SLI Compliance® offers election officials worldwide a host of election-related services, from general election and voting systems certification programs to analysis and audit of pre- and post-election system performance. Forensic Analysis helps to ensure electronic voting systems are appropriate for use. SLI Compliance can assist by making certain that the configuration of the certified election system is maintained during deployment and that election data integrity is preserved during all phases from set-up to counting and recording and transmission of results. Our services can be provided either pre- or post- elections.
Pre-election Forensics Services
- SLI Compliance conducts system audits and test elections to ensure that the deployed system is identical to the certified baseline and that no improper data entry or security penetration occurred that would affect count accuracy.
- SLI Compliance conducts audits to ensure security techniques being used are valid and that effective security procedures are contained in the design. Security features are compared for validity against NIST Special Publications, EAC Guidelines, and ANSI Standards & Guidelines.
- SLI Compliance ensures that techniques being used are effective as built and can recommend enhanced techniques that should be implemented where needed.
- SLI Compliance reviews the end-to-end security process to identify any weaknesses in the security chain. We pay particular attention to any aspects of the overall design that could place the system at risk.
- In addition, to component or feature-level tests, SLI’s end-to-end security and forensic analysis test methods are designed to validate the security of all aspects of the system. Testing can include voter registration, the creation of ballots, the transmission of ballots and receiving of marked ballots, the recording and tallying of results, providing voter confidentiality, and the audit/recount process.
- SLI Compliance uses FIPS compliant hashing algorithms to provide independent verification and validation to confirm the software and data have not been modified in any manner from the originally tested baseline.
- Source Code is exposed to various tools to determine possible security risks. SLI Compliance checks the as‐built software to verify that error checking is performing as expected, the system reacts to the errors and there are methods in place to prevent issues like buffer overflows, pointers not being freed, penetration attacks, and unauthorized insertions of code.
- Security algorithms and security policies are reviewed to validate correct implementation. Our experience shows that cryptographically compliant modules may be present, but if the security policies are not correctly implemented, the system may not be secure or compliant.
Post-election Forensics Services
- SLI Compliance compares the static and semi-static files of the voting system and each of its components through before and after images to ensure the system is functioning and tabulating according to specified parameters.
- SLI Compliance ensures that the code contains no hidden functionality, back doors, Trojan horses, conditional compilation flags, test flags, or hardcoded passwords.
- SLI Compliance confirms election systems haven’t been compromised or contain unauthorized updates. SLI Compliance identifies any and all added, altered or deleted files, programs, scripts or other operating components.
- Risks identified by SLI Compliance are itemized corrective actions and compensating controls, including system configurations and architecture that can mitigate risks.