Systemic issues in the hart intercivic and premier voting systems: Reflections on project everest

Kevin Butler; William Enck; Harri Hursti; Stephen McLaughlin; Patrick Traynor; Patrick McDaniel

Systemic issues in the hart intercivic and premier voting systems: Reflections on project everest

Kevin Butler, William Enck, Harri Hursti, Stephen McLaughlin, Patrick Traynor, Patrick McDaniel

Research output: Contribution to conference › Paper › peer-review

Abstract

The State of Ohio commissioned the EVEREST study in late summer of 2007. The study participants were charged with an analysis of the usability, stability, and security of all voting systems used in Ohio elections. This paper details the approach and results of the security analysis of the Premier and Hart systems within the EVEREST effort. As in previous studies, we found the election systems to be critically flawed in ways that are practically and easily exploitable. Such exploits could effect election results, prevent legitimate votes from being cast, or simply cast doubt on the legitimacy of the election itself. In this effort we identified new areas of concern including novel exploitable failures of software and election data integrity protection and the discovery of dangerous hidden software features. We begin by describing in depth our systematic methodology for identifying and validating vulnerabilities appropriate for the current complex political climate, and detail and illustrate broad classes of vulnerabilities uncovered using this approach. We conclude by considering the impact of this study both in terms of the tangible vulnerabilities discovered and as a model for performing future analyses.

Original language	English (US)
State	Published - 2008
Event	2008 USENIX/ACCURATE Electronic Voting Technology Workshop, EVT 2008, co-located with the 17th USENIX Security Symposium - San Jose, United States Duration: Jul 28 2008 → Jul 29 2008

Conference

Conference	2008 USENIX/ACCURATE Electronic Voting Technology Workshop, EVT 2008, co-located with the 17th USENIX Security Symposium
Country/Territory	United States
City	San Jose
Period	7/28/08 → 7/29/08

All Science Journal Classification (ASJC) codes

Computer Science Applications
Human-Computer Interaction
Electrical and Electronic Engineering
Public Administration

Cite this

@conference{e0e7a59f82c0468d87c68610366f1742,

title = "Systemic issues in the hart intercivic and premier voting systems: Reflections on project everest",

abstract = "The State of Ohio commissioned the EVEREST study in late summer of 2007. The study participants were charged with an analysis of the usability, stability, and security of all voting systems used in Ohio elections. This paper details the approach and results of the security analysis of the Premier and Hart systems within the EVEREST effort. As in previous studies, we found the election systems to be critically flawed in ways that are practically and easily exploitable. Such exploits could effect election results, prevent legitimate votes from being cast, or simply cast doubt on the legitimacy of the election itself. In this effort we identified new areas of concern including novel exploitable failures of software and election data integrity protection and the discovery of dangerous hidden software features. We begin by describing in depth our systematic methodology for identifying and validating vulnerabilities appropriate for the current complex political climate, and detail and illustrate broad classes of vulnerabilities uncovered using this approach. We conclude by considering the impact of this study both in terms of the tangible vulnerabilities discovered and as a model for performing future analyses.",

author = "Kevin Butler and William Enck and Harri Hursti and Stephen McLaughlin and Patrick Traynor and Patrick McDaniel",

note = "Publisher Copyright: {\textcopyright} EVT 2008 - 2008 USENIX/ACCURATE Electronic Voting Technology Workshop. All rights reserved.; 2008 USENIX/ACCURATE Electronic Voting Technology Workshop, EVT 2008, co-located with the 17th USENIX Security Symposium ; Conference date: 28-07-2008 Through 29-07-2008",

year = "2008",

language = "English (US)",

}

Systemic issues in the hart intercivic and premier voting systems: Reflections on project everest. / Butler, Kevin; Enck, William; Hursti, Harri et al.
2008. Paper presented at 2008 USENIX/ACCURATE Electronic Voting Technology Workshop, EVT 2008, co-located with the 17th USENIX Security Symposium, San Jose, United States.

Research output: Contribution to conference › Paper › peer-review

TY - CONF

T1 - Systemic issues in the hart intercivic and premier voting systems

T2 - 2008 USENIX/ACCURATE Electronic Voting Technology Workshop, EVT 2008, co-located with the 17th USENIX Security Symposium

AU - Butler, Kevin

AU - Enck, William

AU - Hursti, Harri

AU - McLaughlin, Stephen

AU - Traynor, Patrick

AU - McDaniel, Patrick

PY - 2008

Y1 - 2008

N2 - The State of Ohio commissioned the EVEREST study in late summer of 2007. The study participants were charged with an analysis of the usability, stability, and security of all voting systems used in Ohio elections. This paper details the approach and results of the security analysis of the Premier and Hart systems within the EVEREST effort. As in previous studies, we found the election systems to be critically flawed in ways that are practically and easily exploitable. Such exploits could effect election results, prevent legitimate votes from being cast, or simply cast doubt on the legitimacy of the election itself. In this effort we identified new areas of concern including novel exploitable failures of software and election data integrity protection and the discovery of dangerous hidden software features. We begin by describing in depth our systematic methodology for identifying and validating vulnerabilities appropriate for the current complex political climate, and detail and illustrate broad classes of vulnerabilities uncovered using this approach. We conclude by considering the impact of this study both in terms of the tangible vulnerabilities discovered and as a model for performing future analyses.

AB - The State of Ohio commissioned the EVEREST study in late summer of 2007. The study participants were charged with an analysis of the usability, stability, and security of all voting systems used in Ohio elections. This paper details the approach and results of the security analysis of the Premier and Hart systems within the EVEREST effort. As in previous studies, we found the election systems to be critically flawed in ways that are practically and easily exploitable. Such exploits could effect election results, prevent legitimate votes from being cast, or simply cast doubt on the legitimacy of the election itself. In this effort we identified new areas of concern including novel exploitable failures of software and election data integrity protection and the discovery of dangerous hidden software features. We begin by describing in depth our systematic methodology for identifying and validating vulnerabilities appropriate for the current complex political climate, and detail and illustrate broad classes of vulnerabilities uncovered using this approach. We conclude by considering the impact of this study both in terms of the tangible vulnerabilities discovered and as a model for performing future analyses.

UR - http://www.scopus.com/inward/record.url?scp=78650030341&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=78650030341&partnerID=8YFLogxK

M3 - Paper

AN - SCOPUS:78650030341

Y2 - 28 July 2008 through 29 July 2008

ER -

Systemic issues in the hart intercivic and premier voting systems: Reflections on project everest

Abstract

Conference

All Science Journal Classification (ASJC) codes

Other files and links

Fingerprint

Cite this