python辅导 | Intro to assignment2


Intro to assignment2
part 1
Write your reference monitor
How many people successfully compromise your reference monitor or correctly report
accuracy issue of your reference monitor
part 2
get all people’s reference monitors, and write your exploit.
not only check the security issue, but also check if it functions as expected(accuracy)
How many reference monitor you compromised, multiple successful scripts for one
reference monitor count as 1 Lose points for wrong attack
part 3
get all exploit scripts, report wrong attack
improve your reference monitor, we will run against all exploits again.
How many wrong attack on your reference monitor you report. How many exploits could
still compromise your reference monitor
Part 1
Rule: All file contents should start with “S” and end with “E”
Valid “S90aj923rfE” “S\nE”
Invalid “s0j4f90jwe92E” “90afwje23rf”
for details see github page in assignment instruction
NO output when running : we will let attacker use output to report successful attack.
Tutorial Security Layer Repy APIs
1. build
➜ RUNNABLE git:(master) ✗ python2 restrictions.test
encasementlib.r2py reference_monitor.r2py attack.r2py
fish: “python2 restrictions.te…” terminated by signal SIGTERM (Polite
quit request)
2. write your code
python2 syntax limited functions to use(with slightly different function names) openfile ->
open writeat -> write readat -> read log -> print …
[Repy APIs] (
3. test your code python2 restrictions.default encasementlib.r2py
reference_monitor.r2py attack.r2py use repy sandbox
restrictions.default: specify what resources could the sandbox have
encasementlib.r2py: a module that allows you to have security layers
reference_monitor.r2py: your reference monitor( the “security layer”)
attack.r2py: scripts to run under the reference monitor
git clone
cd repy_v2/scripts && python2 && python2