Best代写-最专业靠谱代写IT | CS | 留学生作业 | 编程代写Java | Python |C/C++ | PHP | Matlab | Assignment Project Homework代写

计算机安全代写|CSE 127 – PA1: Buffer Overflows

计算机安全代写|CSE 127 – PA1: Buffer Overflows



This is a group project; you can work in a team of size at most two and submit one project per team.
You are not required to work with the same partner on every project. You and your partner should
collaborate closely on each part.
You have two late days that you may use to turn in work past the deadline over the entire quarter. A
late day is a contiguous 24-hour period. Both you and your partner will be charged for every late day
that you use, and you both must have late days to use them. These late days are intended to cover
your extension needs for usual circumstances: brief ilness, busy with other classes, interviews, travel,
extracurricular conflicts, and so on. You do not need to ask permission to use a late day.
The code and other answers you submit must be entirely your team’s own work. You may discuss the
conceptualization of the project and the meaning of the questions, but you may not look at any part
of someone else’s solution or collaborate with anyone other than your partner. You may consult
published references, provided that you appropriately cite them (e.g. with program comments).
Solutions must be submitted to Gradescope.


This project will introduce you to control-flow hijacking vulnerabilities in application software,
including buffer overflows. We will provide a series of vulnerable programs and a virtual machine
environment in which you will develop exploits.


●Be able to identify and avoid buffer overflow vulnerabilities in native code.
●Understand the severity of buffer overflows and the necessity of standard defenses.
●Understand the mechanics of buffer overflow exploitation.

Read this first!

This project asks you to develop attacks and test them in a virtual machine you control. Attempting
the same kinds of attacks against others’ systems without authorization is prohibited by law and
university policies and may result in fines, expulsion, and jail time. You must not attack anyone else’s
system without authorization! You are required to respect the privacy and property rights of others
at all times, or else you will fail the course.


●Resources and Guidelines
●Submission Details
●Frequently Asked Questions
Alice’s company Security4All is having one of their periodic security audits taking place today. The
software used for this purpose (from an external firm called Mandiant) has flagged a bunch of code
snippets across various Security4All projects as potentially being unsafe. Unfortunately for Alice, 8 of
the flagged threats belongs to projects under her ownership. However, before Alice can patch the ;
security bugs, she wants to verify that the threats detected are indeed exploitable, and not false
Alice was super happy with your assistance helping her fix the compiler bug last week, and asks for your
help again. Your task is to help Alice develop working exploits for each of the threats flagged by the
software tool.
Happy Hacking!