Sistema automatitzat de correcció de programes: anàlisi de seguretat

Abstract

The Automated System Correction Program (SCP) has been designed as a teaching Computer Science’s support tool. Its main purpose is allowing teachers to evaluate automatically the programming skills. Also, it can be used for helping students facing challenges and learning computing knowledges in an entertaining and interactive way Teachers could create tasks that the students should submit, and which will be compiled and executed by the program afterwards. The final work will be compared with the one set by the teacher, and deciding if the output has fulfilled all the requirements. Once the tests has been carried out, the teacher will have access to the results. Other students had already worked on this project previously. They had looked for extending and improving the program , in order to make it more secure, stable, easy to use, reliable and, above all, useful. The project was started by a student who created the principal bases, and the rest of the developments had been centered on improving different aspects, like the expansion of supported languages, as well as the interface and bug fixes. I have directed the project with the intention of analyze and improving the security of SCP. However, the first step has been learning about computer audits, common dangers, how to detecting weaknesses, hacking and defense technologies and other related documentation. The analysis showed me a lot of vulnerabilities that exposed the program to external attacks. One of these problems was the lack of control for the Python language, that has no need of being compiled and is being used by a lot of hackers. In addtion, it has been found a computer error in the runtime control, which is a very dangerous threat that could put in risk the properly functioning of the application.