Re: Why procedural guards matter more than technical ones

From: Douglas W. Jones <jones_at_cs_dot_uiowa_dot_edu>
Date: Mon Jun 14 2004 - 11:50:24 CDT

On Jun 14, 2004, at 11:20 AM, David Mertz wrote:

> But the question that actually came up in Miami-Dade (or in Orange
> County, or lots of other places) is much more banal. You observed very
> correctly that it is "hard to determine what software is running" on
> those machines. This is absolutely true in the plain old procedural
> sense that ESS/Diebold technicians were given all the access they
> wanted
> to install uncertified patches to the system. And given the
> proprietary
> software (and the fact it ran on arcane Windows, from a HDD), there was
> no way to check any of it other than the self-test messages the
> software
> displayed.

A technical correction. The ES&S iVotronic has no hard drive.
As near as I can tell, that system is a pure embedded system,
running code from ROM. Very different from Windows based
systems! In theory, ROM based systems are far easier to verify.
All you need to do is provide an external port that allows
read-only access to the ROM so that a user-provided inspection
engine can crawl through the ROM and do whatever it wants to
verify it. In practice, however, no such port is designed into
these systems.

But, the question of how to determine the version remains.

                Doug Jones
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Wed Jun 30 23:17:15 2004

This archive was generated by hypermail 2.1.8 : Wed Jun 30 2004 - 23:17:30 CDT