Create multiple test cases, One test per issue

/in /by

Part 1

Instructions:

https://github.com/SeattleTestbed/docs/blob/master/EducationalAssignments/ABStoragePartOne.md

Important:

1. Your security layer should produce no output!

2. Remember that filenames can only contain lowercase letters and numbers.

3. Your reference monitor should be named as reference_monitor_hl3475.r2py

4. For extra credit turn in a second repy file called extra_credit_hl3475.r2py

5. DO NOT put them together in a zip file. Upload them as separate files.

https://github.com/SeattleTestbed/docs/blob/master/EducationalAssignments/ABStoragePartOne.md

Part 2

Attack Reference Monitors

● Goal: Better understand security mechanisms

● Task: Attack other students’ Assignment 2, Part 1 reference monitors

● Create multiple test cases, One test per issue

– Must output only when a bug is found

– Accuracy bug

– Security bug

– If your test is wrong, you will lose points!

– Refer to the instructions on the web

page:

https://github.com/SeattleTestbed/docs/blob/master/EducationalAssignments/A

BStoragePartTwo.md

Extra credit:

Find bugs in the extra credit reference monitors given the altered threat model. You should include

more test cases in the extra credit!

How to run your tests on many reference monitors:

If you are using Mac or Linux, you can do something like the following:

– Put all security layer and attack cases in the same directory you were using before to run

single security layer and attack program.

Then you can type the following in the bash shell to execute the testcases with the reference

monitors:

for referencemonitor in reference_*; do for testcase in hl3475_*.r2py;

do python repy.py restrictions.default encasementlib.r2py $referencemo

nitor $testcase; done; done

What to turn in:

Turn in the test cases used to attack the reference monitors in a zip file. The name of

each testcase must start with your NetID (hl3475) in lowercase followed by an underscore. For

example: abc321_securitytest1.r2py

Optionally turn in the test cases used to attack the extra credit reference monitors in a

separate zip file. Note that in this case, you can expect that your code is run more than once.

In the name of the file, say if it needs to be run multiple times. For

example: abc123_run_twice_metadata_removal.r2py

Note:

openfile() and exitall() should not be used for the testcases

Part 3

Fix your reference monitor (from Assignment 2 Part 1) so that none of the attack programs (test

cases) can bypass it. There should be no accuracy/security bugs. Also, if there are any other bugs in

the program that the test cases have not found, fix them too.

Assignment Link

at:

https://github.com/SeattleTestbed/docs/blob/master/EducationalAssignments/ABStoragePartThre

e.md

The test cases have been attached. If anybody’s test cases are missing, please inform

us immediately. I will start to run test cases against monitors soon, so please make sure your test

cases are present in the attachment.

Also, if you find any test cases which are meant for the extra credit reference monitors, you may

ignore them.

What to submit:

1. The corrected reference monitor (named reference_monitor_[netid].r2py)

2. Your security layer should produce no output!!