Introduction to Information Assurance - S20

CSE 365

Assignment 2

Assignment 2 is due 2/10/20 on or before 11:59:59pm MST.

Part 1 — Bandit v2 (10 points)

For a future homework assignment you will be hacking on a Linux server. The goal of this assignment is to familiarize yourself with accessing a Linux environment via SSH, along with developing skills on command line interaction and wargames.

First, register for a wechall account. You will need to submit your wechall username so that we can track your progress on the levels. After registering, you will need to link OverTheWire.org to your wechall account by doing the following:

  1. Click “Account” on the top of wechall.net
  2. Clink on the “Linked Sites” button
  3. On the “Select a site” dropdown, select “OverTheWire.org”
  4. Then click the “Link Site” button

Now, OverTheWire.org should show up in your list of linked sites, and we will be able to track your progress on Bandit from your user profile.

Then, the goal is to solve levels 5–10 (in other words reach level 11) on the overthewire.org Bandit challenges.

Before you start, be sure to read how to register your bandit progress with wechall and do so. This way, your bandit progress will be captured on wechall, which we will use to grade your progress.

Also, keep track in your README how you solved each level.

Note that Bandit is an open system, and the goal of this assignment is to practice and develop your own skills, so be honorable and do not read walkthroughs.

Submission Instructions

Submit on GradeScope the file README to gradescope. Note: you must include the following line in your README (replace the INSERT_WECHALL_NAME_HERE will your wechall username), or else the autograder won’t be able to give you a grade:

wechall name: INSERT_WECHALL_NAME_HERE

Part 2 — Secure this house (90 points)

Your goal is to write, in any language, a program which implements the given security policy. The security policy will be based on our in-class discussion of the security policy for a house.

The name of your house simulator will be called secure_house.

Policy

Only users with an authorized key can enter the house. To enter the house, the user must first put their key in the lock, then turn the lock, then enter the house, only if the key is valid. A house can be rekeyed with new keys only by the owner, and only if the owner is inside the house.

Firefighters can enter with the secret key (literal string) FIREFIGHTER_SECRET_KEY.

The lock will always be accessed in the following way: insert key, turn the lock, then enter the house (it is not guaranteed that it is the same user, however). Other commands can be issued in between insert, turn, and enter, however they do not affect the lock state.

Testing if a key is valid is done when the lock is turned.

Interface

You must implement the following command-line interface for your server:

./secure_house <owner_name> <key_1> <key_2> ... <key_n>

where <owner_name> is the name of the owner, and <key_1> through <key_n> are all authorized keys for the house.

All inputs to the program (keys and names) will be [a-zA-Z0-9_\-] (alphanumeric, underscore, and dash). All matching is case-sensitive.

The input to your program (on standard input) will be a series of events separated by a newline. Your program must track these events and respond appropriately, while enforcing the security policy.

Every input will end in a newline, and every response must end in a newline.

INSERT KEY <user_name> <key>

<user_name> inserts key key into the door. Response should be: KEY <key> INSERTED BY <user_name>

TURN KEY <user_name>

<user_name> turns the key in the door. Possible responses are: SUCCESS <user_name> TURNS KEY <key> or FAILURE <user_name> UNABLE TO TURN KEY <key>

ENTER HOUSE <user_name>

<user_name> enters the house. Possible responses are: ACCESS DENIED or ACCESS ALLOWED.

WHO'S INSIDE?

Who is currently inside the house? Response must be a comma-separated list of user names, ordered by access time (earlier access first): <user_name_1>, <user_name_2>, <user_name_3>... or NOBODY HOME if there are no users in the house.

CHANGE LOCKS <user_name> <key_1> <key_2> ... <key_n>

<user_name> wishes to rekey the house with new given keys <key_1>, <key_2>, ..., <key_n>. Possible responses are: ACCESS DENIED or OK

LEAVE HOUSE <user_name>

<user_name> leaves the house. Possible responses are: OK or <user_name> NOT HERE

If any events are received that are not according to this specification, the response must be: ERROR.

Example

Running the program as follows:

./secure_house selina foobar

Given the input:

INSERT KEY adam key
TURN KEY adam
ENTER HOUSE adam
INSERT KEY pat foobar
TURN KEY pat
ENTER HOUSE pat
WHO'S INSIDE?

The program will produce the following output:

KEY key INSERTED BY adam
FAILURE adam UNABLE TO TURN KEY key
ACCESS DENIED
KEY foobar INSERTED BY pat
SUCCESS pat TURNS KEY foobar
ACCESS ALLOWED
pat

Implementation

Your program must work on Ubuntu 18.04 64-bit with the default packages installed. You’ll probably need to set up a virtual machine to do your development. VirtualBox is a free and open-source VM system.

We’ve created a test script called test.sh to help you test your program before submitting.

  1. Download test.sh to the directory where your code lives (including README and Makefile).
  2. Ensure that test.sh is executable: chmod +x test.sh
  3. Run: ./test.sh

There is also a test_debug.sh that gives you the output of your program. This can help you with debugging when the program appears to work from the command line, but not in the test.sh script (it’s happened before).

Your program must be able to accept arbitrarily large input (and this will be tested by the autograder).

Submission Instructions

Submit on GradeScope your source code, along with a Makefile and README. The Makefile must create your executable, called secure_house, when the command make is ran. Your README file must be plain text and should contain your name, ASU ID, and a description of how your program works.