Hack-a-Vote: Phase 1 Group Report

Here are some guidelines on what the report should look like, its length and content. Note that the intention is for this to be a lightweight report. Please make sure you spellcheck and look for simple grammatical errors before you submit it.

With regard to formatting issues. Please use a single column format, Times font or simiar and use numbered sections/subsections (for example, the first section will start with 1 and the first subsection will start with 1.1). There is no need for a bibliography.

LaTeX users My preference would be for you NOT to use the School's report layout because it wastes a lot of space and is hard to read. Also please avoid double columns as they are also hard to read! I would suggest using the vanilla default article format as this provides the format described in the previous paragraph. Note that if you omit the abstract that LaTeX will not complain.

Remember when writing reports that the focus should be on whether you have addressed all the required points rather than the number of words. If in doubt whether you have written enough, try looking at you have written and asking if you have addressed WHAT, HOW and WHY for each claim you make in a report. You may find that your HOW and WHY have to be further decomposed. You might also be interested in checking out the Writers Diet's waistline test).

What follows is the report structure for each assigned codebase. I've provided example section names and tried to provide some commentary (the stuff in italics).

Report Title

Report Title

Author, student ID number, institution, date of printing.

1. Scenarios/Motivation

Introduce your scenario here (use a list if more than one).

Write one-two paragraphs for each scenario. Make sure you cover the following.

Describe what our attackers intend to achieve with respect to the election. Is it denial-of-service, result manipulation, etc.?. Be concrete, for example what is the name of the candidate being favoured, when is the election taking place, where is the election etc.

Identify the people bribing you to modify the code by name (for example, SMERSH).

Present the argument that provides the motivation for the attack. Answer the questions WHY and WHAT they intend to gain. Make sure your argument has a logical flow. Don't worry about it too much. Think about financial or political gain. Avoid explanations such as "because it is a full moon" or other non-sequiters.

2. Modification A

2.1 Which Scenario Does it Address?

Which scenario this is associated with?

2.2 How Do You Trigger the Trojan?

Describe the conditions for enabling or activating the scenario is described. Length is going to be modification-specific. For example, you may need to provide command line switches and explain what each one does.

2.3 How is the Trojan Implemented?

Identify the key parts of the code base that have been changed and add a commentary.

I would expect maybe a couple of paragraphs giving an overview of code structure, indication of how many lines have been changed and a discussion of the general approach that connects the desired scenario outcome with the changes to the code (for example, if the desired outcome is for Party Z to always have the majority votes you will would need to explain how your changes modify the results).

You should include a walkthrough of the key parts of the code with differences from the original and modified code highlighted. Note that the authors of the IEEE paper made changes (or inserted) 150 lines, I would not expect that all those lines would be included in this report. You should be aiming for somewhere between one and three pages and it would be helpful to refer to line numbers in the source

2.4 Does It Work?

Indicate the state of the code. Does it work, what remains to be completed, is it buggy?

3. Modification B

As for Modification A

3.1 Which Scenario Does it Address?

Don't unnecessarily duplicate writing if this is the same as the corresponding section for Modification A or perhaps very similar with minor changes. If it is the same, just say so. Otherwise point out how it is similar and how it is different.