[Skip Navigation] [CSUSB] / [CNS] / [Comp Sci & Eng Dept] / [R J Botting] / [CSci202] / lab09
[Text Version] [Syllabus] [Schedule] [Glossary] [Resources] [Grading] [Contact] [Question] [Search ]
Notes: [01] [02] [03] [04] [05] [06] [07] [08] [09] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20]
Labs: [01] [02] [03] [04] [05] [06] [07] [08] [09] [10]
Mon Jun 1 10:08:20 PDT 2009

Contents

    CSci202 Laboratory 09 Information Security

      Goal

       We revisit the password and login problem and learn how to hide the passwords so they are not so easy to read.

      This reviews inheritance and file handling (Chapter 17) with seek, tell, read, write, and other direct access file functions in C++.

      This lab also shows you how write C++ programs for Command Line Interfaces.

      Given

      Use the text book to review file handling.

      You need your working lab04main.cpp and buffer04.h files. Compile and rerun lab04main.

      Use the strings program on the compiled program 

       		strings lab04main
      (or perhaps 
       		strings a.out
      )

      Can you find my name and my password in the listing?

      This is not secure!

      I will be giving you a new SecureBuffer class that encrypts its data as it constructs the buffer. SecureBuffer is derived from Buffer. 

       		class SecureBuffer: public Buffer {...}
      [ SecureBuffer.h ] Plus a test program for it [ tSecureBuffer.cpp ]

      I will also be giving you some outlines for the programs that you will need to complete.

      Deliverables

      A set of test programs, handling passwords and names with a minimal degree of security.

      A working set of main programs that uses an extended Secure Buffer class that lets an administrator administer them and a user change them more securely. Here is a summary of the complete system from the point of view of the two types of user.

      [Use case diagram of lab work]

      I drew this to help me design the programs you will be working with below.

      Process

      1. You may have to change [ buffer04.h ] so that SecureBuffer has access to Buffer's private data (but nobody else has). Make this fix, if needed, and compile and rerun lab04main.cpp to test.


        The next little change is to remove an experimental "throw" inside the "operator[]" function. Instead it should return the null character: 

         		return '\0';
        for index that are negative or greater than len. Leave the others untouched.
        • Adding an exception seemed like a good idea at the time.
        Again make this change and test.

      2. You can now compile and test SecureBuffer via tSecureBuffer.cpp.

      3. Here is a working program called 'list' [ list.cpp ] This is complete. Use it to test your code. It shows you how to read the data in a file called passwd that doesn't exist yet. You can use it later to check the content of the passwd file. Your first task is to get this to work with your SecureBuffer. Here [ passwd ] you can download a ready made testfile.

      4. The Unix command 
         		od -c passwd
        will show you the characters inside passwd including the unprintable ones in the encrypted data.
      5. The next program is named 'add' and places a name and an encrypted password into a special binary file passwd. Here is an example of a run: 
         		add botting 1234567
        User Ids (botting above) are placed in a file with no encryption. The password is encrypted in add and then stored the direct access file called 
         		passwd
        Here is the code.... with some key parts replaced by /*******/: [ add.cpp ] You task is to figure out what I removed and replace it so that the program works again.

      6. Third: a working program that deletes data from the passwd file. Here is the code.... with some key parts replaced by /*******/: [ del.cpp ] Fix it.


        Last: A working program that uses shadow and passwd to authenticate logins. After logging in the user can change their password. Here is the code.... with some key parts replaced by /*******/: [ use.cpp ]

      7. Grading: the more steps you complete... the more point.

      . . . . . . . . . ( end of section Process) <<Contents | End>>

      Prologue -- Are we there yet

      NO! It takes even more paranoia to fix our password system. Look at this [ 001263.html ] [ 001267.html ] issues of the Coding Horror blog to learn the evil in hacker's hearts.

    . . . . . . . . . ( end of section CSci202 Laboratory 09 Information Security) <<Contents | End>>

    Abbreviations

  1. Algorithm::=A precise description of a series of steps to attain a goal, [ Algorithm ] (Wikipedia).
  2. class::="A description of a set of similar objects that have similar data plus the functions needed to manipulate the data".
  3. Data_Structure::=A small data base.
  4. Function::programming=A selfcontained and named piece of program that knows how to do something.
  5. Gnu::="Gnu's Not Unix", a long running open source project that supplies a very popular and free C++ compiler.
  6. KDE::="Kommon Desktop Environment".
  7. object::="A little bit of knowledge -- some data and some know how", and instance of a class".
  8. OOP::="Object-Oriented Programming", Current paradigm for programming.
  9. Semantics::=Rules determining the meaning of correct statements in a language.
  10. SP::="Structured Programming", a previous paradigm for programming.
  11. STL::="The standard C++ library of classes and functions" -- also called the "Standard Template Library" because many of the classes and functions will work with any kind of data.
  12. Syntax::=The rules determining the correctness and structure of statements in a language, grammar.
  13. Q::software="A program I wrote to make software easier to develop",
  14. TBA::="To Be Announced", something I should do.
  15. TBD::="To Be Done", something you have to do.
  16. UML::="Unified Modeling Language".
  17. void::C++Keyword="Indicates a function that has no return".

End