Announcements

Center for Information Protection
UC Davis is planning to join the NSF I/UCRC Center for Information Protection. We are looking for companies to join our Industrial Advisory Board.
Find out more here!

Conferences and Workshops

ISGIG 2009
ACSAC 25
PETRA 2010 (due 11/15)
Oakland 2010 (due 11/18)

My Links

Other Links

This Quarter’s Classes

Office Hours for This Quarter

Contacting Me

Security Analysis of the Diebold AccuBasic Interpreter

Citation

D. Wagner, D. Jefferson, M. Bishop, C. Karlof, and N. Sastry, “Security Analysis of the Diebold AccuBasic Interpreter”, Technical Report, Voting Systems Technology Assessment Advisory Board, Office of the Secretary of State of California, Sacramento, CA 95814 (Feb. 2006).

Paper

About This Report

From the Summary:

The questions we addressed [in this report] are these:

What kinds of damage can a malicious person do to undermine an election if he can arbitrarily modify the contents of a memory card?
How can the possibility of such attacks be neutralized or ameliorated?

The scope of our investigation was basically limited to the above questions. We did not do a comprehensive code review of the whole codebase, nor look at a very broad range of potential security issues. Instead, we concentrated attention to the AccuBasic scripting language, its compiler, its interpreter, and other code related to potential security vulnerabilities associated with the memory cards.

We found a number of security vulnerabilities, detailed below. Although the vulnerabilities are serious, they are all easily xable. Moreover, until the bugs are xed, the risks can be mitigated through appropriate use procedures. Therefore, we believe the problems as a whole are manageable.

Background

This report came out of a request by the Office of the Secretary of State to the Voting Systems Technical Assessment Advisory Board.

Last updated on Monday, July 20, 2009 at 10:33:12AM PDT