首页
网站开发
桌面应用
管理软件
微信开发
App开发
嵌入式软件
工具软件
数据采集与分析
其他
首页
>
> 详细
代做DSCI 525、Java/Python程序代写
项目预算:
开发周期:
发布时间:
要求地区:
Assignment 3
Objective
The objective of this assignment is to provide you the opportunity to apply secure software
development concepts studied in class.
Task 1 (50 points)
Answer the following questions.
1. The following program is vulnerable to a buffer overflow (assuming the absence of automated
defenses like ASLR, etc.).
a. What is the name of the buffer that can be overflowed?
b. What line of code can overflow the vulnerable buffer?
c. Recall the vulnerable overflow from the previous two questions. We can change one line of
code and make the buffer overrun go away. Which one-line change will eliminate the
vulnerability?
d. Which of the attacks that we studied do you think the program is susceptible to?
e. If we changed printf("%s",buf) to printf(buf) then the program would be
vulnerable to what sort of attack?
2. Recall Heartbleed attack.
a. What type of exploitation of the Heartbleed bug permits?
b. Why is it that anti-virus scanners would not have found an exploitation of Heartbleed?
3. Consider the following code:
char *foo(char *buf) {
char *x = buf +s trlen(buf);
char *y = buf;
while (y != x) {
if (*y == 'r')
break;
y++;
}
return y;
}
void bar() {
char input[10] = "test123";
foo(input);
}
The definition of spatial safety models pointers as capabilities, which are triples (p,b,e) where
p is the pointer, b is the base of the memory region the pointer is allowed to access, and e is
the extent of that region. Assuming characters are 1 byte in size, what is a triple (p,b,e) for the
variable y when it is returned at the end of the code?
4. In a return-oriented program (ROP), what is the role of the stack pointer?
5. A colleague proposes using a heap allocator that randomizes the addresses of allocated objects.
What is the impact of this design on security and performance?
6. Recall that classic enforcement of CFI requires adding labels prior to branch targets, and adding
code prior to the branch that checks the label to see if it's the one that is expected. Now consider
the following program:
To ensure that the instrumented program runs correctly when not being attacked, which of the
following functions would have to be given the same label?
7. Suppose you design software for a bank and the bank's customers may remotely log into its site
using commodity PCs. Which threat model (network-only, snooping, co-located) makes the most
sense for you to consider, when designing the bank's site? Briefly explain.
8. Suppose that x and y in the following program are symbolic. When the symbolic executor
reaches the line that prints "Hi" what will the path condition be?
/* assume x and y are both symbolic */
void foo(int x, int y) {
if (x > 5)
if (y > 7) {
printf("here\n");
} else {
if (x < 20)
printf("Hi\n");
else
printf("Bye\n");
}
}
9. Suppose that x in the following program is symbolic. When the symbolic executor reaches the
line that prints "now" what will the path condition be?
void bar(int x) {
int z;
if (x > 5)
z = 5;
else
z = 1;
if (z > 3)
printf("now\n");
}
10. Which of the following styles of fuzzer is more likely to explore paths covering every line of
code in the following program?
• Black Box
• Grammar based
• White Box
Task 2 (50 points)
Research the design of the Google Fuchsia OS (please do more than just reading Wikipedia). The code is
available here: https://fuchsia.googlesource.com.
Describe the techniques (studied in class and those that were not discussed in class) that this new OS uses
for security. For this task write a 3-page report. Include your references.
Deliverable and Grading
Upload your written report to D2L “Homework3” folder. For task1, each question is worth 5 points.
软件开发、广告设计客服
QQ:99515681
邮箱:99515681@qq.com
工作时间:8:00-23:00
微信:codinghelp
热点项目
更多
代做 program、代写 c++设计程...
2024-12-23
comp2012j 代写、代做 java 设...
2024-12-23
代做 data 编程、代写 python/...
2024-12-23
代做en.553.413-613 applied s...
2024-12-23
代做steady-state analvsis代做...
2024-12-23
代写photo essay of a deciduo...
2024-12-23
代写gpa analyzer调试c/c++语言
2024-12-23
代做comp 330 (fall 2024): as...
2024-12-23
代写pstat 160a fall 2024 - a...
2024-12-23
代做pstat 160a: stochastic p...
2024-12-23
代做7ssgn110 environmental d...
2024-12-23
代做compsci 4039 programming...
2024-12-23
代做lab exercise 8: dictiona...
2024-12-23
热点标签
mktg2509
csci 2600
38170
lng302
csse3010
phas3226
77938
arch1162
engn4536/engn6536
acx5903
comp151101
phl245
cse12
comp9312
stat3016/6016
phas0038
comp2140
6qqmb312
xjco3011
rest0005
ematm0051
5qqmn219
lubs5062m
eee8155
cege0100
eap033
artd1109
mat246
etc3430
ecmm462
mis102
inft6800
ddes9903
comp6521
comp9517
comp3331/9331
comp4337
comp6008
comp9414
bu.231.790.81
man00150m
csb352h
math1041
eengm4100
isys1002
08
6057cem
mktg3504
mthm036
mtrx1701
mth3241
eeee3086
cmp-7038b
cmp-7000a
ints4010
econ2151
infs5710
fins5516
fin3309
fins5510
gsoe9340
math2007
math2036
soee5010
mark3088
infs3605
elec9714
comp2271
ma214
comp2211
infs3604
600426
sit254
acct3091
bbt405
msin0116
com107/com113
mark5826
sit120
comp9021
eco2101
eeen40700
cs253
ece3114
ecmm447
chns3000
math377
itd102
comp9444
comp(2041|9044)
econ0060
econ7230
mgt001371
ecs-323
cs6250
mgdi60012
mdia2012
comm221001
comm5000
ma1008
engl642
econ241
com333
math367
mis201
nbs-7041x
meek16104
econ2003
comm1190
mbas902
comp-1027
dpst1091
comp7315
eppd1033
m06
ee3025
msci231
bb113/bbs1063
fc709
comp3425
comp9417
econ42915
cb9101
math1102e
chme0017
fc307
mkt60104
5522usst
litr1-uc6201.200
ee1102
cosc2803
math39512
omp9727
int2067/int5051
bsb151
mgt253
fc021
babs2202
mis2002s
phya21
18-213
cege0012
mdia1002
math38032
mech5125
07
cisc102
mgx3110
cs240
11175
fin3020s
eco3420
ictten622
comp9727
cpt111
de114102d
mgm320h5s
bafi1019
math21112
efim20036
mn-3503
fins5568
110.807
bcpm000028
info6030
bma0092
bcpm0054
math20212
ce335
cs365
cenv6141
ftec5580
math2010
ec3450
comm1170
ecmt1010
csci-ua.0480-003
econ12-200
ib3960
ectb60h3f
cs247—assignment
tk3163
ics3u
ib3j80
comp20008
comp9334
eppd1063
acct2343
cct109
isys1055/3412
math350-real
math2014
eec180
stat141b
econ2101
msinm014/msing014/msing014b
fit2004
comp643
bu1002
cm2030
联系我们
- QQ: 9951568
© 2021
www.rj363.com
软件定制开发网!