Deploying software on compromised machines

Posted by Martin on Stack Overflow See other posts from Stack Overflow or by Martin
Published on 2010-05-09T00:19:25Z Indexed on 2010/05/09 0:28 UTC
Read the original article Hit count: 532

I've been involved in a discussion about how to build internet voting software for a general election. We've reached a general consensus that there exist plenty of secure methods for two way authentication and communication.

However, someone came along and pointed out that in a general election some of the machines being used are almost certainly going to be compromised. To quote:

Let me be an evil electoral fraudster. I want to sample peoples votes as they vote and hope I get something scandalous. I hire a bot-net from some really shady dudes who control 1000 compromised machines in the UK just for election day.

I capture the voting habits of 1000 voters on election day. I notice 5 of them have voted BNP. I look these users up and check out their machines, I look through their documents on their machine and find out their names and addresses. I find out one of them is the wife of a tory MP. I leak 'wife of tory mp is a fascist!' to some blogger I know. It hits the internet and goes viral, swings an election.

That's a serious problem!

So, what are the best techniques for running software where user interactions with the software must be kept secret, on a machine which is possibly compromised?

© Stack Overflow or respective owner

Related posts about best-practices

Related posts about language-agnostic