version 1.10 (12 Jan 2024)
In this homework, you will implement a secure log to describe the state of an art gallery: the guests and employees who have entered and left, and persons that are in rooms. The log will be used by two programs. One program, logappend
, will append new information to this file, and the other, logread
, will read from the file and display the state of the art gallery according to a given query over the log. Both programs will use an authentication token, supplied as a command-line argument, to authenticate each other. Specifications for these two programs and the security model are described in more detail below.
You will build the most secure implementation you can; then you will have the opportunity to attack other teams’ implementations, and fix bugs that other teams identify in your implementation.
This homework has a graded component and a contest component. Please note that your grade for the homework, and your score in the contest are not the same (although they are likely to be correlated). Details of grading and scoring are below. Scoring well in the contest is good for bragging rights and for extra credit.
You will work in teams of 3 people in groups assigned by us. Your first task is to meet as a team. Your team should decide how often, when, and by what means you will meet. You should also decide on the roles and responsibilities for each member. Please designate one member as the team leader. Last, but not least, you must choose a team name!
Once you have decided on all of the above, the team leader must complete two tasks:
See the page for each phase (linked in the Quick Links above) for more details about how each phase will be graded.
Build It will be worth 100 points
Break It will be worth 100 points
Fix It will be worth 50 points
The assignment as a whole is worth 250 points. The top 50% of teams, based on contest score (see below), will be awarded an additional 10 points (4%). The top 3 of teams will be awarded an additional 5/3/1 point(s) respectively. The very top team will also receive adulation and eternal bragging rights.
To add an element of fun to the assignment, we will also be collecting scores for the Build It; Break It; Fix It contest. In each phase, your team will earn/lose points. You can see your (near) realtime standing on our Scoreboard.
Note that you are more than welcome to ignore the contest entirely. You can still get full credit for the assignment.
You’ll find more details about each phase in their dedicated pages. Here, we summarize the overall scoring system.
T
teams all exploited the same bug with a break type worth P points, then in
the Break It phase, you lost T*P
points. In this phase, if you fix the
underlying bug, you will regain (T-1)*P
points, so that in effect, you will
have only lost points once for the bug, rather than T
times. Similarly, if one
team submitted T
exploits that all exploited the same bug, you would (T-1)*P
points,
and they would lose (T-1)*P
points.Your final score (and hence final contest standing) will be the sum of your scores from all three phases.
General
Build It
Break It
Fix It