|Underhanded C Contest 2015 Launched|
|Written by Kay Ewbank|
|Tuesday, 25 August 2015|
The latest annual Underhanded C Contest has been launched, with a new challenge for writing innocent-looking C code that is as readable, clear, and seemingly trustworthy as possible, yet covertly implements a malicious function.
The contest is in its 8th year, and continues to grow in popularity, thereby wasting many hours of useful development time as programmers dream up obscure ways to hide underhanded behavior in apparently clean code.
The idea is that your source code should look straightforward, so that another programmer would read the code and not spot a problem. At the same time, the code has to do something ‘malicious’. Previous challenges have included miscounting votes, shaving money from financial transactions, and leaking information to an eavesdropper.
This year’s theme sounds decidedly dodgy and convoluted.
The challenge is to fake answers to tests about nuclear fissile material. The people setting the Underhanded C Contest are cooperating with the Nuclear Threat Initiative (http://www.nti.org/), a nonprofit, nonpartisan organization working to reduce the threat of nuclear, chemical and biological weapons.
In the real world, the need to monitor nuclear arms and verify when countries claim to have decommissioned or destroyed nuclear material is obviously challenging and serious. In the less serious world of the competition, the challenge is to verify data showing the presence or absence of nuclear fissile material. The twist is that the code also needs to provide an incorrect result (to order) showing that fissile material is present when in fact it is not present.
As the competition site explains:
“Two countries, the Peoples Glorious Democratic Republic of Alice and the Glorious Democratic People’s Republic of Bob, have agreed to a nuclear disarmament treaty. In practice, this is implemented by nuclear inspectors visiting each country and verifying the presence of fissile material such as Plutonium in a warhead, at which point the warhead can be destroyed”.
Unfortunately, neither side wants the rival’s inspectors to see data such as a radiogram or a gamma ray spectrum of the object under test because that would give away too much information. Instead, the countries agree to develop a computer program that takes the result of a scan, determine if it matches some reference pattern, and output only a “yes” or “no.”
The Underhanded part of the competition is that your program should accurately return yes or no, but should be able to also show that nuclear material is present even when it isn’t. This incorrect answer should only be given under specific circumstances, essentially under your control. The code for this has to be hard to detect, and you gain points if the errant code can be plausibly deniable as an innocent programming error.
As always, extra points are awarded for humorous, spiteful, or ironic bugs, such as error-prone behavior in an error-checking routine.
Code needs to be submitted by November 15, and the winner of this year’s contest will receive $1,000. NTI is contributing to this year’s contest both by offering the prize, and by planning a subsequent joint programming contest after the regular Underhanded contest finishes.
To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin, or sign up for our weekly newsletter.
or email your comment to: email@example.com
|Last Updated ( Tuesday, 25 August 2015 )|