{"id":105897,"date":"2022-11-08T23:44:44","date_gmt":"2022-11-08T23:44:44","guid":{"rendered":"https:\/\/papersspot.com\/blog\/2022\/11\/08\/cw1-security-analysis-the-purpose-of-your-first-coursework-is-to-see\/"},"modified":"2022-11-08T23:44:44","modified_gmt":"2022-11-08T23:44:44","slug":"cw1-security-analysis-the-purpose-of-your-first-coursework-is-to-see","status":"publish","type":"post","link":"https:\/\/papersspot.com\/blog\/2022\/11\/08\/cw1-security-analysis-the-purpose-of-your-first-coursework-is-to-see\/","title":{"rendered":"CW1: Security analysis The purpose of your first coursework is to see"},"content":{"rendered":"<p>CW1: Security analysis<\/p>\n<p> The purpose of your first coursework is to see whether you can discover and fix security flaws in other people\u2019s code, before you then attempt to build secure software from scratch for your second coursework.<\/p>\n<p> The program you have been given has several security flaws and is intended to enable lecturers to view and store marks for students on modules. It reads in a file pwds.txt containing for each lecturer their passwords (encrypted) and the modules (up to five) that they are working on. It authenticates the user by asking them for a name and password and then presents them with a list of their modules. The user can then select a module, see a list of marks for each student and change the marks for a student. You may assume that pwds.txt is vulnerable to unauthorised writes but that the other files are not.<\/p>\n<p> Examination of the Code<\/p>\n<p> You can compile and run the code on the Virtual Machine you have been given but you will need to examine the source code itself (which the attacker has access to) and think carefully about how it works. <\/p>\n<p> Marking Scheme<\/p>\n<p> Note that we are looking for security issues, rather than bugs or usability flaws. It\u2019s up to you to decide which ones you want to fix, according to how well you feel you can fix them. <\/p>\n<p> In the sections below where you are analysing code, you will be marked on the quality of understanding of the code and the potential attack vectors against secure software. In the sections where you are modifying the code, you will be marked on how well you have fixed the vulnerabilities you have identified. This includes code quality, design, rigorous explanation and testing.<\/p>\n<p> Preliminary analysis \u2013 20% (broken down as follows)<\/p>\n<p> Top-level software design reverse engineered from the code, including a call graph that indicates which functions call which other functions, and a statement of any preconditions and postconditions (10%)<\/p>\n<p> Documentation of the source code as comments indicating any assumptions that are being made about the inputs and other variables of the program (10%)<\/p>\n<p> Modifications &#8211; 60% (broken down as follows)<\/p>\n<p> First issue fixed (20%)<\/p>\n<p> Awareness of the implications of the security issue (10%) <\/p>\n<p> The quality of the fix (10%) <\/p>\n<p> Second issue fixed\u00a0(20%)<\/p>\n<p> Awareness of the implications of the security issue (10%) <\/p>\n<p> The quality of the fix (10%) <\/p>\n<p> 2 other issues (20%) <\/p>\n<p> Awareness of the implications of the third security issue (10%) <\/p>\n<p> Awareness of the implications of the fourth security issue (10%) <\/p>\n<p> Conclusion- 20% (broken down as follows)<\/p>\n<p> A summary of the issues found and fixed (10%)<\/p>\n<p> A discussion of the implications of fixing and not fixing the vulnerabilities the third and fourth issues, combined with an assessment of the resources required to fix them (10%)<\/p>\n<p> We are expecting a typical submission to be about 1000 words (excluding references and code) but you will not be penalised for exceeding this.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CW1: Security analysis The purpose of your first coursework is to see whether you can discover and fix security flaws in other people\u2019s code, before you then attempt to build secure software from scratch for your second coursework. The program you have been given has several security flaws and is intended to enable lecturers to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[10],"class_list":["post-105897","post","type-post","status-publish","format-standard","hentry","category-research-paper-writing","tag-writing"],"_links":{"self":[{"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/posts\/105897","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/comments?post=105897"}],"version-history":[{"count":0,"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/posts\/105897\/revisions"}],"wp:attachment":[{"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/media?parent=105897"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/categories?post=105897"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/tags?post=105897"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}