Re: Avante Releases White Papers on AVVPAT...

From: Douglas W. Jones <jones_at_cs_dot_uiowa_dot_edu>
Date: Sun Jun 13 2004 - 16:28:22 CDT

On Jun 13, 2004, at 11:52 AM, David Mertz wrote:

> The difficulties in determining running software are not TECHNICAL,
> but PROCEDURAL. Miami-Dade did not follow best practices in terms of
> chain-of-custody, running checksums, verifying signatures, and so on.
> Object code can easily have 'md5sum' run against it, as can source
> code.

Only if you're able to load and run your own code on the machine
in question, and if you're allowed to do that, there are other
security problems you've got to address.

Genuine embedded systems where you can't download your own code
into the machine are really difficult to prove to be running the
officially certified version. Just because there claims to be
a copy of md5sum on the machine, how do you know that's the real
thing and not a cooked version that misreports the results?

I believe this is a technical problem.

>> Is this a place that Trusted Computing (a/k/a NGSCB, a/k/a Palladium)
>> could help specifically in the context of elections systems?
>
> No, no, no, no, NO!!

Perhaps, perhaps, perhaps, perhaps!! There may be some way to get
a trusted computing base to help in this job, but that's certainly
not what's motivating the current work on trusted computing systems.

                Doug Jones
                jones@cs.uiowa.edu
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Wed Jun 30 23:17:14 2004

This archive was generated by hypermail 2.1.8 : Wed Jun 30 2004 - 23:17:30 CDT