Using a Linux security module for contest security

From IOI Wiki
Jump to: navigation, search
Pub article.png
  • Article: Using a Linux security module for contest security
  • Author(s): Bruce Merry
  • Journal: Olympiads in Informatics 3 (2009), 67-73

Abstract: The goal of a programming contest grading system is to take unknown code and execute it on test data. Since the code is frequently buggy and potentially malicious, it is necessary to run the code in a restricted environment to prevent it from damaging the grading system, bypassing resource constraints, or stealing information in order to obtain a better score.

We present some background on methods to construct such a restricted environment. We then describe how the South African Computer Olympiad has used a Linux Security Module to implement a restricted environment, as well as the limitations of our solution.

Keywords: linux security module, programming contest, sandboxing

Download: (free)