SAIT Software Review Team Participates in Florida Department of State Sponsored Voting System Software Review
SAIT Laboratory was tapped once again to conduct source code review for electronic voting systems. The Florida Department of State web site publishes the SAIT Laboratory Diebold Voting System Software Review and a letter from the Secretary of State to Diebold.
While the effort’s focus was software analysis, the team had broad access to the subject voting equipment and generated exploits for the major identified vulnerabilities. These exploits were then demonstrated and described in detail to Florida Division of Elections personnel.
An important result of this project is that it reflects a clear connection between theory and practice. Exploit of several of the complex theoretical vulnerabilities show how flaws detected with analytical methods translate directly into concrete security risks and threats. >
This SAIT Laboratory effort once again leveraged extraordinary cooperation between state elections officials, academic information security experts, and elections systems software developers to accomplish the project’s goal. We are confident that this is a significant step towards ensuring that only the most secure software possible is allowed into electronic voting systems and components.
The bulk of the team’s technical work took place in SAIT Laboratory and culminated in the thirty five page public report that detailed the project goals, assumptions, process, findings, and conclusions.
The team also identified non-pertinent software flaws and security vulnerabilities during the analysis. Specific technical descriptions along with accompanying recommendations regarding these faults were reported to the State and the vendor through private appendices to the report. These constitute an independent contribution of the team to the broader goal of improving voting systems’ reliability and security.
Software Review Team Members
SAIT acknowledges and thanks David Jefferson, Avi Rubin, and the ACCURATE Center for their contributions to this project.