Dominion Democracy Suite 4.14-A.1 Voting System with Adjudication Version 2.4



Similar documents
WYLE REPORT NO. T Appendix A.4. Security TEST CASE PROCEDURE SPECIFICATION (T )

Summary of Results from California Testing of the ES&S Unity /AutoMARK Voting System

Certification Report

SECURITY ASSESSMENT SUMMARY REPORT FOR DOMINION VOTING SYSTEMS DEMOCRACY SUITE 4.0

EAC Decision on Request for Interpretation (Operating System Configuration)

PUBLIC REPORT. Red Team Testing of the ES&S Unity Voting System. Freeman Craft McGregor Group (FCMG) Red Team

Certification Report

Certification Report

InkaVote Plus Red Team Security Penetration Test. for. California Secretary of State Debra Bowen. 2-7 October 2007

Thick Client Application Security

Secure Network Communications FIPS Non Proprietary Security Policy

SECURITY ASSESSMENT SUMMARY REPORT FOR ES&S EVS VOTING SYSTEM. Appendix A.10

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

SecureDoc Disk Encryption Cryptographic Engine

Certification Report

Certification Report

Nortel Networks, Inc. VPN Client Software (Software Version: 7_11.101) FIPS Non-Proprietary Security Policy

Acano solution. Security Considerations. August E

DRAFT Standard Statement Encryption

FIPS Security Policy LogRhythm Log Manager

CYBERSECURITY TESTING & CERTIFICATION SERVICE TERMS

Kaseya US Sales, LLC Virtual System Administrator Cryptographic Module Software Version: 1.0

Certification Report

05.0 Application Development

Single Sign-On Secure Authentication Password Mechanism

SAST, DAST and Vulnerability Assessments, = 4

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version:

Cryptographic and Security Testing Laboratory. Deputy Laboratory Director, CST Laboratory Manager

FIPS Security Policy LogRhythm or Windows System Monitor Agent

Sample Report. Security Test Plan. Prepared by Security Innovation

How To Evaluate Watchguard And Fireware V11.5.1

Pulse Secure, LLC. January 9, 2015

Complying with PCI Data Security

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Guidance Regarding Skype and Other P2P VoIP Solutions

Archived NIST Technical Series Publication

CRYPTOGRAPHY AND NETWORK SECURITY

Certification Report

90% of data breaches are caused by software vulnerabilities.

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Windows Remote Access

SECURITY TRENDS & VULNERABILITIES REVIEW 2015

Certification Report

U.S. Federal Information Processing Standard (FIPS) and Secure File Transfer

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Threat Modeling. Categorizing the nature and severity of system vulnerabilities. John B. Dickson, CISSP

Secure File Transfer Appliance Security Policy Document Version 1.9. Accellion, Inc.

NSA/DHS CAE in IA/CD 2014 Mandatory Knowledge Unit Checklist 4 Year + Programs

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

efolder White Paper: The Truth about Data Integrity: 5 Questions to ask your Online Backup Provider

SP A Framework for Designing Cryptographic Key Management Systems. 5/25/2012 Lunch and Learn Scott Shorter

Protecting Your Organisation from Targeted Cyber Intrusion

Developing Secure Software in the Age of Advanced Persistent Threats

FIPS Non-Proprietary Security Policy. IBM Internet Security Systems SiteProtector Cryptographic Module (Version 1.0)

SPC5-CRYP-LIB. SPC5 Software Cryptography Library. Description. Features. SHA-512 Random engine based on DRBG-AES-128

Recommendation for Key Management Part 1: General (Revision 3)

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

FIPS Non Proprietary Security Policy: Kingston Technology DataTraveler DT4000 Series USB Flash Drive

GFI White Paper PCI-DSS compliance and GFI Software products

Security Policy. Trapeze Networks

e-code Academy Information Security Diploma Training Discerption

Payment Card Industry (PCI) Terminal Software Security. Best Practices

Web Application Security Assessment and Vulnerability Mitigation Tests

Columbia University Web Security Standards and Practices. Objective and Scope

United States Election Assistance Commission. Certificate of Conformance ES&S EVS

Using Foundstone CookieDigger to Analyze Web Session Management

Security in Android apps

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

Cisco Trust Anchor Technologies

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

Introduction to Web Application Security. Microsoft CSO Roundtable Houston, TX. September 13 th, 2006

HASH CODE BASED SECURITY IN CLOUD COMPUTING

Computer Security. Draft Exam with Answers

What is Web Security? Motivation

Critical Controls for Cyber Security.

Alliance Key Manager Solution Brief

Locking down a Hitachi ID Suite server

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Oracle Business Intelligence Enterprise Edition (OBIEE) Version with Quick Fix running on Oracle Enterprise Linux 4 update 5 x86_64

FIPS Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

Chapter 4 Application, Data and Host Security

SCP - Strategic Infrastructure Security

Reference Architecture: Enterprise Security For The Cloud

Kentico CMS security facts

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

McAfee Firewall Enterprise 8.2.1

CRYPTOGRAPHY AS A SERVICE

OFFICIAL SECURITY CHARACTERISTIC MOBILE DEVICE MANAGEMENT

S E C U R I T Y A S S E S S M E N T : B o m g a r B o x T M. Bomgar. Product Penetration Test. September 2010

Transcription:

Source Code Review Dominion Democracy Suite 4.14-A.1 Voting System with Adjudication Version 2.4 Report Date: 2014-11-14 Version: 1.04 Status: RELEASED Classification: Public atsec information security corporation 9130 Jollyville Road, Suite 260 Austin, TX 78759 Tel: +1 512 615 7300 Fax: +1 512 615 7301 www.atsec.com Version: 1.04 2014 atsec information security corporation Page 1 of 12

Trademarks atsec and the atsec logo is a registered trademark of atsec information security corporation. The Freeman, Craft, McGregor Group (FCMG) logo is a trademark of FCMG. Dominion Democracy, Democracy Suite Election Management System, Election Event Definition, Results Tally and Reporting, and ImageCast are trademarks of Dominion Voting Systems, Inc. Microsoft, Microsoft SQL Server, Microsoft.NET, Windows 2007 and Visual C# are registered trademarks of Microsoft Corporation. MITRE is a registered trademark of The MITRE Corporation. IText is a registered trademark by itext Group NV. Version: 1.04 2014 atsec information security corporation Page 2 of 12

Table of Contents 1 Executive Summary... 4 2 Introduction... 5 2.1 Scope and Basis... 5 2.2 Inputs... 5 2.3 Threat Model... 6 2.4 Methodology... 6 2.4.1 Published vulnerabilities... 6 2.4.2 Code quality... 6 2.4.3 Design... 7 2.4.4 Cryptography... 7 2.4.5 Backdoors... 7 2.4.6 Summary of the results... 8 3 Results... 9 Glossary... 11 References... 12 Version: 1.04 2014 atsec information security corporation Page 3 of 12

1 Executive Summary This report was prepared by atsec information security corporation to review aspects of the security and integrity of the Dominion Democracy Suite 4.14-A.1 Voting System with Adjudication Version 2.4. This report identifies the security vulnerabilities that might be exploited to alter vote results, critical election data such as audit logs, or to conduct a denial of service attack on the Adjudication system that were found through static code review and by searches of public vulnerability sources. The atsec team identified sixteen potential vulnerabilities in the system; all were categorized as having low levels of severity. All but two of the sixteen potential vulnerabilities involve non-conformances to one of the following coding or cryptographic standards: 2005 Voluntary Voting System Guidelines (specifically sections 5 and 7 of Volume I and section 5 of Volume II) StyleCop FIPS 140-2 The introduction to this report describes the basis of the source code review performed. In Chapter 3, we present the detailed results of the analysis. Version: 1.04 2014 atsec information security corporation Page 4 of 12

2 Introduction The goal of this project was to provide test support services to assist the California Secretary of State (SOS) with the re-evaluation of Dominion Democracy Suite 4.14-A.1 Voting System, specifically the new Adjudication Version 2.4 component for its suitability for use in the State of California in accordance with Elections Code sections 19001 et seq. This report has been prepared in support of a contract awarded to Freeman, Craft, McGregor Group, Inc. by atsec information security corporation as a result of the review of the security and integrity of the revised component, Adjudication System Version 2.4, a part of the Dominion Democracy Suite 4.14-A.1 Voting System. 1 The source code review was performed by the following atsec consultants: Hedy Leung King Ables Lou Losee Swapneela Unkule These individuals have prior experience of testing voting systems, and have not been involved in the federal level testing for the EAC of the subject voting system. 2.1 Scope and Basis The Dominion Voting Systems Democracy Suite Version 4.14-A.1 Voting System with Adjudication Version 2.4 (hereafter referred to as the voting system or simply as the system ) is a paper ballot-based, optical scan voting system. The system hardware consists of four major components: The Election Management System (EMS) ImageCast Evolution (ICE) precinct scanner with optional ballot marking capabilities ImageCast Central (ICC) central count scanner Adjudication system atsec performed the code review on the basis of the Statement of Work between Freeman, Craft, McGregor Group Inc. #14S52049 with the State of California, which states that review includes evaluating the security of the Adjudication System as it is allowed to be configured for use by the State of California (hereafter referred to as the California configuration ). The threat model given in section 2.3 below describes the basis of atsec s examination. 2.2 Inputs The reviewers were provided with a set of documents associated with the system that were used to support the results described in this report. These documents are listed in the References chapter below. These documents were examined during the source code review in order to understand the voting system s architecture and design and to support the identification of any discrepancies between the documentation and the source code. The reviewers were also provided with the source code for the following Adjudication components. Adjudication Services (server) version 2.4.1.3201 Adjudication (client) version 2.4.1.3201 1 The system was previously examined by the EAC with certification ID: EAC Certification Number: DemSuite-4-14-A.1: http://www.eac.gov/testing_and_certification/certified_voting_systems.aspx#dominion_democracysuite414a.1mod Version: 1.04 2014 atsec information security corporation Page 5 of 12

EMS Adjudication Services (Integration point with EMS) version 4.14.37 2.3 Threat Model This assessment is centered on the threat model prescribed in the Statement of Work. The system is expected to counter the following attacks: Alter vote results Alter critical election data, such as audit logs Conduct a denial of service attack on the voting system To the extent possible, vulnerabilities found have been reported with an indication of whether the exploitation of the vulnerability would require access by the: Elections official insider: Wide range of knowledge of the voting machine design and configuration. May have unrestricted access to the machine for long periods of time. Their designated activities include: Set up and pre-election procedures Election operation Post-election processing of results Archiving and storage operations Vendor insider: Has great knowledge of the voting machine design and configuration. They have unlimited access to the machine before it is delivered to the purchaser and, thereafter, may have unrestricted access when performing warranty and maintenance service, and when providing election administration services. Identified potential vulnerabilities are described along with the anticipated factors necessary to mount an attack. The atsec team did not attempt to demonstrate the exploitability of any identified potential vulnerabilities. 2.4 Methodology The atsec team used the following methodology for the source code review. 2.4.1 Published vulnerabilities The reviewers searched the MITRE CVE database for potential vulnerabilities in the system. Although these lists may not have entries for the voting system itself, constituent software that the voting system uses may contain vulnerabilities. For the current scope of project, the review team identified that the Adjudication System is based on a C#/.NET environment and conducted searches for vulnerabilities related to these components. Searches for vulnerabilities for C#,.NET, xca, BouncyCastle, itextsharp, and System.Security.Cryptography identified only one potential vulnerability that might pertain to the software under review. 2.4.2 Code quality While performing the examination of the code for other activities, the reviewers identified and recorded areas within the code base that demonstrate poor code quality. Although poor code quality does not necessarily represent vulnerabilities, it is a weakness and may lead to the introduction of vulnerabilities. The following coding standards were used during this analysis: 2005 Voluntary Voting System Guidelines [VVSG1], [VVSG2] and supplemental interpretation statements found at: http://www.eac.gov/testing_and_certification/request_for_interpretations1.aspx Version: 1.04 2014 atsec information security corporation Page 6 of 12

StyleCop Coding Standard found at: https://stylecop.codeplex.com The CERT Oracle Secure Coding Standard for Java [CERTJ] The Adjudication System does not contain Java source code, but C# has similarities to Java, so the Java coding standard still provides useful input into the analysis of code quality. 2.4.3 Design The source code review team utilized the provided usage and installation guidance, source code, and any other provided material as well as publicly available information in order to construct an understanding of the architecture and design of the voting system. This included discovering the external interfaces and their associated security mechanisms and controls, particularly as much information as possible was gathered to support conclusions regarding the ability for a threat agent to tamper with or circumvent security controls. The provided design description also provided a mapping of the high-level features and interfaces of the product to the features and interfaces implementation. Interfaces represent the primary attack surface of the voting system. Interfaces can include web-based interfaces, native graphic user interfaces, command line interfaces, or technical interfaces that are not designed for direct user interaction (e.g., database connections). Each of these interfaces was examined to identify the security controls that counter the threats. Secure interfaces also depend on filtering out poorly structured or corrupt data. The review team specifically checked for input validation mechanisms and determined if related attacks, such as command injection are possible. 2.4.4 Cryptography While cryptography is often the hardest security mechanism to break directly by brute-force, misuse of cryptographic primitives or implementation errors can render that protection weak or non-existent. The review team identified use sites of cryptography throughout the source code and determined if its use is appropriate for the given purpose. For example, using a cryptographic hash function to protect passwords is appropriate while using an encryption algorithm with a hard-coded key is not. The cryptographic primitives used in the source code are AES, HMAC-SHA-256, SHA-1, MD5, and RSA key generation. Note that in a code review, there is no effective way to test the correctness of implementation of any cryptographic algorithm. We recommend that all cryptographic algorithms be functionally tested, such as with the Cryptographic Algorithm Validation System (CAVS) test which is part of the NIST Cryptographic Algorithm Validation Program. 2.4.5 Backdoors Those with malicious intent who also have access to the Adjudication System during development may be able to place backdoors into the source code so that they could gain unauthorized access to the Adjudication System during operation. Backdoors are extremely hard to find because a seasoned programmer can obfuscate code to look benign. The atsec team would like to stress that, when facing a competent and sufficiently motivated malicious developer, it is extremely difficult to prove that all backdoors in a system have been identified. The famous Turing award lecture by Ken Thompson in 1984 entitled Reflections on Trusting Trust [TRUST] demonstrated how fundamentally easy it is to undermine all security mechanisms when the developers cannot be trusted. This voting system is no exception. The current scope of the project is the Adjudication System, which consists of total 617 C# source files. A full backdoor analysis is also impractical in a short period of time because a deep understanding of the data structures and code design is required to be able to recognize functionality that is out of place. Penetration test on a running system and observation of data modification and movement is also helpful. For this report, the reviewers are only able to examine the source code and look for signs of obfuscation or strange functionality. Version: 1.04 2014 atsec information security corporation Page 7 of 12

The review team marked the areas of poor code quality and use of cryptographic operations for further scrutiny. For example, a particular area of code that has poor code quality and accesses sensitive information such as authentication credentials is identified as a likely candidate for a hidden backdoor. The reviewers treated such areas by considering the threat of introduced backdoors in addition to unintentional implementation flaws. 2.4.6 Summary of the results A summary of the results is listed in Chapter 3. Each result contains: A description of the identified potential vulnerability or weakness. An assessment of what threats are involved in the possible exploitation of the vulnerability or weakness. A categorization of the result, which can be: A weakness in the source code. Weaknesses are issues identified in the source code that are not directly exploitable but may indicate the existence of exploitable vulnerabilities within the source code. A nonconformity in the code quality standards. Nonconformities do not necessarily imply weaknesses, though the rationale for the requirement is often based on preventing weaknesses. A potential vulnerability in the source code. Potential vulnerabilities cannot be fully verified, but one or more conditions for the vulnerability have been observed. A vulnerability in the source code. The reviewers have either shown or referenced other parties who have asserted the identified vulnerability to be exploitable. A severity level assigned to the result, which can be one of: Low severity. Low severity implies the impact to the product is low, is already mitigated by the system, or the difficulty in exploitation would likely require indefinite access to the systems, expert knowledge of the system, or would require cost prohibitive resources. Medium severity. Medium severity implies either the impact of exploitation to the product would be significant, or the difficulty in exploitation would likely require extended access to the systems, informed knowledge of the system, or would require significant resources. High severity. High severity implies either the impact of exploitation to the product would result in complete compromise of security, or the difficulty in exploitation would likely require little to no access or knowledge of the systems or little to no resources. Version: 1.04 2014 atsec information security corporation Page 8 of 12

3 Results The following table summarizes the results that arose from the source code review team's assessment of the Adjudication component system. Potential exploitation of a weakness or vulnerability and type of attacker is noted where applicable. Table 1: Summary of Potential Vulnerabilities in the Adjucation System ID Description Assessment Categorization 1 Catchall catch-blocks in trycatch statements. 2 Try-catch statements do not handle all potential exceptions. 3 Switch statements do not have default cases. Catchall catch-blocks may not handle some exceptions appropriately. Maliciously crafted input may cause denial of service or otherwise undefined behavior. Uncaught exceptions are thrown to the calling function. Maliciously crafted input may cause a denial of service. When no default cases exist, control may pass through the switch statement without proper processing. Type: Weakness Type: Weakness Type: Weakness; VVSG nonconformity 4 Code extends beyond 80- character width limit specified by VVSG. The source code often exceeds the limit by only a few characters. In some more rare cases, it extends further. The reviewers do not consider this a security related issue and did not find that it detracts from readability. Type: VVSG nonconformity 5 Initialize every variable upon declaration, and comment its use. Instances were found where variables are not initialized. Type: VVSG nonconformity 6 Member variables of a class must be initialized in the class constructor(s), either directly or indirectly Instances were found where the member variables are not initialized. Type: VVSG nonconformity 7 Mixed-mode operations exist counter to VVSG requirement. VVSG states mixed-mode operations should be avoided or at least clearly explained if necessary, instances of mixedmode operations were found. Type: VVSG nonconformity 8 No detection of overflows in arithmetic performed on vote counters. The source code does not appear to check for arithmetic overflows anywhere within the source tree. Type: Weakness, VVSG nonconformity Version: 1.04 2014 atsec information security corporation Page 9 of 12

ID Description Assessment Categorization 9 Restriction on code size by VVSG requirement stating: no more than 50% of all modules exceeding 60 lines in length, no more than 5% of all modules exceeding 120 lines in length, and no modules exceeding 240 lines in length. For the current scope of code, the reviewer found that 435 files (70%) are greater than 60 lines (VVSG limit is 50%), 267 files (43%) are greater than 120 lines (VVSG limit is 5%), and 139 files (23%) are greater than 240 lines (VVSG limit is 0%). Type: VVSG nonconformity 10 SA1501: A statement that is wrapped in opening and closing curly brackets must be written on a single line. 11 SA1124: Do not place a region anywhere within the code. 12 SA1120: When the code contains a C# comment it must contain text. 13 SA1122: The code cannot contain empty strings. 14 The MD5 is not a FIPS Approved algorithm and should not be used. 15 The SHA-1 and MD5 are not FIPS Approved Key Generation methods and should not be used. An instance was found where the statement and the curly braces are on the same line. Code containing #region was found. An instance was found where only comment // was present without any text. Two instances were found where a variable was set to. One instance of use of MD5 was found. One instance of use of SHA-1 and MD5 for key generation was found. Type: StyleCop nonconformity Type: StyleCop nonconformity Type: StyleCop nonconformity Type: StyleCop nonconformity Type: Potential vulnerability, FIPS nonconformity Type: Potential vulnerability, FIPS nonconformity 16 The Rijndael implementation in Microsoft Cryptographic library is in non-conformance to FIPS-197, AES implementation should be used instead. Several uses of the Rijndael algorithm were found. Type: Weakness, FIPS nonconformity Version: 1.04 2014 atsec information security corporation Page 10 of 12

Glossary AES API ATI AVS CAVP CBC CMVP COTS CSP CVE CWE DCF DCM ECDSA EED EMS FIPS HMAC HTTP Advanced Encryption Standard Application Programming Interface Audio Tactile Interface Accessible Voting Station Cryptographic Algorithm Validation Program Cipher Block Chaining Cryptographic Module Validation Program Commercial Off the Shelf Critical Security Parameter Common Vulnerability and Exposures Common Weakness Enumeration Device Configuration File Data Center Manager Elliptic Curve Digital Signature Algorithm Election Event Designer Electronic Management System Federal Information Processing Standard Hash Message Authentication Code Hyper Text Transfer Protocol ICC ICE ICP IP IV LAN LDF MCF NAS NIST OS PC RNG RRH RSA RTM RTR SHA TCP USB VIF VVSG ImageCast Central ImageCast Evolution ImageCast Precinct Internet Protocol Initialization Vector Local Area Network Log Data File Machine Context File Network Attached Storage National Institute of Science and Technology Operating System Personal Computer Random Number Generator Result Receiver Host Rivest, Shamir, and Adelman Result Transfer Manager Results Tally and Reporting Secure Hash Algorithm Transmission Control Protocol Universal Serial Bus Voter Information File Voluntary Voter System Guidelines HTTPS Hyper Text Transfer Protocol Secure Version: 1.04 2014 atsec information security corporation Page 11 of 12

References Documentation provided for the source code review included Dominion Democracy Suite product documentation, as well as other publically available standards documents. The atsec source team also consulted other publically available documents. Dominion Democracy Suite General Documentation [DEMC] Dem Suite EMS Coding Standard C#.docx Revision 0.0.98. Dominion Democracy Suite EMS Documentation [EMSFUN] 2.03 - EMS Functionality Description Version: 4.14.A-1::253 September 19, 2014 Dominion Democracy Suite Adjudication Documentation [ADJSDS] 2.05 - Adjudication Software Design and Specification, Version: 4.14.D::25, Dominion Voting Systems, September 18, 2014. [ASMM] 2.09 Adjudication System Maintenance Manual, version 4.14.D::9, September 18, 2014. [DSIAP] Democracy Suite ImageCast Adjudication Installation and Configuration Procedures, Version: 4.14.C::48, July 17, 2014 Public Documents [CERTJ] [FCAM] [FIPS140-2C] [NFR] [SP800131A] [TRUST] [VVSG1] [VVSG2] Long, et al., The CERT Oracle Secure Coding Standard for Java, Addison-Wesley, Upper Saddle River, NJ, 2012. Xie, T., Liy, F., Feng, D.,: Fast Collision Attack on MD5. Cryptology eprint Archive, Report 2013/170 (2013), https://eprint.iacr.org/2013/170.pdf. Annex C: Approved Random Number Generators for FIPS PUB 140-2, Security Requirements for Cryptographic Modules, Information Technology Laboratory, National Institute of Technology, February, 2012. SANS Institute InfoSec Reading Room,.NET Framework Rootkits: Backdoors inside your Framework, November, 2008, http://www.sans.org/reading-room/whitepapers/windowsnet/dotnet-framework-rootkitsbackdoors-framework-32954. NIST Special Publication 800-131A, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, U. S. Department of Commerce and National Institute of Standards and Technology, January, 2011. Thompson, Ken, Reflections on Trusting Trust, Communications of the ACM, Volume 27, Number 8, August, 1984, http://dl.acm.org/citation.cfm?id=358210. United States Election Assistance Commission, 2005 Voluntary Voting System Guidelines, Volume 1, Version 1.0, 2005. United States Election Assistance Commission, 2005 Voluntary Voting System Guidelines, Volume 2, Version 1.0, 2005. Version: 1.04 2014 atsec information security corporation Page 12 of 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information