Secure Computing environment

From: David Webber \(XML\) <"David>
Date: Fri Jul 01 2005 - 12:03:01 CDT

Team,

In working on the GOA response - it occurred
to me that real-time tracking and control is a
very strong possiblity here.

I used to use execution trace tools way back
in the days of hand-building your own PC and
invoking debugging tools from the PC BIOS.

Bring that idea upto 2005 - and add to it anti-virus
style master execution control agents.

The idea is to provide proactive realtime monitoring
of the program stack execution paths - during the
actual election day voting process, and have a
master execution agent tracking what is going on.

During certification testing we can diagnose an
execution signature by running a trace - and then
turning that into a profile and a highlevel set of
patterns that confirm proper voting process
that can be checked both during and after voting.

If the agent detects a change in the pattern
heuristics - it can alert election officials. At the
simplest level this might alert that some hardware
failure has occurred with the machine.

But otherwise it might indicate new execution paths
are being exercised that were not visible during
certification testing.

Of course this could still be potentially compromised;
but there are also strong defenses that can ensure the
master agent is in charge, and using the right
execution signatures.

In any case - having realtime monitoring available seems
to me a major new tool in addressing fears that voting
malware is in charge - not the originally tested logic.

And since you can potentially burn the trace logic into
firmware at the processor level - that's going to be really
tough to circumvent.

I've updated my slides at http://trustedelections.org with
these ideas.

DW
_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Sun Jul 31 23:17:10 2005

This archive was generated by hypermail 2.1.8 : Thu Sep 15 2005 - 11:43:09 CDT