Any evoting system must:
I'm trolling around on Sourceforge, looking at some of the voting related offerings, and seeing alot of Java/.NET ones. This is unnacceptable, because you are importing security holes from your VM/runtime vendor. There are open source implementations of both Java and .NET, but most are in pre-alpha states, or at best, beta. Any software leveraged by the voting system must be mature. For example, running a C++ voting system on embedded linux, using X to provide GUI is acceptable, provided a mature version of embedded linux is used. This software has already been tested extensively, and most major security holes have been fixed.
The back-end O/S must be OS, which excludes using Windows or Mac on the PC- every step of the functioning must be verifiable, testable, and modifiable, including the basic communication with the hardware.
- Be implemented in 100% ANSI code- no Java, .NET, etc. (caveat: these could be acceptable, but would require a custom, open source VM/runtime-environment). It seems more desireable to implement in C++ however.
- Provide human verifiable trails at _every step_
- Provide strong encryption
- Be physically, as well as logically, secure.
I'm trolling around on Sourceforge, looking at some of the voting related offerings, and seeing alot of Java/.NET ones. This is unnacceptable, because you are importing security holes from your VM/runtime vendor. There are open source implementations of both Java and .NET, but most are in pre-alpha states, or at best, beta. Any software leveraged by the voting system must be mature. For example, running a C++ voting system on embedded linux, using X to provide GUI is acceptable, provided a mature version of embedded linux is used. This software has already been tested extensively, and most major security holes have been fixed.
The back-end O/S must be OS, which excludes using Windows or Mac on the PC- every step of the functioning must be verifiable, testable, and modifiable, including the basic communication with the hardware.
