Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Objectives and Logistics

The goal of this lab exercise is to apply the software compartmentalisation theoretical concept covered in the unit (see Week 5 content here).

We'll first focus on a simple example: a web server containing a heartbleed-style vulnerability. We will sandbox the part of the program containing the bug within its own compartment, and check that this compartmentalisation prevent an attacker from leaking secrets allocated outside that compartment.

Next, we will compartmentalise a real-world library, TinyExpr. TinyExpr is a mathematical expression parser and evaluator library, that can be integrated in C and C++ programs. Parsers are particularly prone to vulnerabilities because they manipulate untrusted input (the content to parse) that may be malformed in many ways. We will sandbox TinyExpr within its own compartment, and study this compartmentalisation's impact on performance.

Submission Instructions

The deliverables for this exercise are the C source code for the compartmentalised versions of the web server and TinyExpr. The submission is made through the CS Department’s Gitlab. You should have a fork of the repository named 60261-lab3-s-compartmentalisation_<your username>. The sources should be grouped in folders located at the root of the repository, one per relevant part of the exercise:

  • heartbleed-guided/
  • heartbleed-advanced/
  • tinyexpr-ipc/
  • tinyexpr-shm/

Submission details are given in the relevant parts of this exercise. To indicate that the submission is ready to be marked create a tag named lab3-submission.

The deadline for this assignment is Friday 14/11 2pm London time.

A few important points regarding the submission:

  • ⚠️ Make sure you push to the precise repository mentioned above and not another one (do not fork it or create a new repo), and to tag your submission properly.
  • ⚠️ The submission is to be made through GitLab only, there is no need to submit anything to Canvas.
  • ⚠️ You need some basic knowledge of git and GitLab to submit that exercise. In the unlikely case you are not familiar with these tools, see some guidance here.

Failure to follow these instructions is likely to result in a mark of 0 for this exercise.

For any issues or questions, feel free to get in touch with the instructor through the discussion board on Canvas or during office hours (see the schedule on Canvas for the their time and location. You can also contact your student representatives.

High-Level Marking Scheme

PartMarks
Compartmentalising HeartBleed (Guided)/5
Compartmentalising HeartBleed (Advanced/5
Compartmentalising TinyExpr (IPCs)/5
Compartmentalising TinyExpr (Shared Memory)/5
Total:/20

Intended Learning Outcomes (ILOs)

By the end of this lab, students will be able to:

  • Design and implement compartmentalisation policies in C programs, using process-level isolation, and IPC-based cross-compartment communications
  • Demonstrate the security benefits of these policies
  • Assess and understand the performance impact of these approaches