代写辅导接单-Advanced Secure Protocol Design, Implementation and Review

欢迎使用51辅导,51作业君孵化低价透明的学长辅导平台,服务保持优质,平均费用压低50%以上! 51fudao.top

2025/9/28 17:27 Advanced Secure Protocol Design, Implementation and Review

Advanced Secure Protocol Design, Implementation and Review

Start Assignment

Due 26 Oct by 23:59

Points 30

Submitting a file upload

This Advanced Secure Programming assignment is designed to help students apply the theoretical concepts covered in the

lectures/RangeForce and learn about practice secure programming. This assignment is a group work assignment. In

groups of 3-5 students, you will engage in a hands-on assignment that requires the design, development, and evaluation of

a secure overlay chat system utilising a standardised protocol created by all the students in this class. This system must

adhere to class-specified protocol, have a secure implementation, have the secured implementation intentionally and

ethically "backdoored", and then be tested in a controlled code review process. The course concludes with a friendly

hackathon exercise.

Assignment Objectives

Conceptualising and standardising a secure communication protocol for a distributed overlay multi-party chat system.

There cannot be any central server handling all the communication. Rather, the system must be robust to any node or

device failure.

Develop an application that adheres to a designed protocol (by the class) and incorporates advanced secure coding

practices.

Intentionally backdoor your own implementation in an ethical way so that other groups have security flaws to find.

Perform peer reviews and engage in both manual and automated code analysis to identify vulnerabilities and

backdoors.

Critically reflect on the design and implementation process, including evaluating the protocol, the security measures

implemented, the quality of the feedback received, a reflection on your own learning and possible coding mistakes.

Have fun at an ethical hackathon to identify and exploit vulnerabilities in a controlled setting, enhancing your

understanding of real-world cybersecurity challenges.

Assignment Timeline and Deliverables

Week 2: Complete the initial design of the chat system's communication protocol.

Week 4: Collaborative standardisation of the protocol with class-wide consensus.

Week 6: Finalise detailed plans for code design and start your implementation.

Week 8: Present a functional prototype in the tutorial for initial testing and feedback. Consider this as the deadline to finish

your implementation.

Week 9: Submit the final version of the chat system for peer review. HARD DEADLINE: 06 Oct 2025. If you submit after

this day, your code won't be sent for peer review because it's unfair for your peers to receive late code for review.

Week 10: Conduct code reviews of three other groups' projects using both manual and automated code review techniques.

Provide constructive feedback on the vulnerabilities found in peer reviews. DEADLINE for peer feedback: 19 Oct 2025.

Week 11: Submit a reflective commentary discussing the protocol standards, implementation challenges, thoughts on the

embedded backdoors, and their detection difficulty. Include in your submission the backdoor-free code and your

backdoored code. DEADLINE: 26 Oct 2025.

Week 12: Participate in a friendly, ethical hackathon to test all chat systems for vulnerabilities and demonstrate proof-of-

concept attacks in a VM environment.

Participate in workshops to aid protocol development and refine implementation strategies.

Programming and Implementation Details

https://myuni.adelaide.edu.au/courses/101186/assignments/454418 1/8

2025/9/28 17:27 Advanced Secure Protocol Design, Implementation and Review

Your group is free to use any programming language it feels comfortable with, such as C, Python, Rust, or any other

suitable programming language.

Task Overview

The goal is to create a system that functions according to specified requirements and incorporates intentional vulnerabilities

(backdoors) that peers will attempt to identify and exploit. Your aim is to understand the trade-offs in protocol design at

different levels with different objectives and problems. This develops critical thinking about aspects of protocols,

programming, security, and vulnerabilities in code.

In order to achieve that, we will design and secure our own protocol (as a whole class group). We will study this using the

example of an overlay multi-party chat program. At the end of the module, we will have discussed and implemented a set of

major Internet protocols, and you will have a program that must interwork with other students' programs to provide a chat

service with:

Listing all members (currently online) in the chat system.

Private messages to a single participant: For example, your protocol is able to "forward" chat messages to the

appropriate destination (according to your "routing table"), and the appropriate recipient displays the right chat

messages.

Group messages to all participants.

Point-to-point file transfer.

What you need to consider is:

How to secure the socket from which you are receiving data.

Consider a malicious user using your program.

Consider malicious nodes participating in your protocol and/or a malicious actor "wiretapping" your communication.

While at the same time forwarding/routing messages through an overlay topology and securing the protocol

communication.

Consider core functionalities like user registration, and message sending/receiving (/w authentication).

During the workshop session, you will design a protocol where you (the cohort of students) can work together to agree on a

protocol that will be implemented within the chat program. You will then work in groups of 3-5 students to implement the

protocol independently of the other groups.

Phase 1: Protocol Design (Weeks 1-4)

Objective: Design a standardised network protocol for a chat system that supports listing members, sending private and

group messages, and conducting file transfers—a protocol specification document detailing all functional and security

aspects agreed upon by all groups.

Approach:

Weeks 1-2: Research existing secure communication protocols to understand foundational concepts. Begin drafting

protocol specifications focusing on user authentication, data integrity, and encryption methods. Use the workshop during

week 2 to communicate with your fellow students.

Weeks 3-4: Standardise the protocol in collaboration with your peers in the whole class. Ensure it includes details on

message formatting, session management, packet routing, error handling, and security measures.

Phase 2: Software Implementation (Weeks 5-9)

Objective: Implement the agreed protocol that has been "standardised". Note carefully that while the protocol specification

needs to be the same for the whole class (otherwise, you will not be able to communicate with the implementation from

https://myuni.adelaide.edu.au/courses/101186/assignments/454418 2/8

2025/9/28 17:27 Advanced Secure Protocol Design, Implementation and Review

other groups), your implementation is group-specific. A working prototype of the chat system should be submitted by every

group at the end.

Approach:

Weeks 5-6: Design the software architecture and start implementing it. While you are still in the process of focusing on

completing the last RangeForce modules, it is essential that by the workshop in week 6, you have a clear understanding of

what to code. You should use the session with your tutor to discuss any questions you might have.

Weeks 7-8: These will be the main coding weeks. If you have a well-planned and standardised protocol, you will see that

the actual implementation is not that hard. By the end of week 8, your code should really be finished. See this as the

deadline, so you have a few days to debug your code with other groups.

Tutorial in Week 8: Present a working prototype for initial testing and informal feedback from other groups and tutors.

Week 9: Finish debugging your code and add some backdoors (and/or vulnerabilities only known to your group) to the

code. There must be at least 2 intentional vulnerabilities for the other groups to find. Your friendly hackathon competition is

to make it as hard for the other groups to find those hidden vulnerabilities. However, also keep in mind that ideally, you

need to be able to exploit your own vulnerabilities and demonstrate later that you can achieve the objectives.

A hopefully obvious but important note on the intentional backdoors: The objectives are limited to within the chat system.

Do not include anything that would breach anything from the computer of the person who runs your code. The idea is proof

of concept, e.g., that you could take control of the running program, modify or alter messages on the node, sign with their

private key, etc. However, keep it ethical. Do not breach anyone's privacy or modify or delete any of the data outside of this

assignment.

On Monday in week 9, 06 Oct 2025: Submit your complete chat system (the version of your code with

backdoors/vulnerabilities) for review by other groups. Submit on the MyUni assignment page: Submission of

Implementation (https://myuni.adelaide.edu.au/courses/101186/assignments/454424) . Your submission should have your

(intentionally vulnerable) code and a detailed "README" (as ASCII) with instructions on compiling, running and using the

code.

Phase 3: Testing and Peer Review (Week 10)

Objective: Conduct thorough testing and review of the chat system to identify planted and potential unintended

vulnerabilities. Please submit a feedback review report outlining the vulnerabilities found and suggestions for improvement

for the other groups.

Approach:

Week 10: Each student gets 3 implementations from other groups to review. This is an individual sub-task in order to

practice reviewing for every student and maximise the feedback others receive. You will use a combination of manual

inspection and automated tools (e.g., static code analysis/dynamic analysis). Focus on identifying the intentional backdoors

and any other security flaws left by other groups. However, it also provides detailed feedback to other groups, highlighting

both strengths and vulnerabilities in their implementations. Your feedback is expected to be returned to the other students

no later than 19 October 2025.

Note that you can, of course, share the feedback from the individual peer review task with your group members and overall

make your code better as a group. Feedback given will also be discussed in the reflective commentary as a group.

While every group's backdoored code version is implemented ethically, always treat the code or produced binaries as if

they were malicious. The code will certainly open ports to receive messages and will have intentional and/or unintentional

vulnerabilities associated with it. Run code received from other groups only in a sandboxed and secured

environment! It is essential to practice protecting yourself from malware and learning how to become a malware

researcher, as the code you receive should only contain ethical backdoors, but nevertheless, make sure your own systems

remain safe.

https://myuni.adelaide.edu.au/courses/101186/assignments/454418 3/8

2025/9/28 17:27 Advanced Secure Protocol Design, Implementation and Review

Phase 4: Reflection and Feedback (Week 11)

Objective: Reflect on the development process and learn from the feedback received.

Approach:

Write a reflective commentary discussing your protocol's standards, implementation challenges, thoughts on the integrated

backdoors, and anticipated difficulty detecting them. As guidance, do not write more than 2000 words (~4 pages single-

spaced A4). Your code, proof of concept, and screenshots can go to a set of appendices, which do not count into those

2000 words/4 pages.

The reflective commentary should contain the following information:

1. Your reflection on the standardised protocol. Even if you had to comply with the agreed implementation (in order to

achieve interoperability), you might have had a different view. Here is the space to comment and give your thoughts on

what worked and what didn't work.

2. Describe and submit your backdoor-free version of the code. Explain design choices in the implementation.

Demonstrate how your code runs (by chatting with your own implementation or by chatting with other implementations).

Discuss lessons learned. This can also include any bugs reported by other groups.

3. Explain what backdoors/vulnerabilities you added. What were your thoughts and objectives?. Explain and demonstrate

how to exploit your backdoor.

4. Evaluate the feedback you received from other groups. Did they find your backdoors? Did they find other problems in

your code? Was the report useful feedback?

5. For what groups did you provide feedback (name the group and group members). What feedback did you provide to

other groups? What challenges did you face? How did you overcome or approach those challenges (e.g., did you talk

to the other groups)?

Phase 5: Ethical Hackathon (Week 12)

Objective: Test the security of all chat systems in a controlled, ethical environment.

Approach:

Participate in a hackathon where each group attempts to exploit vulnerabilities in others' systems. That means running your

own vulnerable code in a VM (or otherwise safe environment). Ethically, try to exploit others' code. Use only non-

destructive methods and aim to demonstrate proof of concept for potential attacks. All activities should be conducted on

isolated virtual machines (VMs) to prevent any real-world implications.

Secure Programming Assignment

https://myuni.adelaide.edu.au/courses/101186/assignments/454418 4/8

2025/9/28 17:27 Advanced Secure Protocol Design, Implementation and Review

Criteria Ratings Pts

Reflective 1.5 to >1.0 Pts 1 to >0.5 Pts 0.5 to >0.0 Pts 0 Pts

Critical reflection Reflection Thoughtful action or Non-reflective

commentary (not

including Exploration and Movement beyond introspection Superficial descriptive

critique (including self- reporting or Elaborated descriptive writing approach (fact

appendices) – Writing

critique) of descriptive writing to writing approach and reporting, vague

spectrum

assumptions, values, reflecting (i.e. impressions without impressions) without

beliefs, and/or biases attempting to deeper reflection. reflection or 1.5 pts

and the understand, question, introspection.

consequences of or analyse the

action (present and learning related to

future). Including but secure programming).

not limited to the ones

learned in the course.

Reflective 1.5 to >1.0 Pts 1 to >0.5 Pts 0.5 to >0.0 Pts 0 Pts

Reflective Aware practitioner Reflective novice Language is unclear

commentary – Clarity

practitioner Minor, infrequent There are frequent and confusing

The language is clear lapses in clarity and lapses in clarity and/or throughout

and expressive. The accuracy. accuracy. Concepts are either

reader can create a not discussed or are

mental picture of the presented 1.5 pts

situation being inaccurately, or are

described. Abstract too vague.

concepts are

explained accurately,

making sense to an

uninformed reader.

Reflective 1.5 to >1.0 Pts 1 to >0.5 Pts 0.5 to >0.0 Pts 0 Pts

commentary – Bigger picture Ability to analyse Some demonstrated Irrelevant

Relevance clearly biases, stereotypes, relevance Most of the reflection

communicated and preconceptions Attempts are made to is irrelevant and/or

The reflection The reflection demonstrate misses the bigger

demonstrates the demonstrates the relevance, but the picture of

ability of the student student's ability to relevance is unclear understanding of the

to question their own question their biases, to the reader or not topic area.

biases, stereotypes, stereotypes, and linked to the bigger

preconceptions, preconceptions. picture of the cyber

and/or assumptions security market needs

and define new and/or secure

modes of thinking as programming.

1.5 pts

a result of the

perspective of the

cyber security skill

shortage and secure

programming culture

in the world. This

could also reflect on

your own engagement

with respect how your

high quality posts on

Piazza changed the

learning for other

students, for example.

Reflective 1.5 to >1.0 Pts 1 to >0.5 Pts 0.5 to >0.0 Pts 0 Pts 1.5 pts

commentary – Critical reflection Connections Little to no attempt No attempt to

demonstrated to demonstrate demonstrate

https://myuni.adelaide.edu.au/courses/101186/assignments/454418 5/8

2025/9/28 17:27 Advanced Secure Protocol Design, Implementation and Review

Criteria Ratings Pts

Course/curriculum The reflection The reflection connections connections

context demonstrates an demonstrates There is little to no No attempt to

understanding of the connections between attempt to demonstrate

experience in relation the experience and demonstrate connections to

to material from other material from other connections between previous learning or

courses, past courses, past the learning experience.

experience, personal experience, and/or experience and

goals, and/or the personal goals. previous other

wider cybersecurity personal and/or

skill sets. learning experiences.

Reflective 1.5 to >1.0 Pts 1 to >0.5 Pts 0.5 to >0.0 Pts 0 Pts

Critical reflection Good Adequate Superficial

commentary – Use of

AI The reflection on the The reflection on the The reflection on the The reflection is

use of AI is use of AI is thorough. use of AI is clear. The superficial and shows

comprehensive. The The main reflective main reflective report a limited

main reflective report report describes how explains how AI was understanding of AI

provides a detailed AI was utilised in the used in the capabilities and

account of how AI was assignment, assignment, constraints. Or the

utilised in the specifying tasks and mentioning specific report does not detail

assignment and what results. The reflection tasks and outcomes. whether and how AI

strengths or evaluates AI's It details some was used.

weaknesses were limitations and limitations and

identified. The report shortcomings, shortcomings of AI,

1.5 pts

also critically showing a good showing an adequate

evaluates AI's understanding of its understanding of its

limitations and capabilities and capabilities and

shortcomings and limitations. constraints.

includes thoughtful

insights into what the

group learned from

using AI. Or if AI was

not used at all in no

way, the report states

that this assignment

was conducted

without the help of AI.

Reflective 1.5 to >1.0 Pts 1 to >0.5 Pts 0.5 to >0.0 Pts 0 Pts

Detailed Basic List Not present

commentary –

Contributions of The report reflects on There is a section There is just a list with There is no reflection

what every member present in the main percentages of each on the group’s

group members (at

contributed to the part of the reflective team member. contributions or

the end of the main

group and how the commentary. Still, it percentages of group

reflective

group worked on this lacks details or clarity members' overall

commentary section) assignment. This (e.g., it might just give contribution to the

includes percentages the percentages of assignment. 1.5 pts

of each group group members but

member's contribution does not reflect on

to the overall strengths or

assignment. weaknesses and how

the group

complemented each

other in the learning

experience).

Protocol Design - 1.5 to >1.0 Pts 1 to >0.5 Pts 0.5 to >0.0 Pts 0 Pts 1.5 pts

Critical reflection Non-reflective

Reflection (protocol

https://myuni.adelaide.edu.au/courses/101186/assignments/454418 6/8

2025/9/28 17:27 Advanced Secure Protocol Design, Implementation and Review

Criteria Ratings Pts

description in Reflection and critique Deeper Thoughtful action or Describes the protocol

of own contribution to understanding introspection design superficially

appendix, reflection

the protocol design, Reflects on the Provides a detailed without reflection on

in main part)

including reasoning behind description of the its effectiveness,

assumptions, design design choices, protocol design shortcomings/flaws or

decisions, and demonstrates a clear process (in the alignment with course

consequences. Also understanding of the appendix) but lacks a concepts.

discusses how their technical details, and deeper reflection on

own ideas may have how they contribute to its implications and

differed from the the consequences of effectiveness.

class-chosen protocol. the protocol.

Implementation (code 1.5 to >1.0 Pts 1 to >0.5 Pts 0.5 to >0.0 Pts 0 Pts

in GitHub) - README Good README Vague README README lacks Essential

Student names and Student names, group important information missing

group names are names, and README information Student names, group

present in all files are present, but the Student names, group names, or the

(README and all instructions for names, and README README file are

code files). The installing and/or are present, but they missing. The

README shows a running the code are lack an example of vulnerable and non- 1.5 pts

command-line vague. how to install or run vulnerable versions of

example of how to run the code. the code are not

the program, lists all clearly identified.

dependencies, and

gives guidance on

how to install the

code.

Implementation (code 4 to >2.5 Pts 2.5 to >1.0 Pts 1 to >0.0 Pts 0 Pts

in GitHub, detailed Testing methods Testing methods Testing methods Testing method not

well described adequately lack thoroughness structured or not

tests documented in

Details a testing described A systemic and adequately

GitHub files or

method (in the main The report reflects on structured testing described

appendix, reflection

document) and has a testing for method is described Testing methodology

on testing described

detailed test plan (in interoperability with but does not mention missing from the main

in main part) – appendix or GitHub other groups. Still, it interoperability tests part of the reflective 4 pts

Testing and file). Describe the does not give full with other groups in commentary or lacks

initiative of testing the details on the testing the main part of the evidence for a

Interoperability

interoperability of your procedure or lacks reflective commentary systematic testing

app with at least 1 details on what other section. approach.

other group and the groups and what has

respective results. been learned from the

testing.

Implementation (code 4 to >2.5 Pts 2.5 to >1.0 Pts 1 to >0.0 Pts 0 Pts

Outstanding Good Adequate Poor

in GitHub) – Code

Quality Code works out of the Code has some The code is functional Code lacks essential

box, has good error weaknesses (e.g., not in the use cases elements, does not

handling, and deals all corner cases described in the implement some

well with failure produce clear error README. The basics aspects of the 4 pts

scenarios (e.g., messages or good are correct, e.g., protocol, and/or does

network nodes are not handling). routing/forwarding not implement the

gracefully shut down). tables are correct, and standard correctly.

messages in the

overlay do not loop.

Feedback given 4 to >2.5 Pts 2.5 to >1.0 Pts 1 to >0.0 Pts 0 Pts 4 pts

(evidenced in the Exemplary Accomplished Intermediate Novice

https://myuni.adelaide.edu.au/courses/101186/assignments/454418 7/8

2025/9/28 17:27 Advanced Secure Protocol Design, Implementation and Review

Criteria Ratings Pts

appendix) The feedback The feedback The feedback offers a The feedback

presents clear, provides a clear and basic explanation of provides a limited or

cohesive explanations helpful explanation of how to improve the unclear explanation of

of how to improve the how to improve the code. The writing is how to improve the

code (of the other code. The writing is generally constructive code. The writing

groups). The writing is constructive and and supportive but lacks

constructive, supportive but might may lack clarity or constructiveness,

supportive, friendly, be vague in parts, or detail. The feedback offering minimal help

clear and detailed the testing provides some useful for the other group to

enough to help the methodology of the insights but misses learn or improve their

other groups learn other group's code some key areas for code. The methods to

from the feedback and lacks rigour. The tests improvement. The test the other group's

improve their code. conducted are limited methods to test the code are basic and

The methods to test in their methodology, other group's code show a limited

the other group's code and the feedback primarily rely on understanding of

go beyond the does not fully techniques learned in secure programming.

methods learned in demonstrate that all the class and

this class and aspects of the code demonstrate an

demonstrate a strong have been thoroughly adequate

understanding of reviewed. understanding of

cyber security. cyber security.

Ethical 6 to >4.0 Pts 4 to >2.0 Pts 2 to >0.0 Pts 0 Pts

Outstanding Good Adequate Superficial

backdoor/vulnerability

(described in the The ideas behind the The ideas behind the The ideas behind the The ideas behind the

ethical ethical ethical ethical

main part and

backdoor/vulnerability backdoor/vulnerability backdoor/vulnerability backdoor/vulnerability

submitted as

are complex and are well-thought-out and are clear and are basic and

quarantined file in

innovative. They demonstrate a solid demonstrate a good demonstrate a limited

GitHub) demonstrate that the understanding of secure understanding of understanding of

group deeply programming and code secure programming secure programming

understands secure weaknesses. A PoC and code and code

programming, code implementation is weaknesses. A PoC weaknesses. The

weaknesses, and submitted for at least implementation may backdoors in the

exploitation methods. one not be submitted, but vulnerable version of

6 pts

An appendix or backdoor/vulnerability, the reflective the code offer a

GitHub file details a and the reflective commentary makes it minimal challenge to

Proof of Concept commentary makes it credible that this can other groups. There

(PoC) implementation credible that all be exploited. At least might also be fewer

on how the planted backdoors/vulnerabilities 2 backdoors are than 2 backdoors in

backdoors can be can be exploited. At present in the the code.

exploited. There are least 2 backdoors are vulnerable version of

at least 2 backdoors present in the the code, providing a

that provide a vulnerable version of the moderate challenge

significant challenge code, challenging other to other groups.

to identify. groups to identify and

understand different

types of vulnerabilities.

Total points: 30

https://myuni.adelaide.edu.au/courses/101186/assignments/454418 8/8

51作业君

Email:51zuoyejun

@gmail.com

添加客服微信: Fudaojun0228