al.  Extending Xen* with Intel Virtualization Technology , 2006 .

[10]  Ariel J. Feldman,et al.  Security Analysis of the Diebold AccuVote-TS Voting Machine , 2007, EVT.

[11]  Gerald J. Popek,et al.  Formal requirements for virtualizable third generation architectures , 1974, SOSP '73.

[12]  Dennis Fowler,et al.  Net News , 1999, The Lancet.

[13]  Helen J. Wang,et al.  SubVirt: implementing malware with virtual machines , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[14]  Tal Garfinkel,et al.  A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.

[15]  Andrew Warfield,et al.  Xen and the art of virtualization , 2003, SOSP '03.

[16]  Samuel T. King,et al.  Debugging Operating Systems with Time-Traveling Virtual Machines (Awarded General Track Best Paper Award!) , 2005, USENIX Annual Technical Conference, General Track.

[17]  David Lorge Parnas,et al.  Review of David L. Parnas' "Designing Software for Ease of Extension and Contraction" , 2004 .

[18]  J. A. Halderman Source Code Review of the Diebold Voting System , 2007 .

[19]  Requiring Software Independence in VVSG 2007 : STS Recommendations for the TGDC November , 2006 .

[20]  Daniel Galorath,et al.  Source Lines of Code , 2006 .

[21]  Dan S. Wallach,et al.  Analysis of an electronic voting system , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[22]  Theodore A. Linden,et al.  The use of abstract data types to simplify program modifications , 1976, Conference on Data: Abstraction, Definition and Structure.

[23]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[24]  Alexander Sverdlov Review of David L. Parnas' "Designing Software for Ease of Extension and Contraction" , 2004 .