US Election Assistance Commission - Voluntary Voting System Guidelines Vote
EAC Home
Introduction
View Guidelines
View Comments
Glossary

View Comments

Section CommentsGeneral CommentsGlossary Comments
 
Name :   Ron Crane
Organization :   N/A
Post Date :   9/30/2005

Section Comments
Section :  6.4.4.2
Page no. :  
Line no.:  
Comment :  12b. The requirements on "interpreted" and "dynamically loaded" code are both too loose and too tight.

However, Vol. I, §6.4.4.2 discusses (and implicitly allows) "dynamic software” which "changes over time once installed on voting equipment," making it "impossible to create reference information to verify the software."

"Dynamic software" (that is, self-modifying code) should be prohibited on all voting machines.
Its use makes security analysis substantially more difficult, and thus increases the likelihood
of undetected cheats.

Interpreted code, however, should not be proscribed. Overall, it is no less secure than compiled code written in the same language. They do have different vulnerabilities.
Interpreted code is perhaps more susceptible to machine-by-machine hacking, since an individual hacker can change the source (and thus executable) code directly on each
machine, without knowing about or possessing any build tools. Compiled code is more susceptible to manipulation by an unscrupulous vendor, since it requires careful review to determine its relationship to any particular sample of source code.

Finally, dynamically-loaded code (which is not the same thing as "dynamic software") need
not be less secure than statically-loaded code if the loading of modules, and the integrity of the modules that are loaded, are properly controlled.19