473,324 Members | 2,246 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

Safely executing student's code

Could someone point me to an example or at least outline of a solution
to the following problem:

I want to be able to compile the body of a method written in C++,
submitted by a possibly malicious CS student, and if it compiles
correctly execute it within a sandbox with limited privileges (e.g. no
I/O, or I/O only to certain directories).

I know Java and its security manager system pretty well, but I'm just
learning .NET. I know enough now see the outline of how to do this, but
what I'm unsure about is whether a sophisticated student could insert
commands into his C++ fragment that could subvert the security.
Generally you assume that any source could you have is trusted and it's
only object code/bytecode you need to verify. Here the source code
itself cannot be trusted.

Thanks,
Chris

Nov 21 '05 #1
6 1510
If you have the source code and it's not too big, gete a decent C++ dev to
go through it. If it's really huge, you could test out the compiled code on
a Virtual PC stub.
Though, if you don't trust the coder, I am surprised that you still want to
use his code.

--
Regards,
Nish [VC++ MVP]
"Chris" <ho******@cs.umass.edu> wrote in message
news:11**********************@g44g2000cwa.googlegr oups.com...
Could someone point me to an example or at least outline of a solution
to the following problem:

I want to be able to compile the body of a method written in C++,
submitted by a possibly malicious CS student, and if it compiles
correctly execute it within a sandbox with limited privileges (e.g. no
I/O, or I/O only to certain directories).

I know Java and its security manager system pretty well, but I'm just
learning .NET. I know enough now see the outline of how to do this, but
what I'm unsure about is whether a sophisticated student could insert
commands into his C++ fragment that could subvert the security.
Generally you assume that any source could you have is trusted and it's
only object code/bytecode you need to verify. Here the source code
itself cannot be trusted.

Thanks,
Chris

Nov 21 '05 #2
Nish,

The context is that this is part of an automated homework submission
and evaluation system. So, yes, the amount of code that I'm expecting
from any given student at any time is small, but manually inspecting
everything that comes in defeats the purpose of being automated!

I'm aware there are pure C/C++ answers to this problem, but using C++
in the .NET environment seems like a nicer solution, especially since I
hope the security management could work at a finer level so potentially
dangerous method calls are not completely forbidden but can be limited
to certain known directories or addresses.

Thanks again,
Chris

Nov 21 '05 #3
Chris wrote:
Nish,

The context is that this is part of an automated homework submission
and evaluation system. So, yes, the amount of code that I'm expecting
from any given student at any time is small, but manually inspecting
everything that comes in defeats the purpose of being automated!

I'm aware there are pure C/C++ answers to this problem, but using C++
in the .NET environment seems like a nicer solution, especially since I
hope the security management could work at a finer level so potentially
dangerous method calls are not completely forbidden but can be limited
to certain known directories or addresses.


Although it's hard to catch everything. What about providing your own library
for basic file I/O and other operations. If the application does not call for
them, you could just "fatal" the program if they occur. Ditto for things like
ShellExecute(), etc. It would be a bit of work to develop but would be useful
in the long run.

/steveA
--
Steve Alpert
my email Fgrir_Nycreg @ vqk.pbz is encrypted with ROT13 (www.rot13.org) and spaces

Nov 21 '05 #4
"Chris" <ho******@cs.umass.edu> wrote in message
news:11**********************@g44g2000cwa.googlegr oups.com...
Could someone point me to an example or at least outline of a solution
to the following problem:

I want to be able to compile the body of a method written in C++,
submitted by a possibly malicious CS student, and if it compiles
correctly execute it within a sandbox with limited privileges (e.g. no
I/O, or I/O only to certain directories).


Well, the expedient, less straighforward thing to do is to get yourself a
virtual machine. Microsoft's is here:

http://www.microsoft.com/windows/virtualpc/default.mspx

and VMWare's is here:

http://www.vmware.com/

Either will let you virtualize an _entire_ machine, virtual disks and all.
(I think that there are inexpensize academic versions of these products but
I am not sure).

Then run the student's compiled and linked assignment under the VM. The
worst he can do is trash a disk. But with either virtual machine you should
be able to copy the virtual disk - which is just a big file or files -
immediately after you install an operating system to some safe location. In
a pinch just copy the files back and the damage is undone.

The straightforward approach would involve creating an account with minimal
privileges for running students' assignments. Next you could deny access to
all folders on all drives except those you select. This is a security topic
and not a development one. Check this link

http://www.le.ac.uk/cc/dsss/docs/acls1.shtml

to get started. Then try posting again in a secirity focused group.

Once your directories are secure you could use the RunAs command to run the
students assignments using the credentials of the low rights account you
created:

http://www.microsoft.com/resources/d...-us/runas.mspx

or you could adopt a policy such that you never run those assignments except
when logged in to the low rights account.

Regards,
Will




Nov 21 '05 #5
If someone is experienced and bold enough to write some malicious code and
give it to the professor, they shouldn't be taking your class!

If I were you, I wouldn't be worried about it. A student is giving you a few
lines of code that's supposed to call a couple of classes or something.

A simple way to see if it does a little more than it is supposed to is to
check which headers are being used before you execute the program. If you see
a program using winsock.h or something, you know something's up.

If this isn't good enough, just create a dummy user with no IO rights or
rights to the registry and you can safely run the students code.

Cheers,
Mark.

"Chris" wrote:
Could someone point me to an example or at least outline of a solution
to the following problem:

I want to be able to compile the body of a method written in C++,
submitted by a possibly malicious CS student, and if it compiles
correctly execute it within a sandbox with limited privileges (e.g. no
I/O, or I/O only to certain directories).

I know Java and its security manager system pretty well, but I'm just
learning .NET. I know enough now see the outline of how to do this, but
what I'm unsure about is whether a sophisticated student could insert
commands into his C++ fragment that could subvert the security.
Generally you assume that any source could you have is trusted and it's
only object code/bytecode you need to verify. Here the source code
itself cannot be trusted.

Thanks,
Chris

Nov 21 '05 #6
Just for another 2 cents, I would definitely recommending doing what
Will offered up.

If you use VMWare (http://www.vmware.com/) you can make use of the
snapshot feature. That way if any students project tries writing or
doing something malicious to the os or the virtual disk and they
somehow are able to, no big deal just discard changes and reload the vm
again, no need to copy files or worry about security permissions, they
are in a solid sandbox. Its not going to be any easier that plus save
you alot of headaches.

I'm not sure myself if there are ways to get at any backdoor win32 API
that would completely ingnore any DLL security settings. It would seem
to make sense that could never be the case, but with the VM stuff its
not something you would have to worry about if it did happen.

Nov 23 '05 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

7
by: Rick Caborn | last post by:
Does anyone know of a way to execute sql code from a dynamically built text field? Before beginning, let me state that I know this db architecture is built solely for frustration and I hope to...
1
by: Nuno Morgadinho | last post by:
Hello all, I'm messing around with the Server Programming Interface and the particular example presented at: http://www.postgresql.org/docs/current/interactive/spi-examples.html Ideally, I...
3
by: Jamie Risk | last post by:
I'm attempting to improve some serially executing code (that uses the SerialPort class) bogging Windows down when it runs. To do the 'antibogging' I'm following the example from MSDN...
2
by: sallyk07 | last post by:
Modify the Student class so that each student object should also contain the scores for three tests. Provide a constructor that sets all instance values based on parameter values. Overload the...
3
by: Tony Girgenti | last post by:
Hello. Can i safely delete the files and folders in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files? Any help would be gratefully appreciated. Thanks, Tony
11
by: xxbabysue123xx | last post by:
Heres the problem: Create a class Student with instance data name, studentNumber, class (where class is a String containing one of the following: “Freshman”, “Sophomore”, “Junior”, “Senior”. ...
31
by: Warly girl | last post by:
Hi i have a qustion plz help me to understand and solve it Phase One Problem description You are required to implement a student registration system. The system keeps information about the...
4
by: withu4ever | last post by:
I learned how to use struct when I try to write a program i face some misstakes which I cant correct This is the program: ------------------------------------------------------- ...
16
by: Fett | last post by:
I am creating a program that requires some data that must be kept up to date. What I plan is to put this data up on a web-site then have the program periodically pull the data off the web-site. ...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.