University of Minnesota
Introduction to Computer Security
index.php

Course assignments

Exercise set 1

Covering risk assessment, low-level attacks and defenses. Questions here.

Due on Canvas by Wednesday, September 25th at 11:59pm.

Hands-on assignment 1: Exploiting BCMTA

In this assignment you'll learn about binary-level and OS-level vulnerabilities within a buggy Linux program, and exploit them for fun and profit academic credit within a virtual machine.

Available now: assignment instructions (PDF), virtual machine instructions. BCECHO source code.

BCMTA source code:

VersionC source codeMakefile Patch from previous version Security advisory
2.0 bcmta.c Makefile N/A BCSA-016
2.1 bcmta.c Makefile bcmta-v2.1.patch BCSA-017
2.2 bcmta.c Makefile bcmta-v2.2.patch BCSA-018
2.3 bcmta.c Makefile bcmta-v2.3.patch BCSA-019
2.4 bcmta.c Makefile bcmta-v2.4.patch TBA

Commands for downloading a new version of BCMTA into your VM and recompiling (shown with version 2.4):

% cd /src
% sudo rm -f Makefile bcecho.c bcmta.c bcmta
% sudo wget http://www-users.cselabs.umn.edu/classes/Fall-2019/csci5271/ha1/v2.4/{bcmta.c,bcecho.c,Makefile}
% sudo make all bcecho
% sudo make install 
% bcmta -v

Exercise set 2

Covering defensive programming and OS security. Questions here, C code for question 1. Due on the Canvas by Wednesday, October 16th at 11:59pm.

Exercise set 3

Covering cryptography. Questions here. Due on the Canvas by Wednesday, November 6th at 11:59pm. (Corrected 10/30: the maximum number of students in a group is 3, the same as other exercise sets.)

Hands-on assignment 2: Network and Web Exploits

In this assignment you'll learn about network-level and web software vulnerabilities within a buggy web server, and exploit them within a virtual machine to steal "secret" information. Due by 11:59pm on Friday, November 22nd, on Canvas.

Available now: assignment instructions (PDF), virtual machine instructions.

Exercise set 4

Covering random numbers, web security, and networks. Questions here. Due on Canvas by Wednesday, November 20th at 11:59pm.

Exercise set 5

Covering malware, DoS, anonymity systems, and voting. Questions here. Due on Canvas by Friday, December 6th at 11:59pm.