University of Minnesota
Introduction to Computer Security
index.php

Course assignments

Exercise set 1

Covering risk assessment, low-level attacks and defenses. Questions here. Due on the course Moodle by Thursday, September 28th at 11:55pm.

Hands-on assignment 1: Exploiting BCVI

In this assignment you'll learn about binary-level and OS-level vulnerabilities within a buggy Linux program, and exploit them for fun and profit academic credit within a virtual machine.

Available now: assignment instructions (PDF), BCECHO source code, virtual machine instructions.

BCVI source code:

VersionC source codeMakefile Patch from previous version Security advisory
1.4 bcvi.c Makefile bcvi-1.4.patch ...
1.3 bcvi.c Makefile bcvi-1.3.patch BCSA-012
1.2 bcvi.c Makefile bcvi-1.2.patch BCSA-011
1.1 bcvi.c Makefile bcvi-1.1.patch BCSA-010
1.0 bcvi.c N/A BCSA-009

Commands for downloading a new version of BCVI into your VM and recompiling (shown with version 1.4):

% cd /src
% sudo rm -f Makefile bcvi.c bcecho.c
% sudo rm -f {,sudo}bcvi{,64}
% sudo wget http://www-users.cselabs.umn.edu/classes/Fall-2017/csci5271/ha1/v1.4/{Makefile,bcvi.c,bcecho.c}
% sudo make all bcecho
% sudo make install
% bcvi /dev/null

Exercise set 2

Covering defensive programming and OS security. Questions here, C code for question 1. Due on the course Moodle by Thursday, October 12th at 11:55pm.

The cutoff date for late submissions is slightly earlier than usual, 11:55pm on Saturday the 14th instead of Sunday the 15th, so you can discuss the solutions with other students or the staff before the midterm.

Exercise set 3

Covering cryptography. Questions here. Due on the course Moodle by Thursday, November 9th at 11:55pm.

In this assignment you'll learn about binary-level and OS-level vulnerabilities within a buggy Linux program, and exploit them for fun and profit academic credit within a virtual machine.

Hands-on assignment 2: Network and Web Exploits

In this assignment you'll learn about network-level and web software vulnerabilities within a buggy web server, and exploit them within a virtual machine to steal "secret" information. Due by 11:55pm on Friday, November 17th, on the Moodle.

Available now: assignment instructions (PDF),virtual machine instructions (VMs are ready!). Please register your group for HA2 with Se Eun (seoh@umn.edu) even if you keep your HA1 group for HA2.

Exercise set 4

Covering random numbers, middleboxes, and networks. Questions here. Due on the course Moodle by Tuesday, November 28th at 11:55pm.

Exercise set 5

Covering XSS, malware and DoS, anonymity systems, and voting. Questions here. Due on the course Moodle by Tuesday, December 12th at 11:55pm.