Naccio Challenge

Hack our system and win untold fame and invaluable prizes!
Current prize: Celtic Replica Jersey!

This server accepts a Java application class, and runs it with a specified safety policy. If the class execution does not violate the safety policy, the server will return the standard error output. If the policy is violated, information on the safety property violated is returned along with the application's standard error output up to the point when the safety violation was raised.

Class URL

This URL should point to a stand-alone Java class with a main method. You can enter your own URL, or use the sample class.

Test

This class creates a new file, writes a few bytes to it, reads them and echos the result to standard error. It violates the Draconian policy (the first violation occurs when the Random constructor attempts to access the system time in violation of the NoObserveTime property), but satisfies the Paranoid policy.

Policy

Select the safety policy to be enforced. Click on the policy name to see how it is defined.

Draconian

This policy prevents an application from using the network, file system or display, or accessing system properties. This policy would be too strict for general use, since it disallows most useful programs.

Paranoid
Disallows use of the network and display, but allows limited use of the file system. Programs may create up to three new files in the /tmp/ subtree, and read and write up to 10,000 bytes from them. Existing files may not be read or written.
General information on defining safety policies
Browse Policy Library

Rules

Sorry, this form is temporarily disabled due to security concerns. If you would like a local version of Naccio/JavaVM to try, please email evans@cs.virginia.edu.

Naccio Home Page
David Evans
University of Virginia, Computer Science