Underhanded C Contest 2015 Launched
Written by Kay Ewbank   
Tuesday, 25 August 2015

The latest annual Underhanded C Contest has been launched, with a new challenge for writing innocent-looking C code that is as readable, clear, and seemingly trustworthy as possible, yet covertly implements a malicious function.

underhandedbanner

 

The contest is in its 8th year, and continues to grow in popularity, thereby wasting many hours of useful development time as programmers dream up obscure ways to hide underhanded behavior in apparently clean code.

The idea is that your source code should look straightforward, so that another programmer would read the code and not spot a problem. At the same time, the code has to do something ‘malicious’. Previous challenges have included miscounting votes, shaving money from financial transactions, and leaking information to an eavesdropper.

This year’s theme sounds decidedly dodgy and convoluted.

The challenge is to fake answers to tests about nuclear fissile material. The people setting the Underhanded C Contest are cooperating with the Nuclear Threat Initiative (http://www.nti.org/), a nonprofit, nonpartisan organization working to reduce the threat of nuclear, chemical and biological weapons.

In the real world, the need to monitor nuclear arms and verify when countries claim to have decommissioned or destroyed nuclear material is obviously challenging and serious. In the less serious world of the competition, the challenge is to verify data showing the presence or absence of nuclear fissile material. The twist is that the code also needs to provide an incorrect result (to order) showing that fissile material is present when in fact it is not present.

As the competition site explains:

“Two countries, the Peoples Glorious Democratic Republic of Alice and the Glorious Democratic People’s Republic of Bob, have agreed to a nuclear disarmament treaty. In practice, this is implemented by nuclear inspectors visiting each country and verifying the presence of fissile material such as Plutonium in a warhead, at which point the warhead can be destroyed”.

Unfortunately, neither side wants the rival’s inspectors to see data such as a radiogram or a gamma ray spectrum of the object under test because that would give away too much information. Instead, the countries agree to develop a computer program that takes the result of a scan, determine if it matches some reference pattern, and output only a “yes” or “no.”

The Underhanded part of the competition is that your program should accurately return yes or no, but should be able to also show that nuclear material is present even when it isn’t. This incorrect answer should only be given under specific circumstances, essentially under your control. The code for this has to be hard to detect, and you gain points if the errant code can be plausibly deniable as an innocent programming error.

As always, extra points are awarded for humorous, spiteful, or ironic bugs, such as error-prone behavior in an error-checking routine.

Code needs to be submitted by November 15, and the winner of this year’s contest will receive $1,000. NTI is contributing to this year’s contest both by offering the prize, and by planning a subsequent joint programming contest after the regular Underhanded contest finishes. 

 

underhand1

 

More Information

Underhanded C Contest

Related Articles

Underhanded C Contest 2014 - The Winner 

Evil C Coders Wanted

Underhanded C Contest Revived 

 

To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, FacebookGoogle+ or Linkedin,  or sign up for our weekly newsletter.

 

Banner


Gain A Python Professional Certificate From edX
20/02/2024

From now until the end of February edX is offering a saving of up to 30% on some of its expert-led courses and program bundles, which is a good incentive for going from thinking about enrolling to act [ ... ]



GitHub Enterprise Server Adds Deployment Rollout Controls
11/03/2024

Version 3.12 of GitHub Enterprise Server, the self-hosted version of GitHub that organizations can install on their own servers, has been released with support for restricting deployment rollouts [ ... ]


More News

 

raspberry pi books

 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Tuesday, 25 August 2015 )