Can DREs Provide Long-Lasting Security? the Case of Return-Oriented Programming and the AVC Advantage
A secure voting machine design must withstand new attacks devised throughout its multi-decade service lifetime. In this paper, the authors give a case study of the long-term security of a voting machine, the Sequoia AVC Advantage, whose design dates back to the early 80s. The AVC Advantage was designed with promising security features: its software is stored entirely in read-only memory and the hardware refuses to execute instructions fetched from RAM. Nevertheless, they demonstrate that an attacker can induce the AVC Advantage to misbehave in arbitrary ways - including changing the outcome of an election - by means of a memory cartridge containing a specially-formatted payload.