Assignment 4 — Secure Programming 2019
Part 1 — 20%
Describe how you found the password for this assignment. Include all software you wrote for that in the folder part1 in your submission.
Part 2 — 40%
For this part your task is to fuzz three versions of a calculator. You can use any fuzzing tool available online or develop your own tools. Two recommended tools are libfuzzer (https://llvm.org/docs/LibFuzzer.html) and american fuzzy lop (http://lcamtuf.coredump.cx/afl/).
The software to fuzz is in the file bignums.tgz in the assignment page. It consists of a folder called bignums that contains ten subfolders, BigNum-0–BigNum-9, each of which contains the code for a reverse- Polish-notation calculator calc. Typing make in each of the folders builds the calc software.
Word
Description
Decimal number
Decimal numbers consist of a sequence of one or more decimal digits (‘0’–’9’). Some of the programs accept signed numbers, where a sign (‘-‘ or ‘+’) precede the digits. Others treat signed numbers as errors. When processed, the input number is converted into a bignum which is pushed to the stack.
+, -, or *
Pops two values from the stack and pushes their sum, difference, or product back to the stack. in the case of subtraction, the bignum at the stack top is subtracted from the value below it. For example, the sequence ”5 3 -” leaves the number 2 at the top of the stack.
In programs that do not accept signed numbers, subtracting a large number from a smaller number results in 0.
dup
Copies the value of the bignum at the top of the stack and pushes the duplicate value into the stack.
pop
Pops a bignum from the top of the stack.
print
Prints the value of the bignum at the top of the stack followed by a newline (‘
’).
swap
Swaps the order of the two bignums at the top of the stack.
dump
Prints the contents of the stack, one bignum per line, starting from the stack top. The stack is not modified.
clear
Clears the stack.
Here are a few examples of input and expected output:
1
Input Output
3 5 + print 8 3
5 + print 8 3dup*printdup*printdup*print 9
81
6561 3 5 – print 0or-2
You should fuzz three of these implementations. To determine which of those you need to fuzz, use the least significant digits of your a number. Thus, students a1111400 and a1712410 should both fuzz BigNum-0, BigNum-1, and BigNum-4. The aim of the fuzzing is to test the robustness of the calculator, i.e. to find inputs that cause crashes or hangs. You are not expected to test the code for correctness.
In answers.pdf please submit a description of what you have done and what you have found. (Up to two pages of text.) Also, please submit any software or configuration files you created for this part of the assignment in the sub-folder part2.
Part 3 — 30%
In this part you will mount a side-channel attack against an implementation of modular exponentiation. The application to attack is num.c, which you can find in the tar file ybn.tgz, available in the assignment’s web page. The program calculates a single modular exponentiation with hard-coded base, exponent and modulus. We recommend that you use the Mastik toolkit (https://cs.adelaide.edu.au/~yval/Mastik/) for the attack, but this is not a requirement. You may use any other software, but must credit the source.
Your task is to implement a side-channel attack, and analyse the side-channel information to identify the success rate, i.e. the average number of exponent bits correctly leaked from the execution of the attack. Please describe the attack and the results in answers.pdf.
Note that because the exponent is hardcoded in the binary (and because you have access to the source code) using a side-channel attack is not the most efficient method of extracting the exponent. The assignment simulates a situation where you do not have such a level of access to the binary. You should use a side-channel attack!
Part 4 — 10%
Modify ybn modexp() to mitigate all microarchitectural side-channel attacks, under the assumption that all of the other functions in ybn.c have constant-time implementations.1 Note that defending only against the attack you implemented is not enough.
Notes on Mastik
We have only tested Mastik with Intel Core processors. Mastik does not work well with AMD processors, may have problems with non-Core processors (e.g. we are aware of problems on some Atom or Celeron processors). It does not work at all with ARM processors. The machines in the computer labs are ok. Last, Mastik may fail in some virtual machine configurations. It is highly recommended that you run Mastik from a Linux host. If your machine is running another operating system, you may want to create a dual-boot configuration or get a live Linux distribution.
When building Mastik on your machine, you want to have the development packages of libbfd, libelf,
and libdwarf installed. On RedHat-like distributions (CentOs, Fedora, etc.) install the packages binutils-devel and libdwarf-devel. On Debian releases (e.g. Ubuntu) install binutils-dev, libdwarf-dev, and libelf-dev.
1The provided implementations are not constant time, but you do not need to worry about this.
2
Submission Instructions
You should submit a .tar or a .tgz archive. The archive should contain a single directory, whose name is your student a-number. In that directory, we expect to find four items:
• A text file named info.txt, which contains two lines. The first line is your name, and the second is your student number.
• A PDF document named answers.pdf, which contains the documentation you are asked for. The file should be typed-up, i.e. scanning a handwritten paper is not acceptable. Also, the file must be a PDF document. Text or Word documents are not acceptable, even if you changed the extension to .pdf.
• A folder named part1 with any program you used for solving Part 1 of this assignment. We do not check the code for programming quality or for style. Whatever works works.
• A folder named part2 with the software and configuration files you created for this project.
• A folder named part4 with the fixed version of ybn modexp().
3
Reviews
There are no reviews yet.