Reference no: EM132294724

THE ASSIGNMENT TASK:

In this assignment students are required to

1. Identify the security vulnerabilities in given programming codes.
2. Write secure programming code and appreciate secure practices in coding.

LEARNING OUTCOMES

Knowledge and understanding of
1. Security requirements, threats and countermeasures
2. Tools and techniques which may be used to enhance or break system security.

And should be able to
1. Identify and evaluate a selection of key concepts and methods employed by adversaries to break into insecure systems and/or within Malware scenarios;
2. Select, deploy, and evaluate appropriate techniques to write more secure code, both in theory and practice.

Coursework: Secure Programming

Question 1:

The following program reads two strings in1 and in2 and concatenates them to produce the string out.

1.  int main( void ) {

2.       char[YourNumber] in = gets();

3.       char[YourNumber] in2 = gets();

4.       char[2*YourNumber-1] out;

5.       strcpy(out,in);

6.       int index = strlen(in);

7.       while(index < 2*YourNumber-1) {

8.              out[index] = in2[index-strlen(in)];

9.              index = index + 1;

10.        }

11.        return 0;

12.     }

Which lines have buffer length checking errors? Fix each line. (10 marks)

Question 2:

Write a C program to:

• Write on the screen: ``Please enter a positive number less than YourNumber: ''.
• Accept a number from the user.
• Keep prompting for more numbers until -1 is entered
• Output the sum of all entered numbers excluding -1.
• Output the integer part of the average of all entered numbers excluding -1.

The program should properly check all input provided by the user and fail appropriately if bad input is given. The user should not be able to induce a segmentation fault or unintended behaviour from the program. You may use your own notes.

Your program should satisfy the following.

• Program compiles
• Program accepts input from the user
• Program exits when -1 is input
• Program correctly outputs results
• Program can't fail if the user enters too many numbers
• Program can't fail if the user enters long strings
• Program can't fall if the user enters zero numbers
• Program can't fall if the user enters a very big number
• Program is generally well written

Question 3:

The program below uses dynamic memory allocation to accept arguments from a user.

1. #include <stdlib.h>
2. #include <string.h>
3. int main(int argc, char *argv[]) {
4. char *first, *second, *third;
5. first = malloc(YourNumber);
6. second = malloc(22);
7. third = malloc(22);
8. strcpy(first, argv[1]);
9. strcpy(second, argv[2]);
10 free(first);
11 free(second);
12 free(third);
13 return(0);
14 }

Explain in detail how an attacker can exploit this program using the unlink technique. Your explanations should ideally include
• Vulnerabilities in the program's memory allocation
• Malicious argument that may be used by the attacker in unlink technique

• Suggestions of any defences to this kind of attack

Question 4

A user has a picture file. A program runs as the user root and hence is allowed to see all files. The program creates a symbolic link called mylink pointing to the picture file. It checks that the user of the program is allowed to view the picture file before creating the symbolic link. After use, the link is deleted. In a normal program run, the link only appears for a fraction of a second. Unfortunately the program is written carelessly and contains a mistake.

In more detail, what is happening is:

Directory A has a subdirectory B which in turn has a subdirectory C. The symbolic link mylink is in directory B. In the example below it points to the file funny.jpeg.

Output of running ls -l from within directory A:

drwxr-xr-x 2 alice alice 192 Sep 25 17:56 B

Output of running ls -l from within directory B during the brief time that mylink exists:

drwxr-xr-x 2 root root 192 Sep 25 17:56 C
-rw-r--r-- 1 alice alice 491 Sep 25 17:46 funny.jpeg
lrwx------ 1 root root 8 Sep 26 01:42 mylink -> funny.jpeg

Output of running ls -l from within directory C:

-rw------- 1 root root 491 Sep 25 17:46 secret_records

The user is not allowed to view the file secret_records in directory C.

(a) A user has found a way to view the file secret_records. What might the author of the program have done wrong?

(b) Explain in detail how an attacker might exploit this situation.

(c) Assuming the author of the program wishes to create the symbolic link. What could the program author have done to avoid the problem?

Question 5

You are hired by ACME Systems Software Ltd who plan to write much of their software in the language C. The software will be exposed to the Internet and will allow access to various users of different privileges.

When answering the following two questions take into account:

• What are the security risks?
• How might they be exploited?
• What precautions could be taken to reduce any security risks?
In all cases illustrate your points with examples.

(a) Your task is to evaluate the potential security risks of using C. Your work should be split into the following sections (max 200 words per section).
• Integers
• Management of memory
• Evaluation of standard libraries (Are they appropriate. Are better alternatives available and in what way are they better?)
• General robustness of the language (Does the language help the programmer to find/avoid mistakes?)
• Other

(b) Based on your analysis for each make a recommendation of software systems, coding conventions and software process changes that ACME should implement. You should consider the following step-by-step security practises (max 200 words per section).

• Systems Quality Requirements Engineering
• Threat Modeling
• Use/Misuse Cases
• Architecture and Design
• Other