Banking on Security
Overview
This assignment is about assembly, reverse engineering, security, privacy and trust. An earlier version of the assignment by Randal Bryant & David O'Hallaron (CMU), accessible here, used the framing story that students were defusing a ‘bomb’.
In order to better support the themes of privacy, security, and trust, we re-themed the assignment to cast students as security researchers examining the vulnerabilities of a SecureVault. As they do so, they also discover that aggregating datasets of information about the bank’s customers can lead to surprising discoveries about the customers – and invasions of their privacy. In a new section of the assignment, students explore differential privacy and the bank’s trust model.
The starter code is the project provided to students, with the omission of an example vault executable for reverse engineering. Nick and Julie recommend instead that instructors interested in replicating this assignment use the instructor tools from the CMU assignment to create their own executable: http://csapp.cs.cmu.edu/public/labs.html.
Contributors
- Ethics materials by Kathleen Creel, Nick Troccoli, and Brynne Hurst
- CS Assignment by Michael Chang & Julie Zelenski, based on assignment by Randal Bryant & David O'Hallaron (CMU). Modifications by Nick Troccoli, Brynne Hurst, Kathleen Creel and Jonathan Kula.
Assignment goals
- reading and tracing assembly code
- understanding how data access, control structures, and function calls translate between C and assembly
- reverse-engineering
- understanding the challenges of writing secure and robust systems
- mastering the gdb debugger
Ethics goals
- Understanding theories of privacy and their application
- Exploring the relationship between privacy and trust
- Assuming the role of the ethical penetration tester
Download Links
- Starter Code
- Assignment handout
- Ethics Slides on Privacy (pptx)
- Explainer Handout
Additional Readings for Context (Instructors or Students):
- Rogaway, The Moral Character of Cryptographic Work
- Solove, "'I've Got Nothing to Hide' and Other Misunderstandings of Privacy"
- Nissenbaum, Privacy in Context: Technology, Policy, and the Integrity of Social Life. Chapter 4.
- Dwork & Roth, The Algorithmic Foundations of Differential Privacy
- Baier, Trust and Antitrust