|
Intro to Software Security
|
| Barton Miller
Elisa Heymann |
|
Downloading and Running the Exercises
|
|
Most of the exercises are delivered to you in a virtual machine,
completely configured and ready to run. We use the VirtualBox
VM, which can run on Windows, Linux, and MacOS. Once you
install the VM and download our VM image, you will have
everything that you need to run work on the assignments.
Note that you will
not
need to use this virtual machine image for the exercise on numeric errors.
You will need it for the exercise on Serialization.
For architectures different than M1/M2/M3:
To get started on the assignments, you will need to complete
these steps. Note that once you complete step 1, you will not
need to do it again.
You will repeat steps 2-3 only when there is
a need to update the virutal machine for new exercises.
-
First install the VirtualBox.
The VirtualBox website has instructions necessary to
do this step.
-
Once VirtualBox is downloaded and installed, download
the exercises VM image here.
Make sure to save the downloaded file with the
name
"security-exercises-24.ova".
Check to make sure that there are no other file name
extension, such as ".tar".
-
Start the exercise VM by double-clicking on the
"security-exercises-24.ova"
file that you just downloaded and following the prompts
to import the appliance.
Once you have imported the machine, you should see the newly imported appliance
listed in the left-hand panel of VirtualBox. Select the
appliance and click the "Start" button located near the
top of the VirtualBox window.
Depending on your host system, it may take a few minutes to start the virtual
machine.
For M1/M2/M3 architectures
Here we describe what is available at https://github.com/utmapp/UTM/discussions/2521 - and in particular in the comment at
https://github.com/utmapp/UTM/discussions/2521#discussioncomment-3828872
- Install UTM.app: either from https://getutm.app/ or, if using brew, with
brew install utm
- Install qemu
brew install qemu
-
Download the VM OVA file
cd /tmp
wget http://www.cs.wisc.edu/mist/SoftwareSecurityCourse/Exercises/security-exercises-24.ova
- The OVA file is internally a tar archive - extract it
tar xvf security-exercises-24.ova
- Convert the VMDK file to QCOW2 format
qemu-img convert -O qcow2 web-security-tools-disk001.vmdk web-security-tools.qcow2
- Download a Linux installation ISO image. Won't be really used, but is needed for the next step. Pick Ubuntu.
(You can skip this step and follow a different path as explained below.)
- Create a new (blank) UTM VM. Select:
If you have an ISO image:
* Emulate (to make it a x86_64 VM)
* Linux as the Operating System
* Boot from ISO image and point to the image downloaded in the previous step.
If you do not have an ISO image:
* Emulate (to make it a x86_64 VM)
* Choose Custom as Operating System
* Skip ISO boot
-
If you have an ISO image:
Edit the setting for the just created VM and make the following changes:
* Add a new Drive. Select NVMe interface and select Import and point to the
QCOW2 file created in step 5.
* Delete the other Drives - the blank drive created at VM creation and the
"DVD" drive holding the ISO image
* Disable UEFI boot
If you do not have an ISO image:
Edit the setting for the just created VM and make the following changes:
* In drives, delete the existing drive (could be something called an IDE drive)
* Add a new Drive and select import. Import the QCOW2 file created in step 5.
* Go to QEMU Tab and disable UEFI boot.
-
Save the settings changes and boot up the VM - should come up.