CSE 643 Computer Security
Labs

Lab Environment

• Virtual Machine Software: Install VirtualBox 6.0.4. Please stay away from the newer versions, because they have some issues with our VM.

• Ubuntu 16.04 Virtual Machine Image: Download our pre-built Ubuntu 16.04 virtual machine image. All the Linux labs use this image. To use this image, do the following:
  • Download the SEEDUbuntu16.04 virtual machine image.
  • Unzip it, and you should be able to see a folder.
  • Follow the this document to run the VM on VirtualBox.

Note: For the lab setup, you do not need to submit anything. However, we strongly urge you to get the environment set up as soon as possible, and start getting familiar with the environment. For those who are not familiar with the Linux operating system, you need to spend extra time.

Labs

Labs	Points
Lab 1: Environment Variable and Set-UID Lab	4
Lab 2: Shellshock Attack Lab	4
Lab 3: Buffer Overflow Vulnerability Lab + CTF	3 + 2
Lab 4: Format String Attack Lab + CTF	3 + 2
Lab 5: Race Condition Vulnerability Lab	4
Lab 6: Dirty COW Attack Lab	4
Lab 7: Meltdown Attack Lab and Spectre Attack Lab	2 + 2
Lab 8: Cross-Site Request Forgery Attack Lab	4
Lab 9: SQL Injection Attack Lab	4
Lab 10: Cross-Site Scripting Attack Lab	4
Lab 11: Android Repackaging Attack	4
Lab 12: Rooting Android Phones	4
Total Points	50

Notes

• Working individually or in group: All labs are individual labs. You are encourage to discuss with others, but each student must independently carry out the tasks in the labs. You cannot copy code from other students. Any violation will be punished and reported to the university authority.
• CTF (Capture The Flag) competition: For these competitions (group based), grades will be based on the rankings of each group.
• Lab Report: For all labs, You should submit a hardcopy of your lab report before the class on the due day. We may ask (randomly) selected students to give a demonstration.