Welcome to the Information Flow Challenge.
This is an online playground for information flow security. The challenge lets you play against an information flow analysis procedure. Currently there are 4 challenges. In each challenge your task is to write a program that would leak secret information to you. On each step the information flow analysis becomes more and more sophisticated, so you will have to learn new types of covert channels in the programs. Another purpose of the exercise is to give you an idea of how an information flow analysis works.
The programs are written in a simple programming language (called the While-language) which has the following syntax:
stm ::= x = e ; | skip ; | stm1 stm2 | if (e) { stm1 } else { stm2 } | while (e) { stm }The language allows one to write programs that operate on boolean values (0 or 1). It is possible to use variables l1-l5 and h1-h5. The statements include variable assignment, no operation (skip), conditionals (if) and loops (while). It is possible to combine statements in sequences by separating them by a semicolon (;).
Here's an example of the program in this language:
l1 = 1;which, if executed with the initial values l1 -> 0, l2 -> 0, l3 -> 0, will evaluate to l1 -> 1, l2 -> 1, l3 -> 0.
The variables h1-h5 are called high variables. You cannot observe their values. These variables contain a secret which you need to find out. The variables l1-l5 are called low variables. Their values are displayed after 50 steps of program execution. Note, that if the program does not terminate in 50 steps, the values after 50 steps are displayed.
The general guideline to the challenges is that you need to write a program (or several programs) that, while being accepted by the analysis, produce an output (in form of the values of l1-l5) that allows you to judge about the secret value (the values of h1-h5).
The information flow analysis is turned off for the first challenge, so any valid program will be executed.
Good luck!
Click here to start the challenge.