Secure testing of Java programming exercises
Secure testing of Java programming exercises
Supervisor(s): | Fabian Franzen |
Status: | finished |
Topic: | Others |
Author: | Daniel von Kirschten |
Submission: | 2023-09-15 |
Type of Thesis: | Masterthesis |
DescriptionIn many courses teaching computer-science related topics, programming exercises play an important role – often using the language Java. Oftentimes, feedback for these is given automatically by test code written by the course instructors and in some cases, this automatic feedback even influences the students’ final grade in the course. Because of this, it’s critical that it’s not possible for students to achieve results illegitimately, without actually solving the exercise at hand. This is a hard problem: It should of course be impossible for students to influence test code – however, sometimes the test code should even stay entirely hidden from students as it can contain sensitive data, such as a complete list of all test cases or even a sample solution. This is especially relevant for courses where test code is reused in each iteration. There are existing solutions for this problem, but each has some drawbacks – for example the use of Java features which have been deprecated for removal. This thesis presents Charon, a framework which uses Linux Namespaces through usage of Docker to securely isolate student- submitted code from test code while staying completely transparent for students and mostly transparent for exercise creators. In this way, Charon attempts to enable secure and usable tests of Java programming exercises. During evaluation of its performance, it showed an overhead of 1 μs to 5 μs per call across the isolation boundary, depending on the context. Charon was also tested in a real-world lecture, where it proved its applicability and transparency for students. |