JMU
Secure Programming in C


1 Purpose

The purpose of this assignment is to allow you to demonstrate that you have begun to acquire the knowledge and skills necessary to design and construct secure programs in C.

2 Overview

This assignment has two parts, both of which involve a simple grade calculator named Gradeful (that is typically run from the command line).

3 Specifications for Gradeful

Gradeful must read a .grades file containing grade information for a single student in a single course and print the weighted average grade to standard output. The following documents exist describing Gradeful.

Letting \(c\) denote a category, \(a \in c\) denote an assignment in category \(c\), \(|c|\) denote the number of assignments in category \(c\), \(w_c\) denote the weight for category \(c\), and \(g_a\) denote the grade on assignment \(a\), the weighted average final grade, \(f\), is defined as:

\[f = \frac{\sum_c \left( w_c \frac{\sum_{a \in c} g_a }{|c|} \right)}{\sum_c w_c}\]

Remember that the documents describing the file format and command-line parameters assume a "well-behaved" user. You must account for the fact that an attacker may be able to provide command-line parameters and/or a file to Gradeful.

4 Part 1

For Part 1, you must write a report that identifies the rules (not the recommendations) in the SEI CERT C Coding Standard that would be most relevant in a formal review of Gradeful. (Your report should include the detailed rules (e.g., "PRE30-C") not the abstract rules (e.g., "Rule 01").

5 Part 2

For Part 2, you must implement Gradeful, following the rules you identified in Part 1. When you apply a rule, you must make note of it in a comment.

Remember that the documents describing the file format and command-line parameters assume a "well-behaved" user. You must account for the fact that an attacker may be able to provide command-line parameters and/or a file to Gradeful.

6 Submission

For Part 1, you must submit the list of rules using Canvas in a single PDF file named rules.pdf.

For Part 2, you must submit your implementation using Canvas. It must be in a single file named gradeful.zip. The .zip file must contain the following.

  1. All of the source code (both .c and .h files, if necessary).
  2. A makefile that can be used to build the executable on a "normal" Linux platform using the GNU Compiler Collection.
  3. All of the .grades files you used for testing your implementation.
  4. An ASCII text file named readme.txt that explains how to execute the program from the command-line.

In other words, it must contain everything that anyone would need to build and run Gradeful.

7 Visibility

Your deliverables may be made public (i.e., available to both other students in the course and the general population).

Copyright 2016