Information Assurance

Clay Shields


front | classes | research | personal | contact

Information Assurance

back to projects page

For this part of the secure programming project, you are going to examine other student's projects.
First, you need to verify that your code is working correctly and that the permissions are set.

To make sure we are using the correct accounts, your old secret id account will be deleted after class on Thursday. Before that time (4:15 PM on October 8th) you should do the following:

Place in your NEW secret id account (not the old one, which will be deleted):

  • Your executable code. This should have the suid bit set, and should be world readable and executable.
  • You source code, with any identifying information such as name or netid removed. This should be world readable.
  • The program should work for at least one user account given the password "swordfish" (without the quotes)
  • If you have chosen to use a configuration file it should be world readable.
  • A log file. It does not need to have any entries when started. It should be world readable.
  • The secret file people are trying to get access to. This should not be world readable. Choose some phrase to put in there. It isn't too important what it is, but keep it under 126 characters.
Once you have these in place, e-mail the instructor to test your set up. This should be done before class Thursday, October 8th.


On the 9th, we will start looking at each other's code. The code is of course in the accounts named user### on the ia-class machine. They should be accessible to you; if they are not, let the instructor know.

In each directory will be an anonymized project submission set up for you to test. Your goal is to examine all submissions other than your own to determine which programs you believe are breakable, by which I mean that you believe you can access the contents of the secret file without knowing the password. What to turn in:

  • For each program other than your own, a description of how you would attempt to break the security of the program.
  • A brief description of how you would recommend the user change their program to avoid the methods you would use to break it.
  • These comments will be shared with the author of the program to help them improve their work. Be constructive, no destructive.
  • Comments should be mailed to me before class on October 15th. Please keep comments in plain text format for ease of cutting and pasting on my end.