User Account

All Pages

Write an attack script or a program to display the secret

Assignment Help Computer Engineering
Reference no: EM131309097

COMPUTER SECURITY (SYSTEM SECURITY) ASSIGNMENT

Objectives:

The main objective of this assignment is for the students to understand the security mechanisms in Unix-like operating systems and their interplay with software security, in particular:

-  to learn practical access control mechanisms in Unix operating system, such as files and folder permissions and SUID programs, and how application security is affected by them;

-  to learn how software vulnerabilities can be exploited to circumvent security mechanisms in both applications and operating systems. 

Problem Description:

There are three problems in this assignment. To do this assignment, you will make use of an installation of Ubuntu Linux 12.04 (32 bit) in the Oracle VirtualBox virtual machine. The VirtualBox image of the Ubuntu installation is provided with this document and can be downloaded from the NTULearn site for this assignment, under the Group assignment menu. The assessment of the solutions to the problems listed below will be entirely done inside this particular installation of Ubuntu. 

The Ubuntu installation for this assignment is a clone of the Ubuntu image provided for the tutorial sessions. In particular, it has the following users: admin, alice, bob, charlie, dennis, eve and fong. User admin has the administrative privilege over the system, i.e., it can escalate its privilege to the root user.

The user bob maintains several applications that allows a user to access a certain 'secret', when the right password is provided. These passwords are different from the user account passwords. To distinguish the two, we shall call these passwords as application passwords. Every user is assigned a unique secret and a unique application password. The secrets take the form of a string of alpha numeric characters. The application passwords and the secrets are stored in individual files.  The locations for these files are summarized in Table 1.  The application passwords are strings of lower-case letters, of length at most 14 characters.

Problem 1 - Your first task is to write an attack script or a program to display the secret of any of the following users: alice, charlie, dennis, eve, or fong. The attack program takes one argument, which is the user you want to attack. The attack must work when executed by user charlie.

Problem 2 - For this problem, you are asked to write an attack script/program to display bob's secret. The attack program takes no argument. As in Problem 1, this attack must work when launched by user charlie.

Problem 3 - For Problem 3, you are asked to write a script/program to display the application password and the secret of the admin user. The attack program takes no argument. A successful attack should output something like the following:

Assessment

The assessment is based on two components:

1. Attack code execution: This is broken down to 15% for Problem 1, 15% for Problem 2 and 20% for Problem 3. The assessment of the correctness of your attack will be partially automated, so please make sure you follow the suggested output format as mentioned in the problem description above. Your solutions will be tested in the same virtual machine that is provided with this assignment, but with all password and secret values modified (except for charlie's passwords and secret). So you should make sure that you do not hardcode any of the sample passwords/secrets, other than charlie's, mentioned above in your solutions, as they will not work in the assessment process. Each attack must be successfully executed within 2 (two) minute. This is really a gross approximation; if you implement the attacks correctly, each attack should take only a few seconds to solve the given problem.

2. Report: There is no definitive structure of the report, but here are some guidelines of what we would expect from the report: 

  • As a general guideline we expect a division into three parts, corresponding to the division of the problems. But if you are able to find a single attack that solves all problems, in which case, the division per problem does not work so well and the report will be judged more holistically.
  • We expect a detailed analysis of what are the vulnerabilities and how you exploit them. It is not enough, for example, to say that you do a 'stack overflow' attack. You'd need to explain about the memory layout, what is the effect of the overflow, how do you subvert the control flow of the program, etc. Similarly, where the problem/solution concerns Unix security mechanism, I expect you to articulate clearly the aspects of the control mechanism that cause the vulnerability, and how you exploit them.

Attachment:- Assignment.rar

Reference no: EM131309097

Questions Cloud

Analyze your findings about one identified thief : Analyze your findings about one identified thief. How can you learn from your chosen thief to acknowledge and recognize the motives and behavioral indicators that someone might be spying against the company you work for?
Different type of conflict at a workplace : Read an article or two about different type of conflict at a workplace and give your opinion on what you think about them. Glaring example should be taken from your experience on such conflicts.
Provide all aspects of it implementation into project plan : Provide all aspects of the information technology implementation into the project plan. Describe the goals and objectives of the project. Give a detailed, realistically estimated cost analysis of the entire project.
Create a questionnaire about a new restaurant : Determine the suitability of a seafood restaurant in Ft. Collins, you are preparing a short questionnaire to be completed by people living in the Ft. Collins area.
Write an attack script or a program to display the secret : CE4062-CZ4062: COMPUTER SECURITY (SYSTEM SECURITY) ASSIGNMENT. Your first task is to write an attack script or a program to display the secret of any of the following users: alice, charlie, dennis, eve, or fong. The attack program takes one argumen..
Prepare cover letter to introduce the questionnaire prepared : Prepare a cover letter to introduce the questionnaire prepared for Exercise. The letter should encourage readers to complete the questionnaire and return it quickly in the stamped, addressed envelope.
First time to manage a large business meeting : You have been asked for the first time to manage a large business meeting. The corporate executives will attend, and if they like the way you organize the event, there will be some great recommendations.
What is the government spending multiplier : If government purchases and taxes are increased by $100 billion simultaneously, what will the effect be on equilibrium output (income)?
Rewrite the set of productions in extended backus-naur form : Course: IST 230/CMPSC 360- Rewrite the set of productions above in Extended Backus-Naur Form (EBNF).  Using a Push Down Automaton (PDA), determine if the following function is valid code according to the given set of productions.

Reviews

len1309097

12/12/2016 4:52:36 AM

You can program your solutions using C, Python or bash shell script. All of the problems can be solved with very small programs. If you use C, please make sure that your codes can be compiled from within the virtual machine using gcc. Similarly, if you use Python, please make sure the script can be run inside the provided virtual machine. The Python version installed in the provided virtual machine is version 2.7.3. The solutions are simple enough that each will fit in one C/Python/shell script file so you do not need to use complicated project-base code structures.

Write a Review

Computer Engineering Questions & Answers

  Mathematics in computing

Binary search tree, and postorder and preorder traversal Determine the shortest path in Graph

  Ict governance

ICT is defined as the term of Information and communication technologies, it is diverse set of technical tools and resources used by the government agencies to communicate and produce, circulate, store, and manage all information.

  Implementation of memory management

Assignment covers the following eight topics and explore the implementation of memory management, processes and threads.

  Realize business and organizational data storage

Realize business and organizational data storage and fast access times are much more important than they have ever been. Compare and contrast magnetic tapes, magnetic disks, optical discs

  What is the protocol overhead

What are the advantages of using a compiled language over an interpreted one? Under what circumstances would you select to use an interpreted language?

  Implementation of memory management

Paper describes about memory management. How memory is used in executing programs and its critical support for applications.

  Define open and closed loop control systems

Define open and closed loop cotrol systems.Explain difference between time varying and time invariant control system wth suitable example.

  Prepare a proposal to deploy windows server

Prepare a proposal to deploy Windows Server onto an existing network based on the provided scenario.

  Security policy document project

Analyze security requirements and develop a security policy

  Write a procedure that produces independent stack objects

Write a procedure (make-stack) that produces independent stack objects, using a message-passing style, e.g.

  Define a suitable functional unit

Define a suitable functional unit for a comparative study between two different types of paint.

  Calculate yield to maturity and bond prices

Calculate yield to maturity (YTM) and bond prices

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd