Game 2 – Malicious Employer

In this game, the employer’s App leverages its execution privilege to try to leak a password of the user. The password is “HardToGuess”. It is supposed that the Core let the Data Task access this password (thus the setting: The core protects the credentials: NO.). In the following versions of the PDMS, two properties are either disabled or enabled:
  • Stateless Data tasks: Each Data task is instantiated for the sole purpose of answering a specific call, after which it is terminated and its RAM wiped.
  • Deterministic Data Tasks: Each Data Task produces the same result for the same function code run on the same input.
To carry its attack, the App asks the Core to execute several times the computation and obtains the results. The player must guess which property was enabled or disabled by running the attack simulation and observing the output and the password leaks.

PDMS version 

  • The Core protects the credentials: NO
  • The result size is limited to: 6 bits

Password:

Run: 00


Run the attack simulation and deduce which property was enabled/disabled by entering your guesses on the right 

— waiting for input —

  
The Core enforces stateless datatasks?
The Core enforces deterministic datatasks?

PDMS version 

  • The Core protects the credentials: NO
  • The result size is limited to: 12 bits

Password:

Run: 00


Run the attack simulation and deduce which property was enabled/disabled by entering your guesses on the right 

— waiting for input —

  
The Core enforces stateless datatasks?
The Core enforces deterministic datatasks?

PDMS version 

  • The Core protects the credentials: NO
  • The result size is limited to: 12 bits

Password:

Run: 00


Run the attack simulation and deduce which property was enabled/disabled by entering your guesses on the right 

— waiting for input —

  
The Core enforces stateless datatasks?
The Core enforces deterministic datatasks?

Comments are closed.