BEST代写-线上留学生作业代写 & 论文代写专家

成立于2015年的老牌留学生代写品牌-BEST代写提供超过百门冷热门留学学科的作业和论文代写服务。全网BEST原创,高质,准时的留学生代写。

C汇编安全测试代写 | 7CCSONSE (AY1920) Security Engineering

C汇编安全测试代写 | 7CCSONSE (AY1920) Security Engineering

本次英国代写是一个C汇编安全的限时测试

1. Consider the following C code fragment:

1 i n t
2 main ( i n t argc , cha r  a rgv )
3 {
4
5 i n t n ;
6
7 i f ( a r g c > 1)
8 n = f o o b a r ( a rgv [ 1 ] ) ;
9 i f ( n )
10 p r i n t f (” He l l o : %s (%d )\ n ” , a rgv [ 1 ] , n ) ;
11
12 e x i t ( n ) ;
13 }
14
15 i n t
16 f o o b a r ( cha r  a rg )
17 {
18
19 cha r msg [ 5 1 2 ] = { 0 , } ;
20
21 s t r c a t (msg , ” He l l o : ” ) ;
22 s n p r i n t f (msg + s t r l e n (” He l l o : ” ) , \
23 s i z e o f (msg ) s t r l e n (” He l l o : “) 1 , a rg ) ;
24 r e t u r n s t r l e n (msg ) ;
25 }

a. Give a thorough description of the program’s vulnerability. In particular,
name the vulnerability (1 mark) and provide a detailed overview of its
exploitation (3 marks). Then, identify and explain thoroughly all the
components that are involved in the exploit (4 marks).
[8 marks]

b. How would an attacker exploit the vulnerability? Hint: describe in detail
what the injection vector would look like (and what retaddr and retloc
the attacker may use). Use symbolic values and addresses when needed
(no need to write down the shellcode).
[10 marks]

c. Would StackGuard or a bounds checker mitigate the vulnerability (1
mark)? Explain clearly the reasons (4 marks).
[5 marks]

d. How can the program be fixed?
[2 marks]

2. A secure software development lifecycle requires security engineering to fit
into all the phases of the software development process.

a. In which way does security engineering fit into requirements, design,
implementation, and testing/assurance? Motivate your answer. [7]

b. What is a threat model and why is it important? [4]

c. Consider Leslie Lamport’s Gold Standard.

i. What is it? [2]
ii. Explain each of Lamport’s Gold Standard. [12]

bestdaixie

评论已关闭。