Week 0: Context, Idea and Technologies
Building An all-in-one Online Judge
I’m a sophomore at the National School of Computer Science in Tunisia. Last year, I enjoyed many courses and materials. I specifically got very excited about shell scripting for system administration and competitive programming using C++ . We used an online judge for the C++ challenges, but our shell scripts were validated manually by the teacher. This made the work very slow and way less competitive than it should be; Even if Mr. Ouerghi was a great human validator.
In April 2016, I was ranked the first in a local context organised by my college’s open software community (OSSEC). It was Shell Coding Challenge (like literally called SCC). But the problem was, that submissions were also validated by hand. Holy moly, it made me sick! Since then I started thinking of a solution for the problem knowing that it is really a big security overhead.
I’m also a member in a Digital Security Community called CSI-ENSI; There are very smart people in it, building and hacking everyday. Each year, we do Digital Security trainings and Capture-the-Flag events. In April, we will organise the 5th edition of a Security Summit called HackZone. It will include a CTF. In the last edition, there were more than 30 participating teams from inside the college. I built the platform for validating the users submissions, but it wasn’t a hard deal because it didn’t incorporate any real security risks just the usual web and D/DOS attacks.
The goal this year, is to build a CTF platform that is event independent, this will help us do the trainings more efficiently (we usually use RootMe). Other guys, already started experimenting.
An Online Judge for Competitive Programming, CTF and Sysadmin Challenges. That’s the title of my DDP (Design & Development Project). It means i’ll be working on this project for the next 4 months.
I’ll be working with a very serious and smart friend from CSI, she is called Mariem and she is the main coordinator of the community. Also, I have really tricky ideas I wanna try to implement, like virtual participation in contests! It will be a killer feature.
The user interface, for playing and making challenges is quite challenging too. But, the most interesting part in my opinion, is the sandboxing. How to secure the testing of the untrusted code.
I also want to make it as extensible as possible, I’m thinking of organising an event were people build bots to solve a specific task, like exchanging from cryptocurrencies.. I want to be able to extend the platform the way I want.
The project will be divided into two big parts; The web package, this will be built using React/Redux and a Django REST API. The second part is the Validator Package, we will build it using C++ and the POSIX API.
We will start by trying different sandboxing approches and comparing them. Next week, I will be covering the methods we went through and the advancements in our DDP.