首页 > > 详细

讲解 DSCI 525 Assignment 3辅导 Web开发

DSCI 525

Assignment 3

Objective

The objective of this assignment is to provide you the opportunity to apply secure software development concepts studied in class.

Task 1 (50 points)

Answer the following questions.

1.    The following program is vulnerable to a buffer overflow (assuming the absence of automated defenses like ASLR, etc.).

 

a.   What is the name of the buffer that can be overflowed?

b.   What line of code can overflow the vulnerable buffer?

c.   Recall the vulnerable overflow from the previous two questions. We can change one line of code and make the buffer overrun go away. Which one-line change will eliminate the vulnerability?

d.   Which of the attacks that we studied do you think the program is susceptible to?

e.   If we changed printf("%s",buf)to printf(buf) then the program would be vulnerable to what sort of attack?

2.   Recall Heartbleed attack.

a.   What type of exploitation of the Heartbleed bug permits?

b.   Why is it that anti-virus scanners would not have found an exploitation of Heartbleed?

3.   Consider the following code:

char *foo(char *buf) {

char *x = buf +s trlen(buf);

char *y = buf;

while (y != x) {

if (*y == 'r')

break;

y++;

}

return y;

}

void bar() {

char input[10] = "test123";

foo(input);

}

The definition of spatial safety models pointers as capabilities, which are triples (p,b,e) where p is the pointer, b is the base of the memory region the pointer is allowed to access, and e is the extent of that region. Assuming characters are 1 byte in size, what is a triple (p,b,e) for the variable y when it is returned at the end of the code?

4.   In a return-oriented program (ROP), what is the role of the stack pointer?

5.   A colleague proposes using a heap allocator that randomizes the addresses of allocated objects. What is the impact of this design on security and performance?

6.    Recall that classic enforcement of CFI requires adding labels prior to branch targets, and adding code prior to the branch that checks the label to see if it's the one that is expected. Now consider  the following program:

 

To ensure that the instrumented program runs correctly when not being attacked, which of the following functions would have to be given the same label?

7.   Suppose you design software for a bank and the bank's customers may remotely log into its site using commodity PCs. Which threat model (network-only, snooping, co-located) makes the most sense for you to consider, when designing the bank's site? Briefly explain.

8.   Suppose that x and y in the following program are symbolic. When the symbolic executor reaches the line that prints "Hi" what will the path condition be?

/* assume x and y are both symbolic */

void foo(int x, int y) {

if (x > 5)

if (y > 7) {

printf("here\n");

} else {

if (x < 20)

printf("Hi\n");

else

printf("Bye\n");

}

}

9.   Suppose that x in the following program is symbolic. When the symbolic executor reaches the line that prints "now" what will the path condition be?

void bar(int x) {

int z;

if (x > 5)

z = 5;

else

z = 1;

if (z > 3)

printf("now\n");

}

10. Which of the following styles of fuzzer  is more likely to explore paths covering every line of code in the following program?

.    Black Box

.    Grammar based

.    White Box

 

Task 2 (50 points)

Research the design of the Google Fuchsia OS (please do more than just reading Wikipedia). The code is available here:https://fuchsia.googlesource.com.

Describe the techniques (studied in class and those that were not discussed in class) that this new OS uses for security. For this task write a 3-page report. Include your references.

Deliverable and Grading

Upload your written report to D2L “Homework3” folder.  For task1, each question is worth 5 points.




联系我们
  • QQ:99515681
  • 邮箱:99515681@qq.com
  • 工作时间:8:00-21:00
  • 微信:codinghelp
热点标签

联系我们 - QQ: 99515681 微信:codinghelp
程序辅导网!