Tom Kelliher, CS 325
300 points
This project is an experiment to study the difficulty of embedding malicious functionality in code such that it cannot be detected. Each group will design and build a voting machine. The machine should tally votes for candidates for various elected offices. The machine should count votes correctly. The machine should also keep an audit log of all of the votes that have been cast, including the time, and the ballot choices. There should be an interface for viewing the audit log.
The ballot you should use is as follows (you pick the names):
You are free to add other features as you see fit. A few things to consider would be write-in candidates, showing just one contest per page, and a final page to allow the voter to verify their selections and make corrections before casting their ballot.
Your system should contain a malicious back door. That is, there should be a way for a voter to secretly perform some unusual action such that they can alter the outcome of the election. At a minimum, the backdoor should enable a voter to bias the election somehow towards a specific presidential candidate. That is, pick a favorite candidate and identify them in advance in your project write-up, and that is the one that your system should favor when the backdoor is enabled. A truly successful attack will keep the audit log consistent with the vote totals. The backdoor should be dormant, that is, should do nothing, until a secret activation event activates it.
Your system will be subjected to an independent testing authority (ITA) for certification. Any attempt to purposefully obfuscate the code would trigger alarms and possibly prison sentences, and at the very least the loss of a sale. So, the system must appear to be as legitimate as possible. So, for example, if you were to run your code through an automated obfuscator, it would never be certified, and you would receive a poor grade.
Use phoenix as your development platform. The user interface will be a simple sequence of web form pages. Processing will be done via perl CGI scripts. You have full free reign as to how you implement your system's back end. You may use plain ASCII files for data storage or PostgreSQL. Subject to the constraints below that others have to be able to easily build your system from a CD you will provide, you may install and use additional supporting software in your account space.
You may use comments as part of the disguise to socially engineer the ITA. Remember, however, to avoid raising suspicion.
All parts will be graded.
Include on the CD an install script that builds the whole system. Also include a detailed README explaining how to use the install script. The idea is that it should only take us a few minutes to get your system up and running. Finally, the CD should include your three design documents.
That day, each group will have 15-20 minutes to demo their voting system. At that point, you will NOT disclose the backdoor. You will simply show an election and that votes are tallied correctly. You will demonstrate the audit log and how it keeps track of what's going on.
Shortly after you turn in this part, each group will receive one voting system on CD. Your job for the remainder of the course will be to try to find the backdoor contained within the voting system and identify the malicious behavior. You may use any tools you like to find the backdoor.
Each group will have 15-20 minutes to demo the system it analyzed and report the results of the ITA certification of the system. Additionally, show off the back door, if you were able to find it. Show what happens to the audit log and the vote totals. If time permits and you found something really clever in one of the other group's work, discuss it.