首页 > > 详细

辅导Secure Programming、辅导C++、C/C++编程调试、讲解 Programming留学生 讲解SPSS|辅导留学生 St

Assignment 1 — Secure Programming 2019
Part 1 — 4%
Question 1 — 1%
It’s 4pm on Friday. Your assignment is due in 7 hours and 59 minutes. A friend invites you to a pub. You
reason that one beer would help you focus, submit a partial solution and go. Next thing, you wake up with
a raging hangover at 2pm Saturday, and are in no shape for looking at Secure Programming. On Sunday
morning you get back to the assignment, complete and submit it.
Assuming no further communication from you, how will we calculate your mark?
1. Only your partial Friday submission will be marked.
2. Your Sunday submission will be marked with no penalty.
3. Your Sunday submission will be marked, but being more than 24 hours late, the mark is capped at
50%.
4. Your mark is the higher of the partial Friday submission and the capped Sunday submission.
Question 2 — 1%
To reduce the penalty in the scenario of Question 1, you send the course coordinator an elaborate explanation,
involving a relative getting married and your cat defecating on your computer. What is the most likely
response?
1. According to University’s policies extensions are not granted for weddings.
2. Cats do not defecate on computers.
3. You should grow up.
4. All of the above.
Question 3 — 1%
For the assignment to be marked, the answers should be submitted as:
1. A Microsoft Word document.
2. A typed-up PDF document.
3. A handwritten document scanned to PDF.
4. Any of the above is OK.
Question 4 — 1%
Why does the lecturer not provide all the information you need for doing the assignment?
1. Because he is lazy.
2. Because he believes you should find the information yourself.
3. Because he is disorganised.
4. All of the above.
1Part 2 — 16%
In this part, you are asked to analyse a few function and understand what they do. The functions perform
simple arithmetic and bitwise operations on their inputs. We do not ask you to describe these operations,
but to explain what the outcome is. For example, consider the function:
int32_t example1(int32_t a) {
return (a^0xFFFFFFFF)+1;
}
Saying that example1 calculates the exclusive or of the input with the number 0xFFFFFFFF and adds one is
technically correct, but is not the expected answer. The correct answer is that the function computes the
two’s complement of the input. (Or any equivalent description.)
Similarly, for example2 below, the expected answer is that the function returns bit b of a. Saying that
it shifts the number 1 by b bits to the left and returns the result of anding that with a is not sufficient.
uint32_t example2(uint32_t a, uint32_t b) {
return (1<}
For all questions, assume that signed numbers are represented using two’s complement and that integer
overflow wraps around. For example, MAX INT32+1 results in MIN INT32.
Question 5 — 4%
int32_t f1(int32_t a) {
return a & -a;
}
Question 6 — 4%
int32_t f2(int32_t a) {
return (a | -a)>>31;
}
Question 7 — 4%
uint32_t f3(uint32_t a, uint32_t b, int32_t c, int32_t d) {
c ^= d;
c = (c | -c) >> 31;
return (a & ~c) | (b & c);
}
Question 8 — 4%
uint8_t f4(uint8_t a, uint8_t b) {
uint8_t c;
c = (a & b) << 1; a ^= b;
b = (a & c) << 1; a ^= c;
c = (a & b) << 1; a ^= b;
b = (a & c) << 1; a ^= c;
c = (a & b) << 1; a ^= b;
b = (a & c) << 1; a ^= c;
c = (a & b) << 1; a ^= b;
b = (a & c) << 1; a ^= c;
return a;
}
2Part 3 — 80% (75% for COMP SCI 7307)
The main task in this assignment is to emulate part of the functionality of anti-virus software, namely parsing
various files. More specifically, you are asked to parse Linux binaries and report some statistics on them.
Details
Write a C program named assignment1. The program takes two arguments: a name of an ELF file and
a number which indicates the output size. The program scans each of the ELF file’s program headers and
counts the number of times each pair of bytes appears in the file segment that the header describes. It then
reports the most popular pairs and how often they appear in the segment.
Each output line consists of four elements:
1. Program header number (starting from 0)
2. Segment type. Possible values are NULL, LOAD, DYNAMIC, SHLIB, INTERP, NOTE, and PHDR.
If the type of the program header is not any of these, display ---.
3. Byte pair - two double-digit hexadecimal numbers, separated by a colon character
4. Count - the number of times the byte pair appears in the segment.
Output lines are sorted first by program header number and then by count. Byte pairs with the same count
in the same segment can appear in any order. The output line format is: %3d %-7s %02x:%02x %7lu\n
For example, on uss01.cs.adelaide.edu.au, the output for /bin/ls (also available in the Resources section of
the assignment’s web site) is:
$ ./assignment1 /bin/ls 3
3Robustness
The real aim of this assignment is to get you thinking about defensive-programming — a style of programming
that assumes that the user is malicious. The aim of your program is to produce correct output when given a
benign input, but a major requirement for this assignment is that your program is robust against adversarial
input. You may abort the program on invalid input, however your program should never crash or hang. You
can assume that libelf works correctly (i.e. it neither crashes nor hangs and that libelf functions either return
the information found in the file or an error). Your solution cannot catch or ignore signals and cannot use
timers. Solutions using these and similar methods to avoid the symptoms of bad input validation will not
be marked and your grade for this part of the assignment will be zero.
Getting libelf
To use libelf on your computer, you need to install the development package. On Fedora, RedHat, and
CentOS install elfutils-libelf-devel, and on Ubuntu libelf-dev. On other distributions you will have
to find the right package.
The package is not installed on University computers. To get a development environment that works
there, copy the files libelf.h and gelf.h from the Resources section of the assignment’s web site to your
work directory, link to the existing libelf using the command ln -s /usr/lib64/libelf.so.1 libelf.so
in your work directory and set the flags -I. -L. when compiling your program.
More about University Computers
The default gcc version on the University computers is very old, and lacks many useful features. To enable
a reasonably recent version of gcc, use scl enable devtoolset-8 bash . This will open a new shell, with
the correct environment variables for using gcc 8. Any software you submit should be compatible with the
newer version of gcc.
Part 4 — 5% (COMP SCI 7307 only)
Note: This part is only for Masters students taking COMP SCI 7307.
Use a subset of the C language to implement the function uint32 t mul(uint16 t a, uint16 t b) ,
which calculates the product of a and b. You are only allowed to use the following subset of the language:
Variables of types uint16 t and uint32 t.
The binary operators +, &, |, ^, ==.
The ternary operator ?:.
The assignment operator =, as well as its combination with other allowed operators, e.g. +=, &=, etc.
The return statement.
Submission Instructions
You should submit a .tar or a .tgz archive. The archive should contain a single directory, whose name is
your student a-number. In that directory, we expect to find two or three items:
A PDF document named answers.pdf, which contains the answers to Parts 1 and 2. The file should be
typed-up, i.e. scanning a handwritten paper is not acceptable. Also, the file must be a PDF document.
Text or Word documents are not acceptable, even if you changed the extension to .pdf.
A directory named part3 (case-sensitive). Typing make in the directory should create the program
assignment1. The directory should not contain any automatically generated files, including object
(.o) files and the executable assignment1. It may contain libelf.h, gelf.h, and a symbolic link to
libelf.
4 Masters student (COMP SCI 7307) should also include the file part4.c, which contains the answer to
Part 4.
The Resources part of the assignment’s web site contains a program sanity.sh. Running this program on
your submission executes some basic sanity checks to ensure that your program meets minimal requirements.
To run it, use bash ./sanity.sh . Submissions that do not pass the sanity check will
be marked as zero.
5

联系我们 - QQ: 99515681 微信:codinghelp
程序辅导网!