CS 600.443 Assignment 2 This assignment should be done in groups of 1-4. Please put all participants names on all items before turning them in. This assignment is divided into several parts. This project is an experiment to study the difficult of embedding malicious functionality in code such that it cannot be detected. Each group will design and build a voting machine. The machine should tally votes for candidates for various elected offices, and the tally should be displayed as each vote is cast. The machine should count votes correctly. The machine should also keep an audit log of all of the votes that have been cast, including the time, and the ballot choices. There should be an interface for viewing the audit log. The ballot you should use is as follows (you pick the names): President: vote for one of three choices Congress: vote for one of five choices City counsel: vote for two of four choices The machines should enforce no overvoting (e.g. voting for two people for President when only one is allowed) and warn voters of undervotes (e.g. not voting for one office, or voting for only one counselperson). The backdoor ------------ You will turn in two versions of your system. One should function properly in every respect. The other one should contain a malicious back door. That is, there should be a way for a voter to secretly perform some unusual action such that they can alter the outcome of the election. At a minimum, the backdoor should enable a voter to bias the election somehow towards a specific presidential candidate. That is, pick a favorite candidate and identify them in advance in your project write-up, and that is the one that your system should favor when the backdoor is enabled. A truly successful attack will keep the audit log consistent with the vote totals. The backdoor should be dormant, that is, should do nothing, until a secret activation event (such as a particular sequence of clicks) activates it. Some ground rules ----------------- Your system will be subjected to ITA (independent testing authority) for certification. Any attempt to purposefully obfuscate the code would trigger alarms and possibly prison sentences, and at the very least the loss of a sale. So, the system must appear to be as legitimate as possible. So, for example, if you were to run your code through an automated obfuscator, it would never be certified, and you would get a bad grade... You may build your system as a web application, or as a standalone one. You should limit the platforms to Linux, Windows, or Mac. Any multiplatform environment (like JAVA) would be great, as well as a web-only application. You may use database packages and try to embed your funny business in the database portion, but you may only use publicly available packages. You can use comments as part of the disguise to socially engineer the ITA. You may use any free software package that you like, but must turn in those systems, or links to them. Proprietary databases are excluded because we cannot assume that the other groups will be able to use them when they analyze and run your system. First due date ------------- On Wednesday, March 10, you will send an email to mgreen@cs.jhu.edu (Matt) and genome4hire@dubfire.net (Chris) our TAs, with a CC to me. The email will contain: 1. A list of your project members. 2. A 1-2 paragraph status report about your project. Describe the design choices you've made in terms of programming language and development environment. Also, say what you've implemented. 3. This will not be graded, but you will be penalized if you do not send the message in before 10 pm that day. Part 1 ------ On April 1, at the beginning of class, you will turn in the following: 1. A one page maximum writeup listing all of the software packages used by your system, including operating system, software libraries, databases, etc. 2. A five page maximum writeup describing in excrutiating detail how you implemented the backdoor. Explain both how it is activated and how you hid it. Be sure to indicate which candidate your system is designed to favor. 3. Two tar files: good.tar.gz which will contain the system with no back door bad.tar.gz which will contain the system with the back door 4. For both systems, include in the tar file an install script that takes the untarred directory and builds the whole system. Feel free to include binaries in the tar file, so that the install is very simple. Also include a detailed README explaining how to use the install script. The idea is that it should only take us a few minutes to get your system up and running. On April 1 and 2, each group will have 5-10 minutes to demo their voting system. At that point, you will NOT disclose the backdoor. You will simply show an election and that votes are tallied correctly. You will demonstrate the audit log and how it keeps track of what's going on. ----------- Shortly after you turn in part 1, each group will receive three voting systems (tar files). At least one of them will be good and at least one will be malicious. You will not know which. Your job for the remainder of the course will be to try to find the backdoors and identify the malicious behavior. You may run the system, do diffs against standard libraries, and use any tools you like. Homegrown tools could be very interesting. Part 2 ------ On April 29, at thge beginning of class, you will turn in the following: For each of the three systems, a report (3 page max per system) identifying the following - does it have a back door? - if so, how is the back door activated? - if so, which candidate(s) does the back door bias in favor? - if so, how was it implemented? Identify as much malicious code as possible. - describe any tools you used and/or developed to do the analysis On April 29 and 30, each group will have 5-10 minutes to demo their system and show off their back door. Show what happens to the audit log. If time permits and you found something really clever of someone else's, you may have time to discuss that. ------------ Grading criteria: 1. Quality of the system (20 points) - Does the system work when no back door is used? - Quality of the audit mechanism - Does the code appear to be doctored/obfuscated? (How "natural" does it look?) 2. Backdoor (20 points) - Is it totally obvious? Is it extremely well hidden? - How much damage does it do? I.e. does the preferred candidate always win, or do they just get some small advantage? - Is the integrity of the audit log preserved? I.e. does the audit log match the reported outcome of the election? 3. Analysis (20 points) - Did you find the backdoors you were given? - How much malicious code were you able to uncover? - Did you develop any automated techniques as part of the analysis?