US Election Assistance Commission - Voluntary Voting System Guidelines Vote
EAC Home
Introduction
View Guidelines
View Comments
Glossary

View Comments

Section CommentsGeneral CommentsGlossary Comments
 
Name :   Matt Bishop
Organization :   University of California Davis
Post Date :   9/30/2005

Section Comments
Section :  20.1.5
Page no. :  
Line no.:  
Comment :  *Note: Comment referring to threat modeling section of author's document  

The current standards seem to have certain threats in mind, but no language to describe them. The lack of a generic description of a voting system (i.e. a model) prohibits the standards from describing the threats in a meaningful way.

The standards could describe these threats in a generic way and place the burden on the vendor (to make these meaningful to their models) and on the ITA (to check the trees and models).

Instead, the standards require defenses against a specific attack (for an unnamed threat) set in an implicit model, and provides no infrastructure to inspect if other attacks could result in the same goal.