Programming Secure Software Systems
Case Study: Safe programming issues
Related outcomes from the unit outline:
1. Analyse the existence of vulnerabilities inherent in insecure software products
2. Assure quality by using elements of a secure framework
3. Judge the effectiveness of mitigation strategies for security vulnerabilities
Marks allocation: Worth 35% of the total mark for this unit
Due date: 30th of May at 11:59pm WST
Please ensure that you have read and understood the information on academic misconduct provided on BlackBoard.
Case Description: Vulnerability Detection, Analysis and Mitigation
The problem space is the File Transfer Protocol (FTP). You will be given some code samples to evaluate. You should:
• Provide a short discussion (2-3 pages) of the existing vulnerabilities in the protocol (5 marks)
• Clearly identify vulnerabilities in the code samples (5 marks)
• Describe and implement (i.e., modify the code) mitigations (10 marks)
• Amend the code (without introducing new vulnerabilities) by providing commandline parameters in place of the existing interface (5 marks)
• Referring back to the first point, demonstrate that, whilst your code may be now secure, the protocol itself is still insecure (5 marks)
• Discuss and implement (if possible) a secure implementation of the protocol by adding to your code. The objective is not to write new code, but to use existing libraries (5 marks)
• Ensure that your code compiles/links with gcc and runs within the Linux environment supplied in the unit
You should ask questions on the unit discussion board about the assignment in order to clarify ambiguities.
All sources of references must be cited (in text citation) and listed (end reference list). For details about referencing and the required format, please refer to the ECU Referencing Guide.
• Provide a zip file containing your assignment as a Word document. The assignment should contain your code. No other compression formats accepted. No other document formats accepted.
• You must include digital copies (in the zip file) of all references you cite in your assignment otherwise your assignment will not be accepted or assessed.
• Also include any external libraries if feasible or instructions for their installation.
• Separately (not in the zip file), provide the MD5 hash value of your assignment (Word) document. Submissions without a hash value will not be accepted or assessed.
• Your document must be in MS-Word format (.doc/.docx), body text 12 point Arial font, double spaced, fully justified and include page numbers.
• The document should include a title page and table of contents with page number one (1) starting after the table of contents.
• No executive summary or abstract required.
• The title page should not be numbered but the pages between the title page and the main body of the document should be numbered with lower case roman numerals.
• Any code should be 10 point Courier New, single spaced.
Marks will be deducted if you do not adhere to this style.