{"id":201,"date":"2021-06-14T20:37:01","date_gmt":"2021-06-14T18:37:01","guid":{"rendered":"https:\/\/project.inria.fr\/espdms\/?page_id=201"},"modified":"2022-04-01T11:07:31","modified_gmt":"2022-04-01T09:07:31","slug":"game2","status":"publish","type":"page","link":"https:\/\/project.inria.fr\/espdms\/game2\/","title":{"rendered":"Game 2 &#8211; Malicious Employer"},"content":{"rendered":"\n<div>In this game, the employer&#8217;s App leverages its execution privilege to try to leak a password of the user. The password is &#8220;HardToGuess&#8221;.\nIt is supposed that the Core let the Data Task access this password (thus the setting: The core protects the credentials: <span style=\"color: #ff0000;\">NO<\/span>.).\nIn the following versions of the PDMS, two properties are either disabled or enabled:\n<ul>\n<li> Stateless Data tasks: Each Data task is instantiated for the sole purpose of answering a specific call, after which it is terminated and its RAM wiped.\n<li> Deterministic Data Tasks: Each Data Task produces the same result for the same function code run on the same input.\n<\/ul>\nTo carry its attack, the App asks the Core to execute several times the computation and obtains the results. The player must guess which property was enabled or disabled by running the attack simulation and observing the output and the password leaks.\n<\/div>\n<hr>\n<table class=\"wp-block-table\">\n<tbody>\n<tr>\n<td width=\"400\">\n<h2><strong>PDMS version&nbsp;<\/strong><\/h2>\n<ul>\n<li>The Core protects the credentials:<strong> <span style=\"color: #ff0000;\">NO<\/span><\/strong><\/li>\n<li>The result size is limited to:<strong> <span style=\"color: #008000;\">6 bits<\/span><\/strong><\/li>\n<\/ul>\n<hr>\n\n<p><button onclick=\"attack5()\"><br>Run attack simulation!<br><br><\/button><\/p>\n<h2><small>Password: <\/small><strong><label id=\"Pwd1\">***********<\/label><\/strong><\/h2>\n<h2><small>Run: <\/small><strong id=\"Run1\">00<\/strong><\/h2>\n<br>\nRun the attack simulation and deduce which property was enabled\/disabled by entering your guesses on the right&nbsp; <span style=\"color: #ff0000;\"><strong>\u21d2<\/strong><strong>\u21d2<\/strong><strong>\u21d2<\/strong><\/span>\n<\/td>\n<td width=\"700\" bgcolor=\"#2f4f4f\"><span style=\"color: #ffff99;\"><p id=\"Cons5\" class=\"p3\">&#8212; waiting for input &#8212;<\/p><\/span><\/td>\n<td width=\"50\">&nbsp;<\/td>\n<td width=\"500\"><div class=\"frm_forms  with_frm_style frm_style_formidable-style\" id=\"frm_form_7_container\" ><form enctype=\"multipart\/form-data\" method=\"post\" class=\"frm-show-form  frm_js_validate \" id=\"form_game1_form8c6eda5862a79f57598e798fe10c3414fdd906d5\" ><div class=\"frm_form_fields \"><fieldset><div class=\"frm_fields_container\"><input type=\"hidden\" name=\"frm_action\" value=\"create\" \/><input type=\"hidden\" name=\"form_id\" value=\"7\" \/><input type=\"hidden\" name=\"frm_hide_fields_7\" id=\"frm_hide_fields_7\" value=\"\" \/><input type=\"hidden\" name=\"form_key\" value=\"game1_form8c6eda5862a79f57598e798fe10c3414fdd906d5\" \/><input type=\"hidden\" name=\"item_meta[0]\" value=\"\" \/><input type=\"hidden\" id=\"frm_submit_entry_7\" name=\"frm_submit_entry_7\" value=\"b8b402fd39\" \/><input type=\"hidden\" name=\"_wp_http_referer\" value=\"\/espdms\/wp-json\/wp\/v2\/pages\/201\" \/><div id=\"frm_field_17_container\" class=\"frm_form_field form-field  frm_top_container frm_full vertical_radio\"><div  id=\"field_ek5jhd3fb7b1cf1a52e523333ce8bc99f96ab8dcd13fd_label\" class=\"frm_primary_label\">The Core enforces stateless datatasks?<span class=\"frm_required\"><\/span><\/div><div class=\"frm_opt_container\" aria-labelledby=\"field_ek5jhd3fb7b1cf1a52e523333ce8bc99f96ab8dcd13fd_label\" role=\"radiogroup\"><div class=\"frm_radio\" id=\"frm_radio_17-0\"><label  for=\"field_ek5jhd3fb7b1cf1a52e523333ce8bc99f96ab8dcd13fd-0\"><input type=\"radio\" name=\"item_meta[17]\" id=\"field_ek5jhd3fb7b1cf1a52e523333ce8bc99f96ab8dcd13fd-0\" value=\"YES\"   data-invmsg=\"The Core enforces stateless datatasks? is invalid\"  \/> YES<\/label><\/div><div class=\"frm_radio\" id=\"frm_radio_17-1\"><label  for=\"field_ek5jhd3fb7b1cf1a52e523333ce8bc99f96ab8dcd13fd-1\"><input type=\"radio\" name=\"item_meta[17]\" id=\"field_ek5jhd3fb7b1cf1a52e523333ce8bc99f96ab8dcd13fd-1\" value=\"NO\"   data-invmsg=\"The Core enforces stateless datatasks? is invalid\"  \/> NO<\/label><\/div><\/div><\/div><div id=\"frm_field_18_container\" class=\"frm_form_field form-field  frm_top_container frm_full vertical_radio\"><div  id=\"field_li0n9c6aa1d9b354dc05718_label\" class=\"frm_primary_label\">The Core enforces deterministic datatasks?<span class=\"frm_required\"><\/span><\/div><div class=\"frm_opt_container\" aria-labelledby=\"field_li0n9c6aa1d9b354dc05718_label\" role=\"radiogroup\"><div class=\"frm_radio\" id=\"frm_radio_18-0\"><label  for=\"field_li0n9c6aa1d9b354dc05718-0\"><input type=\"radio\" name=\"item_meta[18]\" id=\"field_li0n9c6aa1d9b354dc05718-0\" value=\"YES\"   data-invmsg=\"The Core enforces deterministic datatasks? is invalid\"  \/> YES<\/label><\/div><div class=\"frm_radio\" id=\"frm_radio_18-1\"><label  for=\"field_li0n9c6aa1d9b354dc05718-1\"><input type=\"radio\" name=\"item_meta[18]\" id=\"field_li0n9c6aa1d9b354dc05718-1\" value=\"NO\"   data-invmsg=\"The Core enforces deterministic datatasks? is invalid\"  \/> NO<\/label><\/div><\/div><\/div><input type=\"hidden\" name=\"item_key\" value=\"\" \/><div id=\"frm_field_32_container\"><label for=\"field_tvh0s\" >If you are human, leave this field blank.<\/label><input  id=\"field_tvh0s\" type=\"text\" class=\"frm_form_field form-field frm_verify\" name=\"item_meta[32]\" value=\"\"  \/><\/div><input name=\"frm_state\" type=\"hidden\" value=\"QDrhT++GVKxSH2ZRVrv94to+wSRIUO31XoP4c6RR8KM=\" \/><div class=\"frm_submit\"><button class=\"frm_button_submit\" type=\"submit\"  >Check your guess!<\/button><\/div><\/div><\/fieldset><\/div><\/form><\/div><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n\n<table class=\"wp-block-table\">\n<tbody>\n<tr>\n<td width=\"400\">\n<h2><strong>PDMS version&nbsp;<\/strong><\/h2>\n<ul>\n<li>The Core protects the credentials:<strong> <span style=\"color: #ff0000;\">NO<\/span><\/strong><\/li>\n<li>The result size is limited to:<strong> <span style=\"color: #ff0000;\">12 bits<\/span><\/strong><\/li>\n<\/ul>\n<hr>\n<p><button onclick=\"attack6()\"><br>Run attack simulation!<br><br><\/button><\/p>\n<h2><small>Password: <\/small><strong><label id=\"Pwd2\">***********<\/label><\/strong><\/h2>\n<h2><small>Run: <\/small><strong id=\"Run2\">00<\/strong><\/h2>\n<br>\nRun the attack simulation and deduce which property was enabled\/disabled by entering your guesses on the right&nbsp; <span style=\"color: #ff0000;\"><strong>\u21d2<\/strong><strong>\u21d2<\/strong><strong>\u21d2<\/strong><\/span>\n<\/td>\n<td width=\"700\" bgcolor=\"#2f4f4f\"><span style=\"color: #ffff99;\"><p id=\"Cons6\" class=\"p3\">&#8212; waiting for input &#8212;<\/p><\/span><\/td>\n<td width=\"50\">&nbsp;<\/td>\n<td width=\"500\"><div class=\"frm_forms  with_frm_style frm_style_formidable-style\" id=\"frm_form_8_container\" ><form enctype=\"multipart\/form-data\" method=\"post\" class=\"frm-show-form  frm_js_validate \" id=\"form_game1_form8c6eda5862a79f57598e798fe10c3414fdd906d598a239c69a\" ><div class=\"frm_form_fields \"><fieldset><div class=\"frm_fields_container\"><input type=\"hidden\" name=\"frm_action\" value=\"create\" \/><input type=\"hidden\" name=\"form_id\" value=\"8\" \/><input type=\"hidden\" name=\"frm_hide_fields_8\" id=\"frm_hide_fields_8\" value=\"\" \/><input type=\"hidden\" name=\"form_key\" value=\"game1_form8c6eda5862a79f57598e798fe10c3414fdd906d598a239c69a\" \/><input type=\"hidden\" name=\"item_meta[0]\" value=\"\" \/><input type=\"hidden\" id=\"frm_submit_entry_8\" name=\"frm_submit_entry_8\" value=\"b8b402fd39\" \/><input type=\"hidden\" name=\"_wp_http_referer\" value=\"\/espdms\/wp-json\/wp\/v2\/pages\/201\" \/><div id=\"frm_field_19_container\" class=\"frm_form_field form-field  frm_top_container frm_full vertical_radio\"><div  id=\"field_ek5jhd3fb7b1cf1a52e523333ce8bc99f96ab8dcd13fd0786879557_label\" class=\"frm_primary_label\">The Core enforces stateless datatasks?<span class=\"frm_required\"><\/span><\/div><div class=\"frm_opt_container\" aria-labelledby=\"field_ek5jhd3fb7b1cf1a52e523333ce8bc99f96ab8dcd13fd0786879557_label\" role=\"radiogroup\"><div class=\"frm_radio\" id=\"frm_radio_19-0\"><label  for=\"field_ek5jhd3fb7b1cf1a52e523333ce8bc99f96ab8dcd13fd0786879557-0\"><input type=\"radio\" name=\"item_meta[19]\" id=\"field_ek5jhd3fb7b1cf1a52e523333ce8bc99f96ab8dcd13fd0786879557-0\" value=\"YES\"   data-invmsg=\"The Core enforces stateless datatasks? is invalid\"  \/> YES<\/label><\/div><div class=\"frm_radio\" id=\"frm_radio_19-1\"><label  for=\"field_ek5jhd3fb7b1cf1a52e523333ce8bc99f96ab8dcd13fd0786879557-1\"><input type=\"radio\" name=\"item_meta[19]\" id=\"field_ek5jhd3fb7b1cf1a52e523333ce8bc99f96ab8dcd13fd0786879557-1\" value=\"NO\"   data-invmsg=\"The Core enforces stateless datatasks? is invalid\"  \/> NO<\/label><\/div><\/div><\/div><div id=\"frm_field_20_container\" class=\"frm_form_field form-field  frm_top_container frm_full vertical_radio\"><div  id=\"field_li0n9c6aa1d9b354dc05718c7d5eaa211_label\" class=\"frm_primary_label\">The Core enforces deterministic datatasks?<span class=\"frm_required\"><\/span><\/div><div class=\"frm_opt_container\" aria-labelledby=\"field_li0n9c6aa1d9b354dc05718c7d5eaa211_label\" role=\"radiogroup\"><div class=\"frm_radio\" id=\"frm_radio_20-0\"><label  for=\"field_li0n9c6aa1d9b354dc05718c7d5eaa211-0\"><input type=\"radio\" name=\"item_meta[20]\" id=\"field_li0n9c6aa1d9b354dc05718c7d5eaa211-0\" value=\"YES\"   data-invmsg=\"The Core enforces deterministic datatasks? is invalid\"  \/> YES<\/label><\/div><div class=\"frm_radio\" id=\"frm_radio_20-1\"><label  for=\"field_li0n9c6aa1d9b354dc05718c7d5eaa211-1\"><input type=\"radio\" name=\"item_meta[20]\" id=\"field_li0n9c6aa1d9b354dc05718c7d5eaa211-1\" value=\"NO\"   data-invmsg=\"The Core enforces deterministic datatasks? is invalid\"  \/> NO<\/label><\/div><\/div><\/div><input type=\"hidden\" name=\"item_key\" value=\"\" \/><div id=\"frm_field_33_container\"><label for=\"field_naydx\" >If you are human, leave this field blank.<\/label><input  id=\"field_naydx\" type=\"text\" class=\"frm_form_field form-field frm_verify\" name=\"item_meta[33]\" value=\"\"  \/><\/div><input name=\"frm_state\" type=\"hidden\" value=\"QDrhT++GVKxSH2ZRVrv94sWcKkJkBx\/CY8daXE\/UGUY=\" \/><div class=\"frm_submit\"><button class=\"frm_button_submit\" type=\"submit\"  >Check your guess!<\/button><\/div><\/div><\/fieldset><\/div><\/form><\/div><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n\n\n<table class=\"wp-block-table\">\n<tbody>\n<tr>\n<td width=\"400\">\n<h2><strong>PDMS version&nbsp;<\/strong><\/h2>\n<ul>\n<li>The Core protects the credentials:<strong> <span style=\"color: #ff0000;\">NO<\/span><\/strong><\/li>\n<li>The result size is limited to:<strong> <span style=\"color: #ff0000;\">12 bits<\/span><\/strong><\/li>\n<\/ul>\n<hr>\n<p><button onclick=\"attack7()\"><br>Run attack simulation!<br><br><\/button><\/p>\n<h2><small>Password: <\/small><strong><label id=\"Pwd3\">***********<\/label><\/strong><\/h2>\n<h2><small>Run: <\/small><strong id=\"Run3\">00<\/strong><\/h2>\n<br>\nRun the attack simulation and deduce which property was enabled\/disabled by entering your guesses on the right&nbsp; <span style=\"color: #ff0000;\"><strong>\u21d2<\/strong><strong>\u21d2<\/strong><strong>\u21d2<\/strong><\/span>\n<\/td>\n<td width=\"700\" bgcolor=\"#2f4f4f\"><span style=\"color: #ffff99;\"><p id=\"Cons7\" class=\"p3\">&#8212; waiting for input &#8212;<\/p><\/span><\/td>\n<td width=\"50\">&nbsp;<\/td>\n<td width=\"500\"><div class=\"frm_forms  with_frm_style frm_style_formidable-style\" id=\"frm_form_9_container\" ><form enctype=\"multipart\/form-data\" method=\"post\" class=\"frm-show-form  frm_js_validate \" id=\"form_game1_form8c6eda5862a79f57598e798fe10c3414fdd906d598a239c69a9ffc7c9622\" ><div class=\"frm_form_fields \"><fieldset><div class=\"frm_fields_container\"><input type=\"hidden\" name=\"frm_action\" value=\"create\" \/><input type=\"hidden\" name=\"form_id\" value=\"9\" \/><input type=\"hidden\" name=\"frm_hide_fields_9\" id=\"frm_hide_fields_9\" value=\"\" \/><input type=\"hidden\" name=\"form_key\" value=\"game1_form8c6eda5862a79f57598e798fe10c3414fdd906d598a239c69a9ffc7c9622\" \/><input type=\"hidden\" name=\"item_meta[0]\" value=\"\" \/><input type=\"hidden\" id=\"frm_submit_entry_9\" name=\"frm_submit_entry_9\" value=\"b8b402fd39\" \/><input type=\"hidden\" name=\"_wp_http_referer\" value=\"\/espdms\/wp-json\/wp\/v2\/pages\/201\" \/><div id=\"frm_field_21_container\" class=\"frm_form_field form-field  frm_top_container frm_full vertical_radio\"><div  id=\"field_ek5jhd3fb7b1cf1a52e523333ce8bc99f96ab8dcd13fd07868795577734284ff8_label\" class=\"frm_primary_label\">The Core enforces stateless datatasks?<span class=\"frm_required\"><\/span><\/div><div class=\"frm_opt_container\" aria-labelledby=\"field_ek5jhd3fb7b1cf1a52e523333ce8bc99f96ab8dcd13fd07868795577734284ff8_label\" role=\"radiogroup\"><div class=\"frm_radio\" id=\"frm_radio_21-0\"><label  for=\"field_ek5jhd3fb7b1cf1a52e523333ce8bc99f96ab8dcd13fd07868795577734284ff8-0\"><input type=\"radio\" name=\"item_meta[21]\" id=\"field_ek5jhd3fb7b1cf1a52e523333ce8bc99f96ab8dcd13fd07868795577734284ff8-0\" value=\"YES\"   data-invmsg=\"The Core enforces stateless datatasks? is invalid\"  \/> YES<\/label><\/div><div class=\"frm_radio\" id=\"frm_radio_21-1\"><label  for=\"field_ek5jhd3fb7b1cf1a52e523333ce8bc99f96ab8dcd13fd07868795577734284ff8-1\"><input type=\"radio\" name=\"item_meta[21]\" id=\"field_ek5jhd3fb7b1cf1a52e523333ce8bc99f96ab8dcd13fd07868795577734284ff8-1\" value=\"NO\"   data-invmsg=\"The Core enforces stateless datatasks? is invalid\"  \/> NO<\/label><\/div><\/div><\/div><div id=\"frm_field_22_container\" class=\"frm_form_field form-field  frm_top_container frm_full vertical_radio\"><div  id=\"field_li0n9c6aa1d9b354dc05718c7d5eaa2112a36815b7f_label\" class=\"frm_primary_label\">The Core enforces deterministic datatasks?<span class=\"frm_required\"><\/span><\/div><div class=\"frm_opt_container\" aria-labelledby=\"field_li0n9c6aa1d9b354dc05718c7d5eaa2112a36815b7f_label\" role=\"radiogroup\"><div class=\"frm_radio\" id=\"frm_radio_22-0\"><label  for=\"field_li0n9c6aa1d9b354dc05718c7d5eaa2112a36815b7f-0\"><input type=\"radio\" name=\"item_meta[22]\" id=\"field_li0n9c6aa1d9b354dc05718c7d5eaa2112a36815b7f-0\" value=\"YES\"   data-invmsg=\"The Core enforces deterministic datatasks? is invalid\"  \/> YES<\/label><\/div><div class=\"frm_radio\" id=\"frm_radio_22-1\"><label  for=\"field_li0n9c6aa1d9b354dc05718c7d5eaa2112a36815b7f-1\"><input type=\"radio\" name=\"item_meta[22]\" id=\"field_li0n9c6aa1d9b354dc05718c7d5eaa2112a36815b7f-1\" value=\"NO\"   data-invmsg=\"The Core enforces deterministic datatasks? is invalid\"  \/> NO<\/label><\/div><\/div><\/div><input type=\"hidden\" name=\"item_key\" value=\"\" \/><div id=\"frm_field_34_container\"><label for=\"field_25cri\" >If you are human, leave this field blank.<\/label><input  id=\"field_25cri\" type=\"text\" class=\"frm_form_field form-field frm_verify\" name=\"item_meta[34]\" value=\"\"  \/><\/div><input name=\"frm_state\" type=\"hidden\" value=\"QDrhT++GVKxSH2ZRVrv94ozrSZKlleNdFR8FLK1OhjA=\" \/><div class=\"frm_submit\"><button class=\"frm_button_submit\" type=\"submit\"  >Check your guess!<\/button><\/div><\/div><\/fieldset><\/div><\/form><\/div><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n\n\n\n<pre><script>\nfunction sleep(ms) {\n    return new Promise(resolve => setTimeout(resolve, ms));\n}\nasync function attack5() {\n    var x = document.getElementById(\"Cons5\");\n    var r = document.getElementById(\"Run1\");\n    var p = document.getElementById(\"Pwd1\");\n    x.innerHTML = \"------ Running 15 times the malicious version of 'ComputeBikeStats' data task<br>01 - Running 'ComputeBikeStats'\";\n    await sleep(1000);  r.innerHTML=\"01\";  x.innerHTML += \" --> Number of computed bike trips: 1 (0x1)<br>02 - Running 'ComputeBikeStats'\";  p.innerHTML=\"@**********\";\n    await sleep(1000);  r.innerHTML=\"02\";  x.innerHTML += \" --> Number of computed bike trips: 1 (0x1)<br>03 - Running 'ComputeBikeStats'\";\n    await sleep(1000);  r.innerHTML=\"03\";  x.innerHTML += \" --> Number of computed bike trips: 1 (0x1)<br>04 - Running 'ComputeBikeStats'\";\n    await sleep(1000);  r.innerHTML=\"04\";  x.innerHTML += \" --> Number of computed bike trips: 1 (0x1)<br>05 - Running 'ComputeBikeStats'\";\n    await sleep(1000);  r.innerHTML=\"05\";  x.innerHTML += \" --> Number of computed bike trips: 1 (0x1)<br>06 - Running 'ComputeBikeStats'\";\n    await sleep(1000);  r.innerHTML=\"06\";  x.innerHTML += \" --> Number of computed bike trips: 1 (0x1)<br>07 - Running 'ComputeBikeStats'\";\n    await sleep(1000);  r.innerHTML=\"07\";  x.innerHTML += \" --> Number of computed bike trips: 1 (0x1)<br>08 - Running 'ComputeBikeStats'\";\n    await sleep(1000);  r.innerHTML=\"08\";  x.innerHTML += \" --> Number of computed bike trips: 1 (0x1)<br>09 - Running 'ComputeBikeStats'\";\n    await sleep(1000);  r.innerHTML=\"09\";  x.innerHTML += \" --> Number of computed bike trips: 1 (0x1)<br>10 - Running 'ComputeBikeStats'\";\n    await sleep(1000);  r.innerHTML=\"10\";  x.innerHTML += \" --> Number of computed bike trips: 1 (0x1)<br>11 - Running 'ComputeBikeStats'\";\n    await sleep(1000);  r.innerHTML=\"11\";  x.innerHTML += \" --> Number of computed bike trips: 1 (0x1)<br>12 - Running 'ComputeBikeStats'\";\n    await sleep(1000);  r.innerHTML=\"12\";  x.innerHTML += \" --> Number of computed bike trips: 1 (0x1)<br>13 - Running 'ComputeBikeStats'\";\n    await sleep(1000);  r.innerHTML=\"13\";  x.innerHTML += \" --> Number of computed bike trips: 1 (0x1)<br>14 - Running 'ComputeBikeStats'\";\n    await sleep(1000);  r.innerHTML=\"14\";  x.innerHTML += \" --> Number of computed bike trips: 1 (0x1)<br>15 - Running 'ComputeBikeStats'\";\n    await sleep(1000);  r.innerHTML=\"15\";  x.innerHTML += \" --> Number of computed bike trips: 1 (0x1)<br>------------- Finished -------------\";\n}\n    \nasync function attack6() {\n    var x = document.getElementById(\"Cons6\");\n    var r = document.getElementById(\"Run2\");\n    var p = document.getElementById(\"Pwd2\");\n    x.innerHTML = \"------ Running 15 times the malicious version of 'ComputeBikeStats' data task<br>01 - Running 'ComputeBikeStats'\";\n    await sleep(1000);  r.innerHTML=\"01\";  x.innerHTML += \" --> Number of computed bike trips: 1607 (0x647)<br>02 - Running 'ComputeBikeStats'\"; p.innerHTML=\"******G****\";\n    await sleep(1000);  r.innerHTML=\"02\";  x.innerHTML += \" --> Number of computed bike trips: 626 (0x272)<br>03 - Running 'ComputeBikeStats'\"; p.innerHTML=\"**r***G****\";\n    await sleep(1000);  r.innerHTML=\"03\";  x.innerHTML += \" --> Number of computed bike trips: 868 (0x364)<br>04 - Running 'ComputeBikeStats'\"; p.innerHTML=\"**rd**G****\";\n    await sleep(1000);  r.innerHTML=\"04\";  x.innerHTML += \" --> Number of computed bike trips: 1391 (0x56F)<br>05 - Running 'ComputeBikeStats'\"; p.innerHTML=\"**rd*oG****\";\n    await sleep(1000);  r.innerHTML=\"05\";  x.innerHTML += \" --> Number of computed bike trips: 2149 (0x865)<br>06 - Running 'ComputeBikeStats'\"; p.innerHTML=\"**rd*oG*e**\";\n    await sleep(1000);  r.innerHTML=\"06\";  x.innerHTML += \" --> Number of computed bike trips: 353 (0x161)<br>07 - Running 'ComputeBikeStats'\"; p.innerHTML=\"*ard*oG*e**\";\n    await sleep(1000);  r.innerHTML=\"07\";  x.innerHTML += \" --> Number of computed bike trips: 1909 (0x775)<br>08 - Running 'ComputeBikeStats'\"; p.innerHTML=\"*ard*oGue**\";\n    await sleep(1000);  r.innerHTML=\"08\";  x.innerHTML += \" --> Number of computed bike trips: 2675 (0xA73)<br>09 - Running 'ComputeBikeStats'\"; p.innerHTML=\"*ard*oGue*s\";\n    await sleep(1000);  r.innerHTML=\"09\";  x.innerHTML += \" --> Number of computed bike trips: 353 (0x161)<br>10 - Running 'ComputeBikeStats'\"; p.innerHTML=\"*ard*oGue*s\";\n    await sleep(1000);  r.innerHTML=\"10\";  x.innerHTML += \" --> Number of computed bike trips: 2419 (0x973)<br>11 - Running 'ComputeBikeStats'\"; p.innerHTML=\"*ard*oGuess\";\n    await sleep(1000);  r.innerHTML=\"11\";  x.innerHTML += \" --> Number of computed bike trips: 2149 (0x865)<br>12 - Running 'ComputeBikeStats'\"; p.innerHTML=\"*ard*oGuess\";\n    await sleep(1000);  r.innerHTML=\"12\";  x.innerHTML += \" --> Number of computed bike trips: 2675 (0xA73)<br>13 - Running 'ComputeBikeStats'\"; p.innerHTML=\"*ard*oGuess\";\n    await sleep(1000);  r.innerHTML=\"13\";  x.innerHTML += \" --> Number of computed bike trips: 2675 (0xA73)<br>14 - Running 'ComputeBikeStats'\"; p.innerHTML=\"*ard*oGuess\";\n    await sleep(1000);  r.innerHTML=\"14\";  x.innerHTML += \" --> Number of computed bike trips: 1607 (0x647)<br>15 - Running 'ComputeBikeStats'\"; p.innerHTML=\"*ard*oGuess\";\n    await sleep(1000);  r.innerHTML=\"15\";  x.innerHTML += \" --> Number of computed bike trips: 626 (0x272)<br>------------- Finished -------------\"; p.innerHTML=\"*ard*oGuess\";\n}\n\nasync function attack7() {\n    var x = document.getElementById(\"Cons7\");\n    var r = document.getElementById(\"Run3\");\n    var p = document.getElementById(\"Pwd3\");\n    x.innerHTML = \"------ Running 8 times the malicious version of 'ComputeBikeStats' data task<br>01 - Running 'ComputeBikeStats'\";\n    await sleep(1000);  r.innerHTML=\"01\";  x.innerHTML += \" --> Number of computed bike trips: 1158 (0x486)<br>02 - Running 'ComputeBikeStats'\"; p.innerHTML=\"H**********\";\n    await sleep(1000);  r.innerHTML=\"02\";  x.innerHTML += \" --> Number of computed bike trips: 370 (0x172)<br>03 - Running 'ComputeBikeStats'\"; p.innerHTML=\"Har********\";\n    await sleep(1000);  r.innerHTML=\"03\";  x.innerHTML += \" --> Number of computed bike trips: 1605 (0x645)<br>04 - Running 'ComputeBikeStats'\"; p.innerHTML=\"Hard*******\";\n    await sleep(1000);  r.innerHTML=\"04\";  x.innerHTML += \" --> Number of computed bike trips: 1135 (0x46F)<br>05 - Running 'ComputeBikeStats'\"; p.innerHTML=\"HardTo*****\";\n    await sleep(1000);  r.innerHTML=\"05\";  x.innerHTML += \" --> Number of computed bike trips: 1143 (0x477)<br>06 - Running 'ComputeBikeStats'\"; p.innerHTML=\"HardToG****\";\n    await sleep(1000);  r.innerHTML=\"06\";  x.innerHTML += \" --> Number of computed bike trips: 1381 (0x565)<br>07 - Running 'ComputeBikeStats'\"; p.innerHTML=\"HardToGue**\";\n    await sleep(1000);  r.innerHTML=\"07\";  x.innerHTML += \" --> Number of computed bike trips: 1847 (0x737)<br>08 - Running 'ComputeBikeStats'\"; p.innerHTML=\"HardToGues*\";\n    await sleep(1000);  r.innerHTML=\"08\";  x.innerHTML += \" --> Number of computed bike trips: 3 (0x3)<br>------------- Finished -------------\"; p.innerHTML=\"HardToGuess\";\n}\n<\/script>\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>In this game, the employer&#8217;s App leverages its execution privilege to try to leak a password of the user. The password is &#8220;HardToGuess&#8221;. It is supposed that the Core let the Data Task access this password (thus the setting: The core protects the credentials: NO.). In the following versions of\u2026<\/p>\n<p> <a class=\"continue-reading-link\" href=\"https:\/\/project.inria.fr\/espdms\/game2\/\"><span>Continue reading<\/span><i class=\"crycon-right-dir\"><\/i><\/a> <\/p>\n","protected":false},"author":67,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-201","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/project.inria.fr\/espdms\/wp-json\/wp\/v2\/pages\/201","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/project.inria.fr\/espdms\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/project.inria.fr\/espdms\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/project.inria.fr\/espdms\/wp-json\/wp\/v2\/users\/67"}],"replies":[{"embeddable":true,"href":"https:\/\/project.inria.fr\/espdms\/wp-json\/wp\/v2\/comments?post=201"}],"version-history":[{"count":51,"href":"https:\/\/project.inria.fr\/espdms\/wp-json\/wp\/v2\/pages\/201\/revisions"}],"predecessor-version":[{"id":1143,"href":"https:\/\/project.inria.fr\/espdms\/wp-json\/wp\/v2\/pages\/201\/revisions\/1143"}],"wp:attachment":[{"href":"https:\/\/project.inria.fr\/espdms\/wp-json\/wp\/v2\/media?parent=201"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}