Projects for Secure Software

Project 1: Markovian Tweets.

The task is to take in sample text and generate a tweet (280 characters) in the style of that text using Markov Chains. For super-extra credit consume a user name from Twitter and grab some tweets by the person as your source material. Further awesomeness if you build a tweet-bot.

Project 1 Milestones

This task is designed to push you a bit. You'll have to figure out many moving parts to make it a success. Here are some mastery tasks you can measure yourself by and talk to me if you get stuck.

Project 1.5: QA on Tweeter

Quality Assurance This markovian tweeter will be a center piece of a new ad campaign for your company. It will be morphed and used in many new products and it will learn from user data which might be malicious. Your job, as the QA team, is to take a deep dive into the partner team's codebase looking for flaws. Use the CERT rules and recs as your compass, so any violations of those go in your report. The job is to provide an actionable report on issues with the codebase that the developers should fix before launch and for the long-term maintainability of the project.

Project 2: Shapefinder

In this one you are building a command line tool which allows users to provide the filename of an image and 3 flags: --shape or -s followed by a shape value (square, rectangle, circle, etc.) and the flag --color or -c followed by a color (like #ff00ff or black) the third flag is -o which allows the user to specify the name of the output image (like output.ppm).

The program needs to create a new image file (at the location specified in the -o flag) which is the original image with a rectangle drawn around and shapes found in the image that match the -s flag. (Detect a square in the image and draw a colored rectangle around it in the output image).

For the image format, make this work with .ppm (or .pbm or .pgm).

I will accept a project which only works on black and white images which only contain clean rectangles. But it's extra credit to those that accept more shapes than just rectangles, and more for more difficult images, yet more for more difficult image formats.

Project 2 Milestones

This project has many layers so here are some steps towards the simplest layer:

  1. Convert an image into .ppm format using a tool like ImageMagick (convert input.png output.ppm), this is for you to test with.
  2. You might even hand craft a small image with just the shape you want.
  3. Ingest the image and detect pixel data. Since we're using plaintext image formats it's a success just to cout the lines of the image.
  4. Make your 'flag' system work well, just practice reading in all three and displaying the values that the user provides. Then try to detect valid values or provide error messages.
  5. Practice creating an image. Try replacing all pixels of color1 with color2 (ignoring the shape part of the program for now).
  6. On the algorithm side I'm ok if you use OpenCV is a third-party library. But do document the dependencies of your code so the next red-team can compile and run your code. I'm also fine if you start with just black and white rectangles and find the corners and draw in them.

Project 3: Encrypted Email Server

Your job is to build a program that lets a users "register" with a username and password. Login to their account with their password. See a list of other users. Send a message to another user. Read their received messages. Each message needs to be stored encrypted. That does imply that it is the responsibility of your users to communicate a secret passphrase shared by the two users.

There is a lot of room for security thinking in this, so show me what you got.