Security Analysis of the Diebold AccuBasic Interpreter


Citation

Paper

About This Report

From the Summary:

The questions we addressed [in this report] are these:

The scope of our investigation was basically limited to the above questions. We did not do a comprehensive code review of the whole codebase, nor look at a very broad range of potential security issues. Instead, we concentrated attention to the AccuBasic scripting language, its compiler, its interpreter, and other code related to potential security vulnerabilities associated with the memory cards.

We found a number of security vulnerabilities, detailed below. Although the vulnerabilities are serious, they are all easily xable. Moreover, until the bugs are xed, the risks can be mitigated through appropriate use procedures. Therefore, we believe the problems as a whole are manageable.

Background

This report came out of a request by the Office of the Secretary of State to the Voting Systems Technical Assessment Advisory Board.