LogoLogo
  • Software Independence
  • System Security Architecture Description
    • Access Control
    • Artifact Authentication
      • Hashing of Continuously Exported Cast Vote Records
      • Preserving Voter Privacy
    • System Integrity
    • Networking
    • Password and Credential Policies
    • Defense-in-Depth and Least Privilege
    • Cryptography
  • Procedural and Operational Security
  • Known Vulnerabilities
  • Trusted Build
    • Build Machine Configuration
      • Installing Debian 12 to VxBuild
    • Online Phase
    • Offline Phase
    • Final Configuration
      • Secure Boot Signing
    • Installing an Image via vx-iso
      • Preparing USB Installation Drives
      • Installing a VotingWorks Image
      • Machine Configuration Wizard and VxCertifier
      • Verifying an installed image
    • Hash/Checksum Verification
    • Virt Manager - Network Access & Troubleshooting
  • Reliably Detectable Marks
Powered by GitBook
On this page
Export as PDF

System Security Architecture Description

PreviousSoftware IndependenceNextAccess Control

Last updated 1 year ago

This section describe the overall system security architecture of VxSuite and the measures taken to thwart attacks on the proper operation of elections on VxSuite.

Requirement 14.1-C.1 – the use of cryptography to secure VxSuite – is covered by

  • the certificates and signatures used by smartcards, see .

  • digital signatures applied to all files exchanged between system components, see .

  • hard-drive partition hashes, as well as kernel and bootloader signature, used as part of secure-boot, see .

  • additional details on encryption vs. authentication and the type and size of cryptographic keys we use is provided in Cryptography

Requirement 14.1-C.2 – the use of malware protection to secure VxSuite – is covered by the secure boot and safe mounting of external drives covered in .

Requirement 14.1-C.3 – the use of a firewall to secure VxSuite – is covered in .

Requirement 14.1-C.4 – the use of system configurations to secure VxSuite – is covered by:

  • aspects of secure-boot as described in .

Requirement 11.4-A – on least privilege – is covered by .

Requirements 13.3-A, 13.3-C, 13.3-D are covered by Cryptography

Artifact Authentication
System Integrity
System Integrity
Networking
Password and Credential Policies
System Integrity
Defense in Depth and Least Privilege
Access Control / Smartcard Keys and Certificates