CSE 127: Lecture 11


The topics covered in this lecture are differential timing analysis, assignment 3.

Differential Timing Analysis, again

Timing model -- cycle-count granularity is possible. Varying execution times, in particular from the modular reduction (remainder calculation), occur due to the quotient estimate that must be done.

Assignment 3

(Moved from top-level page.) For those of you having trouble with strings, see this or this. Also, you should look at this too. And maybe this will also be useful -- it runs the code after copying it into a buffer.

See updated tarball of RPC code; the only change should be in rpc.c. This should work across the network on slower machines. Socket I/O between processes on the local machine blocks until the transfer completes, but this is not guaranteed and is often false when the processes are on different machines that are slow.

If you wish to use the original tarball instead of this one, make a note of it in your writeup.

Updated 2/28/03: Use this tarball if you wish to run across machine boundaries. The earlier version does not always work properly if the client and server are on different machines.

Updated:

Your inside person has been able to obtain a new copy of the server code, which had been updated due to a compilation environment change. He was also also able to grab some binary, but because he doesn't control the server you don't know if the same binaries will be used when you actually attempt to break in.

You should grab a copy of the updated RPC attack tarball. The original one which had compile errors on OSTL machines is still available. See the included README file for instructions and what to turn in. (Extract the tarball with the command:

$ tar xzf rpc-attack-updated.tgz
and it will create a directory named assn3 where all the files will be placed. The due date etc are in the README file.

To make it easier for the TAs, please wrap the lines in your writeup text file for an 80 column window. Also, the writeup is very important: it demonstrates to us that you understand the concepts, rather than got lucky and got the code working by trial-and-error. Do take the time to explain how things work, as the writeup is a large portion of your grade for the project.

Links

These are links additional security-related information. Exploring them is optional unless otherwise stated.


[ search CSE | CSE | bsy's home page | links | webster | MRQE | google | yahoo | citeseer | pgp certserver | openpgp certserver ]
picture of bsy

bsy+cse127.w03@cs.ucsd.edu, last updated Sat Mar 8 03:23:04 PST 2003. Copyright 2003 Bennet Yee.
email bsy.


Don't make me hand over my privacy keys!