Assignment 3
Objective
The objective of this assignment is to provide you the opportunity to apply secure software
development concepts studied in class.
Task 1 (50 points)
Answer the following questions.
1. The following program is vulnerable to a buffer overflow (assuming the absence of automated
defenses like ASLR, etc.).
a. What is the name of the buffer that can be overflowed?
b. What line of code can overflow the vulnerable buffer?
c. Recall the vulnerable overflow from the previous two questions. We can change one line of
code and make the buffer overrun go away. Which one-line change will eliminate the
vulnerability?
d. Which of the attacks that we studied do you think the program is susceptible to?
e. If we changed printf("%s",buf) to printf(buf) then the program would be
vulnerable to what sort of attack?
2. Recall Heartbleed attack.
a. What type of exploitation of the Heartbleed bug permits?
b. Why is it that anti-virus scanners would not have found an exploitation of Heartbleed?
3. Consider the following code:
char *foo(char *buf) {
 char *x = buf +s trlen(buf);
 char *y = buf;
 while (y != x) {
 if (*y == 'r')
 break;
 y++;
 }
 return y;
 }
 void bar() {
 char input[10] = "test123";
 foo(input);
 }
The definition of spatial safety models pointers as capabilities, which are triples (p,b,e) where
p is the pointer, b is the base of the memory region the pointer is allowed to access, and e is
the extent of that region. Assuming characters are 1 byte in size, what is a triple (p,b,e) for the
variable y when it is returned at the end of the code?
4. In a return-oriented program (ROP), what is the role of the stack pointer?
5. A colleague proposes using a heap allocator that randomizes the addresses of allocated objects.
What is the impact of this design on security and performance?
6. Recall that classic enforcement of CFI requires adding labels prior to branch targets, and adding
code prior to the branch that checks the label to see if it's the one that is expected. Now consider
the following program:
To ensure that the instrumented program runs correctly when not being attacked, which of the
following functions would have to be given the same label?
7. Suppose you design software for a bank and the bank's customers may remotely log into its site
using commodity PCs. Which threat model (network-only, snooping, co-located) makes the most
sense for you to consider, when designing the bank's site? Briefly explain.
8. Suppose that x and y in the following program are symbolic. When the symbolic executor
reaches the line that prints "Hi" what will the path condition be?
/* assume x and y are both symbolic */
void foo(int x, int y) {
 if (x > 5)
 if (y > 7) {
 printf("here ");
 } else {
 if (x < 20)
printf("Hi ");
 else
printf("Bye ");
 }
}
9. Suppose that x in the following program is symbolic. When the symbolic executor reaches the
line that prints "now" what will the path condition be?
void bar(int x) {
 int z;
 if (x > 5)
 z = 5;
 else
 z = 1;
 if (z > 3)
 printf("now ");
}
10. Which of the following styles of fuzzer is more likely to explore paths covering every line of
code in the following program?
• Black Box
• Grammar based
• White Box
Task 2 (50 points)
Research the design of the Google Fuchsia OS (please do more than just reading Wikipedia). The code is
available here: https://fuchsia.googlesource.com.
Describe the techniques (studied in class and those that were not discussed in class) that this new OS uses
for security. For this task write a 3-page report. Include your references.
Deliverable and Grading
Upload your written report to D2L “Homework3” folder. For task1, each question is worth 5 points.

请加QQ：99515681  邮箱：99515681@qq.com   WX：codinghelp