COMP3911 Secure Computing Coursework This assignment presents you with two scenarios. Study each scenario, do the suggested experiments and answer the questions that follow. Before you begin, download foo.zip from the Coursework folder in the VLE and unpack it on one of the School's Linux machines. This will give you the executable foo, needed for Scenario 1. Note that the work for Scenario 1 must be done on School Linux machines and not on your own PC. The work for Scenario 2 merely requires a web browser and an Internet connection. 1 The Mystery Executable When foo is run, by entering ./foo in a terminal window, it prompts for a password. You'd like to know what it does after the correct password has been entered, but unfortunately you don't know what the correct password is! Imagine that you know the author of this program. You know that he is a fairly lazy C programmer who rarely does adequate error checking on program inputs. You know that he is equally lazy when it comes to choosing passwords. 1. Experiment with different inputs to the program. Try a sequence of seven x characters as the input. Repeat this trial, increasing the length of the sequence by few x characters each time. (a) What happens eventually, as you increase the input length? How long did the input get before you saw a change, and what is the exact output that you now see?[3 marks] (b) With reference to possible implementations of the program, explain how it is possible to bypass authentication in this manner. Hint: Think about the code needed to store the user's input and the expected password, and how the two strings might be compared by the program.[7 marks] (c) How could this vulnerability be fixed? Use a small fragment of code to illustrate your answer. [3 marks] 2. Describe a different approach that could be used to attack this program. Your approach should involve the executable only and not its author! Be concise, but give enough detail that someone could use your description to implement the attack. Note that there is more than one way of answering this, and we will accept answers other than the obvious one. Feel free to speculate about the nature of the implementation when devising your approach, but include any assumptions you make as part of your answer.[5 marks] 2 The Unfortunate Broadband Provider For context, please read the news articles at the following URLs before proceeding further. http://www.bbc.co.uk/news/uk-34611857 http://www.bbc.co.uk/news/technology-34636308 Now visit http://pythoneer.pythonanywhere.com, a simulation of the site described in the news articles. Imagine that you are Mr A Smith, a customer who has the username aps and the sadly alltoo-plausible password abcd1234 (remember: PEBKAC!. . . ) Login with these credentials, to see how the site behaves under normal circumstances, then log out again. 1. Try a User ID of "aps' -- ", without the enclosing quotes, and no password. What happens? Explain why you see this behaviour, with reference to the possible implementation of authentication in this web application.[5 marks] 12. Input can be further modified in such a way that it is possible to display the details of all customers, without the need to supply a password or even a valid username. Try this now1 . (Hint: use SQL's OR clause to help you.) Write down the input that you used, along with answers to the following questions: • Who is the lucky individual who has Fibre Broadband? • What is Ms Jones' card number? • Who is the customer with account number 17875? Finally, explain how this modified attack works, again with reference to the possible implementation of the web application.[9 marks] 3. Given that this web application is written in Python using standard library modules, explain the code changes needed to fix the problem. (See http://docs.python.org/library/ for the relevant standard library documentation.)[4 marks] Submission Your write-up should be 2–3 pages in length and must take the form of a PDF document; any other format will be penalised. It is possible to do all kinds of things with this application, some of which would mess it up for others attempting to do the coursework! Please respect them and rein in your experimental urges accordingly. . . 1 WARNING: 2