You are encouraged to work in groups (up to 3 people) for the labs and collaborate through version control (e.g., gitlab.cs). It is okay to use open-source code in your implementation. The labs are intended to be open-ended. Feel free to add interesting features.
For Lab 1, your job is to implement a web server using C/C++ on Linux. You may reuse code from 550’s project 1 if you have done that before. Then, enhance your web server with better security.
For this part, implement a single-threaded event-driven web server.
551ws, takes one command-line argument,
the configuration filename.
You may design the configuration file format (see bonus part below).
The configuration file should allow an admin to specify an address
and a port number (IPv4/v6) on which the web server listens.
You may use
getaddrinfo() to convert the address and port number
in either IPv4 or IPv6 string form.
$ ./551ws ws.conf
The web server should be event-driven. In particular, it should use
epoll() to manage file descriptors; it should use
non-blocking network I/O and blocking disk I/O.
For the HTTP protocol, we recommend you use the HTTP parser library, which is based on nginx’s code and used in Node.js.
One should be able to use a browser to retrieve a file via your web server,
You may use either
sendfile() or other system calls to send HTTP responses.
Use the ApacheBench tool
ab to measure the performance of your server.
The simple single-threaded architecture is not good for security—a single
bug may allow an attacker to take control of the server.
Your job in this part is to improve that with a better web server architecture.
Read the OKWS paper.
You may choose one design from Figure 2 of the paper,
or implement your own architecture.
In the file
describe your design,
as well as what kind of vulnerabilities your design can and cannot prevent.
Implement your design and
ab to measure the performance of your new server.
Document the difference (if any) in
along with your tests.
Lua is a good embedded language
and has a simple C API (see Lua’s
and LuaJIT’s documentations).
Try to use Lua to simplify your web server and make it more reliable (hopefully,
with “less” C/C++ code).
One way to implement the configuration file
is to use a Lua script (see Apache’s
you may also implement the web server’s logic in Lua.
ab to measure the performance impact if you choose to do so.
What to submit
Submit a tar file of the source code of your web server
README file that contains your security analysis
and performance numbers from running
If you have done the bonus part, make a note in a file called