Winner Of Underhanded C Announced
Written by Kay Ewbank   
Friday, 05 February 2016

The winner of this year's competition to find the best sneaky C code has been announced. 

The Underhanded C Contest is a yearly competition where developers write code that looks innocent, but hides a malicious secret.

 

underhand1

 

This year's competition involved writing code that while ostensibly detecting the presence or absence of fissile material, under the covers would also have a way to cheat. As the competition winner, Linus Åkesson, explained on his website:

"Our task was to write a piece of code to detect the presence or absence of fissile material, allowing Country A to verify that Country B is destroying actual warheads. The underhanded bit consisted of sneaking in some kind of vulnerability that would allow Country B to trigger false positives, and thus destroy only fake warheads."

As the competition site explained:

“Two countries, the Peoples Glorious Democratic Republic of Alice and the Glorious Democratic People’s Republic of Bob, have agreed to a nuclear disarmament treaty. In practice, this is implemented by nuclear inspectors visiting each country and verifying the presence of fissile material such as Plutonium in a warhead, at which point the warhead can be destroyed”.

Unfortunately, neither side wants the rival’s inspectors to see data such as a radiogram or a gamma ray spectrum of the object under test because that would give away too much information. Instead, the countries agree to develop a computer program that takes the result of a scan, determines if it matches some reference pattern, and output only a “yes” or “no.”

The Underhanded part of the competition required that the program should accurately return "yes" or "no", but should also be able to also show that nuclear material is present even when it isn’t. This enables the country with the control over the program to wrongly identify a fake warhead as real, then destroy it and have their rivals think they've destroyed a real warhead from their stockpile.

The competition organizers grouped the entries into several categories based on how they achieved the need for a false positive to be generated - simple or unrealistic; data-triggered; and environment triggered. The simplistic approach relied unrealistically on techniques such as the host country being able to corrupt an input array.

The data-triggered attacks proposed using a certain kind of test spectrum as the trigger, such as one without spikes or one with an extreme value.

The final, environment-triggered attack, group relied on some change to the test computer, such as setting the uid on a file or tampering with the system clock. While the judges were concerned that such environment-triggered attacks were unrealistic, they said that:

"feedback we got from inspection experts suggested that such tampering can't be completely ruled out simply due to the physical custody of the machines."

Some of the suggested data-triggered attack solutions lost points because they relied on such unlikely data that it would raise suspicions.

The judges liked the winning solution for the fact that, apart from a single 'confusion' where a function is set to expect 4-byte numbers and is passed 8-byte doubles, the code:

"does nothing unusual or suspicious or quirky or different: it is a bog-standard implementation of preprocessing followed by normalized correlation".

The mismatch in data length causes the function to only scan over the first half of the array, and interprets the numbers wrongly. The misinterpretation means a warhead with a tiny amount of fissile material alongside a carefully chosen second compound could appear as though it were all fissile.

The full details of how the solution works, the code itself, and analysis of the other runners up, can be found on the Underhanded C Contest site.

 

underhand1

More Information

Underhanded C Contest Site

Linus Akesson's Site

Related Articles

Underhanded C Contest 2015 Launched

Underhanded C Contest 2014 - The Winner 

Evil C Coders Wanted

Underhanded C Contest Revived 

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter,subscribe to the RSS feed and follow us on, Twitter, FacebookGoogle+ or Linkedin

 

Banner


Bun Shell Released
29/02/2024

The developers of the Bun JavaScript runtime have released Bun Shell, a new experimental embedded language and interpreter in Bun that lets you run cross-platform shell scripts in JavaScript and TypeS [ ... ]



TypeScript 5.4 Adds NoInfer Type
12/03/2024

TypeScript 5.4 has been released, with the addition of a NoInfer utility type alongside preserved narrowing in closures following last assignments. 


More News

 

raspberry pi books

 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Friday, 05 February 2016 )