Attention all computer coders: Binghamton professor Scott Craver challenges you to do your worst.
After a five-year hiatus, Craver, an assistant professor of electrical and computer engineering, is restoring the Underhanded C contest.
The goal of the contest is to write code that is readable, clear and innocent on the surface, but deeper down, the program is secretly malicious. Past years had students write programs to miscount votes, shave money from financial transactions and leak information.
This year, Craver challenged contestants to subvert a Facebook-like social network by gaining access to every user’s profile. But there’s a catch: the program must appear as though it only determines how much access one user has to another user’s profile.
Submissions are written in C, one of the most widely used programming languages in existence.
“The C function figures out how far apart two people are,” he said. “It must misbehave in a way such that the programmer is always right next to everyone, essentially giving the programmer full control over the network.”
However, Craver added that your program must do more than gain access; it must be sneaky, too.
“There are two goals to meet in order to win this contest,” he said. “The first is to hide the bug so well that people don’t notice it’s there. The second is if someone finally realizes there is a bug, and they spend a lot of time tracking down exactly what the problem is and finally find it, it should look like an innocent mistake.”
Craver started the Underhanded C Contest after participating in a 2004 contest run by a student at Stanford University.
“During the 2004 presidential election, there were concerns about the security of touch-screen voting machines and other voting software,” Craver said. “So this student at Stanford decided to launch a contest, the object of which was to design a simple computer program to count votes. The challenge was to write a program that somehow gives the wrong totals even though the code to the program is very clear.”
He found the results so interesting that he decided to create a contest of his own, and began introducing a different theme every year.
The contest has grown drastically since its humble beginnings, Craver said. The winner of this year’s contest, which runs from April 1 to July 4, will receive a $200 gift card to ThinkGeek.
“The original prize from the first contest was a case of beer, which was a mistake because we couldn’t ship it,” he said.
Craver receives submissions from all over the world, and a shortlist is created after eliminating the programs that don’t work or do not meet the contest rules.
But Craver added that the most effective submission will not necessarily be the winning one.
“There are a few other ways that we judge — informally — which seems to be the best submission,” he said. “Sometimes it’s a matter of humor value. Some of them use very clever techniques to cause an error to occur. We do mention on the contest site that certain things are worth more points, but in the end what it boils down to is which result impresses us the most.”
Despite his passion for coding, Craver prefers judging over participating.
“I think I have more fun seeing other people’s sneaky ideas than trying to come up with sneaky ideas myself,” he said.