Abstract
A secure voting machine design must withstand new attacks devised throughout its multi-decade service lifetime. In this paper, we give a case study of the long-term security of a voting machine, the Sequoia AVC Advantage, whose design dates back to the early 80s. The AVC Advantage was designed with promising security features: its software is stored entirely in read-only memory and the hardware refuses to execute instructions fetched from RAM. Nevertheless, we demonstrate that an attacker can induce the AVC Advantage to misbehave in arbitrary ways - including changing the outcome of an election - by means of a memory cartridge containing a specially-formatted payload. Our attack makes essential use of a recently-invented exploitation technique called return-oriented programming, adapted here to the Z80 processor. In return-oriented programming, short snippets of benign code already present in the system are combined to yield malicious behavior. Our results demonstrate the relevance of recent ideas from systems security to voting machine research, and vice versa. We had no access either to source code or documentation beyond that available on Sequoia's web site. We have created a complete vote-stealing demonstration exploit and verified that it works correctly on the actual hardware.
Original language | English (US) |
---|---|
State | Published - 2009 |
Event | 2009 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections, EVT/WOTE 2009, Held in Conjunction with the 18th USENIX Security Symposium - Montreal, Canada Duration: Aug 10 2009 → Aug 11 2009 |
Conference
Conference | 2009 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections, EVT/WOTE 2009, Held in Conjunction with the 18th USENIX Security Symposium |
---|---|
Country/Territory | Canada |
City | Montreal |
Period | 8/10/09 → 8/11/09 |
All Science Journal Classification (ASJC) codes
- Computer Science Applications
- Human-Computer Interaction
- Electrical and Electronic Engineering
- Public Administration