University of Minnesota
Introduction to Computer Security
index.php

Course assignments

Exercise set 1

Covering risk assessment, low-level attacks and defenses. Questions here (updated 5/13).

Question 5(a) was updated on 5/13 because the original version of the question was not compatible with the provided hint. Because we did not notice this problem until the last minute, we will accept either answers that produce 15 (as originally posted) or that produce 14 (as updated). Though if you thought you had an easy approach that produced 15 you may want to double check it.

Due on Canvas by Wednesday, February 13th at 11:59pm.

Hands-on assignment 1: Exploiting BCMTA

In this assignment you'll learn about binary-level and OS-level vulnerabilities within a buggy Linux program, and exploit them for fun and profit academic credit within a virtual machine.

Available now: assignment instructions (PDF), virtual machine instructions, BCECHO source code.

BCMTA source code:

VersionC source codeMakefile Patch from previous version Security advisory
1.3 bcmta.c Makefile bcmta-v1.3.patch TBA
1.2 bcmta.c Makefile bcmta-v1.2.patch BCSA-015
1.1 bcmta.c Makefile bcmta-v1.1.patch BCSA-014
1.0 bcmta.c Makefile bcmta-v1.0.patch BCSA-013
0.9 bcmta.c N/A N/A N/A

Commands for downloading a new version of BCMTA into your VM and recompiling (shown with version 1.3):

% cd /src
% sudo rm -f bcmta.c bcmta
% sudo wget http://www-users.cselabs.umn.edu/classes/Spring-2019/csci5271/ha1/v1.3/bcmta.c
% sudo make all
% sudo make install
% bcmta -v

Exercise set 2

Covering defensive programming and OS security. Questions here, C code for question 1. Due on the Canvas by Wednesday, February 27th at 11:59pm.

Exercise set 3

Covering cryptography. Questions here. Due on the Canvas by Wednesday, March 27th at 11:55pm.

Exercise set 4

Covering protocols, random numbers, web security, and networks. Questions here. Due on Canvas by Wednesday, April 10th at 11:59pm.

Hands-on assignment 2: Network and Web Exploits

In this assignment you'll learn about network-level and web software vulnerabilities within a buggy web server, and exploit them within a virtual machine to steal "secret" information. Due by 11:59pm on Monday, April 15th, on Canvas.

Available now: assignment instructions (PDF), virtual machine instructions. VMs are ready, and are accessible with the same hosts and group numbers you used for HA1.

Exercise set 5

Covering firewalls, malware and DoS, anonymity systems, and voting. Questions here. Due on Canvas by Wednesday, April 24th at 11:59pm.