In this assignment you will demonstrate:
A graduate degree is an affidavit that your knowledge of and fluency of a topic is so good you can explain it others. Therefore, this assignment contains a writing exercise, where you produce a paper that others can read to learn about secure software principles and techniques in the language of your choice.
The assignment isn’t just a paper, though. You have some crypto exercises, too.
Read (or skim):
Submit via BrightSpace, two PDF files, one with the paper described below and one with the solutions to the problems below:
Write a paper, with the help of ChatGPT or similar chat bot, around 5 pages in length (double spaced is okay for prose but NOT for code examples), entitled “Secure Software Development in ___” where the blank is to be replaced with the language of your choice. The paper should look like a typical conference paper, with a title, author(s) and address lines, an abstract, a few sections, and a references (bibliography) section. Here are the expectations for the paper:
Chatbot usage is required here, because a bot is not going to make misspellings or use bad grammar—but most importantly, because you need practice with prompting, and working with, these helpful tools! The bot will give you a good introduction and a good conclusion and will normally write decent code. HOWEVER: it will (generally) not be able to choose the best examples, and may completely misattribute references! It might also hallucinate problems or hallucinate solutions. Therefore you have to study the material and be pretty well-versed in what you are going to be writing about! The chatbot is not going to teach you everything about the topic; it is going to help you communicate your ideas. And when you and the chatbot work together, you will indeed learn a great deal more!
Getting the chatbot to help you with this assignment means you will need to refine your prompting skills. That means you have to give it some examples, a lot of context, etc. You will have to know the names of the vulnerabilities and exploits you want to include in the paper, so that the bot can take advantage of its training. You should ask the chatbot a series of small questions (in a single chat), correcting it when necessary, asking it for different things if it is going off track, and gradually asking it to piece together everything into a nice completed work.
Don’t forget: When including and citing references, you are on the hook to make sure all references are appropriate. The chatbot may not be helpful here.
The process should take at least two hours. But at the end, the expectation is that you have a quality paper with accurate examples that is very readable as a tutorial for readers looking for an introduction to language-specific software security. YOU, not the chatbot, are driving this work. Make clear that you are the architect of the ideas and the overall structure; use the chatbot as your research assistant, ghostwriter, and your spelling and grammar proof-reader. You are also responsible for proper typesetting and making the final PDF; do not submit as raw text.
Develop your skills by working on these problems. Yes, there are not enough to make you an expert. But they will get you started. You do not have to “show your work” but it is expected you work through the details and not ask others to do the work for you.
-e
or -d
(for encrypt and decrypt, respectively). The second is
either a message to encrypt or a ciphertext to decrypt. The third is the key. The fourth is an
initialization vector. If encrypting, the program assumes the string argument is a utf-8 encoded
string and outputs the AES256-CBC encoding of the input, as a hexadecimal string. If decrypting,
the string argument is assumed to be a hexadecimal representation of a byte sequence, and the
output should be the decrypted string. For example:
$ node aes256cbc.mjs -e "How are things today?" thisisa_32_byte_long_key_I_think dog1234567890123 2fa599a01975b0544407165616c017b1197fce0e28cd0d01bf17cf615407a3e243e43af5b11a7170f0a80b891e31a83584f135350ac812427b31a137fd8b5604f7d09d1c42df9fd99a013b568e0bfdda $ node aes256cbc.mjs -d bd0886644bd5afa1857f50c582fc9c68e0e26be128eea3b009059e483ce5c238 thisisa_32_byte_long_key_I_think dog1234567890123 How are things today?