People
Syllabus
Notes
Labs

CS 390S: Secure Programming

Labs

January 17: Buffer Overflow Lab
Due February 7 (3 weeks to do it, but start early!)
Overview:
  • Use the National Vulnerability Database to find a buffer overflow in an open source product
  • Find the lines of code responsible for the vulnerability
  • Suggest new code to fix the issue

Submit by email by February 7:
  1. The CVE identifier and CVE description
  2. The URL where you found the code
  3. The vulnerable code
  4. An explanation of why it's vulnerable
  5. Your code fix
  6. How long it took you to do this (as course workload feedback, not graded)
February 7: Shell Lab
Due March 28 (extended as the deadline for CS354 got pushed to March 9)
Overview:
  • Avoid vulnerabilities found in real shells
  • Implement umask

Submit by email by March 28:
  1. A list of the security functional requirements you managed to implement
  2. A description of how you managed to implement them
  3. The tests you used to make sure your implementation worked, and their output. The completeness and appropriateness of your tests will be graded.
  4. The relevant code
  5. How long it took you to do this (as course workload feedback, not graded)
Fall 2006 web site
Validate HTML