Could someone point me to an example or at least outline of a solution
to the following problem:
I want to be able to compile the body of a method written in C++,
submitted by a possibly malicious CS student, and if it compiles
correctly execute it within a sandbox with limited privileges (e.g. no
I/O, or I/O only to certain directories).
I know Java and its security manager system pretty well, but I'm just
learning .NET. I know enough now see the outline of how to do this, but
what I'm unsure about is whether a sophisticated student could insert
commands into his C++ fragment that could subvert the security.
Generally you assume that any source could you have is trusted and it's
only object code/bytecode you need to verify. Here the source code
itself cannot be trusted.
Thanks,
Chris 6 1522
If you have the source code and it's not too big, gete a decent C++ dev to
go through it. If it's really huge, you could test out the compiled code on
a Virtual PC stub.
Though, if you don't trust the coder, I am surprised that you still want to
use his code.
--
Regards,
Nish [VC++ MVP]
"Chris" <ho******@cs.um ass.edu> wrote in message
news:11******** **************@ g44g2000cwa.goo glegroups.com.. . Could someone point me to an example or at least outline of a solution to the following problem:
I want to be able to compile the body of a method written in C++, submitted by a possibly malicious CS student, and if it compiles correctly execute it within a sandbox with limited privileges (e.g. no I/O, or I/O only to certain directories).
I know Java and its security manager system pretty well, but I'm just learning .NET. I know enough now see the outline of how to do this, but what I'm unsure about is whether a sophisticated student could insert commands into his C++ fragment that could subvert the security. Generally you assume that any source could you have is trusted and it's only object code/bytecode you need to verify. Here the source code itself cannot be trusted.
Thanks, Chris
Nish,
The context is that this is part of an automated homework submission
and evaluation system. So, yes, the amount of code that I'm expecting
from any given student at any time is small, but manually inspecting
everything that comes in defeats the purpose of being automated!
I'm aware there are pure C/C++ answers to this problem, but using C++
in the .NET environment seems like a nicer solution, especially since I
hope the security management could work at a finer level so potentially
dangerous method calls are not completely forbidden but can be limited
to certain known directories or addresses.
Thanks again,
Chris
Chris wrote: Nish,
The context is that this is part of an automated homework submission and evaluation system. So, yes, the amount of code that I'm expecting from any given student at any time is small, but manually inspecting everything that comes in defeats the purpose of being automated!
I'm aware there are pure C/C++ answers to this problem, but using C++ in the .NET environment seems like a nicer solution, especially since I hope the security management could work at a finer level so potentially dangerous method calls are not completely forbidden but can be limited to certain known directories or addresses.
Although it's hard to catch everything. What about providing your own library
for basic file I/O and other operations. If the application does not call for
them, you could just "fatal" the program if they occur. Ditto for things like
ShellExecute(), etc. It would be a bit of work to develop but would be useful
in the long run.
/steveA
--
Steve Alpert
my email Fgrir_Nycreg @ vqk.pbz is encrypted with ROT13 ( www.rot13.org) and spaces
"Chris" <ho******@cs.um ass.edu> wrote in message
news:11******** **************@ g44g2000cwa.goo glegroups.com.. . Could someone point me to an example or at least outline of a solution to the following problem:
I want to be able to compile the body of a method written in C++, submitted by a possibly malicious CS student, and if it compiles correctly execute it within a sandbox with limited privileges (e.g. no I/O, or I/O only to certain directories).
Well, the expedient, less straighforward thing to do is to get yourself a
virtual machine. Microsoft's is here: http://www.microsoft.com/windows/virtualpc/default.mspx
and VMWare's is here: http://www.vmware.com/
Either will let you virtualize an _entire_ machine, virtual disks and all.
(I think that there are inexpensize academic versions of these products but
I am not sure).
Then run the student's compiled and linked assignment under the VM. The
worst he can do is trash a disk. But with either virtual machine you should
be able to copy the virtual disk - which is just a big file or files -
immediately after you install an operating system to some safe location. In
a pinch just copy the files back and the damage is undone.
The straightforward approach would involve creating an account with minimal
privileges for running students' assignments. Next you could deny access to
all folders on all drives except those you select. This is a security topic
and not a development one. Check this link http://www.le.ac.uk/cc/dsss/docs/acls1.shtml
to get started. Then try posting again in a secirity focused group.
Once your directories are secure you could use the RunAs command to run the
students assignments using the credentials of the low rights account you
created: http://www.microsoft.com/resources/d...-us/runas.mspx
or you could adopt a policy such that you never run those assignments except
when logged in to the low rights account.
Regards,
Will
If someone is experienced and bold enough to write some malicious code and
give it to the professor, they shouldn't be taking your class!
If I were you, I wouldn't be worried about it. A student is giving you a few
lines of code that's supposed to call a couple of classes or something.
A simple way to see if it does a little more than it is supposed to is to
check which headers are being used before you execute the program. If you see
a program using winsock.h or something, you know something's up.
If this isn't good enough, just create a dummy user with no IO rights or
rights to the registry and you can safely run the students code.
Cheers,
Mark.
"Chris" wrote: Could someone point me to an example or at least outline of a solution to the following problem:
I want to be able to compile the body of a method written in C++, submitted by a possibly malicious CS student, and if it compiles correctly execute it within a sandbox with limited privileges (e.g. no I/O, or I/O only to certain directories).
I know Java and its security manager system pretty well, but I'm just learning .NET. I know enough now see the outline of how to do this, but what I'm unsure about is whether a sophisticated student could insert commands into his C++ fragment that could subvert the security. Generally you assume that any source could you have is trusted and it's only object code/bytecode you need to verify. Here the source code itself cannot be trusted.
Thanks, Chris
Just for another 2 cents, I would definitely recommending doing what
Will offered up.
If you use VMWare ( http://www.vmware.com/) you can make use of the
snapshot feature. That way if any students project tries writing or
doing something malicious to the os or the virtual disk and they
somehow are able to, no big deal just discard changes and reload the vm
again, no need to copy files or worry about security permissions, they
are in a solid sandbox. Its not going to be any easier that plus save
you alot of headaches.
I'm not sure myself if there are ways to get at any backdoor win32 API
that would completely ingnore any DLL security settings. It would seem
to make sense that could never be the case, but with the VM stuff its
not something you would have to worry about if it did happen. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Rick Caborn |
last post by:
Does anyone know of a way to execute sql code from a dynamically built
text field?
Before beginning, let me state that I know this db architecture is
built solely for frustration and I hope to make it better soon.
Unfortunately, there is never a non-crucial time in which we can do an
upgrade, so we are stuck for now.
Point 1:
There are...
|
by: Nuno Morgadinho |
last post by:
Hello all,
I'm messing around with the Server Programming Interface and the
particular example presented at:
http://www.postgresql.org/docs/current/interactive/spi-examples.html
Ideally, I would want to make the example function return the
information as a "set" and not through elog() so I can later access it
and print it using PHP.
|
by: Jamie Risk |
last post by:
I'm attempting to improve some serially executing code (that
uses the SerialPort class) bogging Windows down when it runs.
To do the 'antibogging' I'm following the example from MSDN
Windows.IO.Ports.SerialPort page and use threading.
I'm not sure if I'm creating problems with this implementation
and would appreciate your input.
The...
|
by: sallyk07 |
last post by:
Modify the Student class so that each student object should also contain the scores for three tests. Provide a constructor that sets all instance values based on parameter values. Overload the constructor such that each test score is assumed to initially be zero. Provide a method called setTestScore that accepts two parameters: the test number (1...
|
by: Tony Girgenti |
last post by:
Hello.
Can i safely delete the files and folders in
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files?
Any help would be gratefully appreciated.
Thanks,
Tony
| |
by: xxbabysue123xx |
last post by:
Heres the problem:
Create a class Student with instance data name, studentNumber, class (where class is a String containing one of the following: “Freshman”, “Sophomore”, “Junior”, “Senior”.
Make the class implement the Comparable interface. Include a toString method.
Write a driver program to demonstrate your work.
Instantiate several...
|
by: Warly girl |
last post by:
Hi
i have a qustion plz help me to understand and solve it
Phase One Problem description
You are required to implement a student registration system. The system keeps information about the students including their id, which is an automatic number issued by the system, a name, and current number of courses. It is important to keep the count...
|
by: withu4ever |
last post by:
I learned how to use struct when I try to write a program i face some misstakes which I cant correct
This is the program:
-------------------------------------------------------
#include<stdio.h>
#include<string.h>
main()
{int nu,i; /* nu is number of student */
|
by: Fett |
last post by:
I am creating a program that requires some data that must be kept up
to date. What I plan is to put this data up on a web-site then have
the program periodically pull the data off the web-site.
My problem is that when I pull the data (currently stored as a
dictionary on the site) off the site, it is a string, I can use eval()
to make that...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it. ...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in...
| |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |