-
Notifications
You must be signed in to change notification settings - Fork 73
Spring20Cs361sLab2wr
| Assigned | 2/19/2020 |
| Due | 3/11/2020 |
| Points | 100 |
For this assignment, you will write a more-or-less standard report about CVE-2018-5767. If you aren't familiar with CVE's in general, do a quick Google search. CVE-2018-5767 is an arbitrary code execution exploit on a Tenda AC-15 router. What's great about this exploit is that it pulls together bits and pieces from labs 2 and 3.
Your assignment is to write a technical summary of the attack including all of the various components that were chained together and the defenses that were circumvented. The authors of the exploit already have a walkthrough with all the technical content that you need in their CVE-2018-5767 Walkthrough.
The challenge for this writing assignment is not the technical content which is already described in great detail. Instead, your goal is to do a bit of "audience translation." The audience of the walkthrough is the security community. The authors use terms like "ROP" without any explanation. What I want you to do is try, within a three-page paper, to craft an explanation that would work for somebody that's not familiar with computer security. You can assume the audience is familiar with computer science in general (they know how assembly works), but not buffer overflows and exploits. They might understand that memory can be marked "readable", "writable", or "executable," but they have no idea why you'd want a non-executable stack.
You will, of course, not cover every possible detail. Three pages isn't enough to cover all the details of a non-executable stack, let alone this particular CVE. You will have to decide what you prioritize, what you decide to describe, what kinds of analogies you will use, and so forth.
I highly recommend that you test your paper out, before turning it in, on other computer science students. If another CS student, without the benefit of this class, can read your paper to understand the attack and the defenses it circumvented at a basic level, you have succeeded.
Your paper must adhere to the following requirements:
- Submitted in PDF
- Make an effort to follow APA style guidelines. You will only be graded down for egregious errors, such as bad grammar, misspelling, and so forth. However, you should generally follow guidelines for margins and so forth.
- Is at least 1250 words (between 2-3 pages single spaced, figures and images not included)
- Use figures and illustrations to help explain concepts (your own or others so long as external figures are cited)
- Refer to the CVE-2018-5767 Walkthrough when quoting, or using figures, or other direct support
- If outside citations are necessary for your persuasive argument, include an appropriate bibliography (not included in word count)
Submit through Canvas. Submissions are due by 11:59 on March 11. Grading will be as follows:
- 15% for describing the key components of the attack
- 15% for describing key defenses that were circumvented
- 50% for effectively describing for a CS, but not computer security, audience
- 20% for style, spelling, grammar, and clarity