Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Avoiding user code calling to Reflection in C#

I'm implementing an automatic "evaluator" for a course I'm currently teaching. The overall idea is that every student delivers a DLL with some algorithms implemented. My evaluator loads all these DLLs using Reflection, finds the student implementations and evaluates them in a tournament. All these algorithms are black-box optimizers, which implement the following interface

public interface IContinuousMetaheuristic
{
    // ... Some unimportant properties
    Vector Evaluate(Function function, int maxEvaluations, ...);
}

The class definition for Function (at least the relevant part) is:

public class Function:
{
    private Vector xopt; // The optimum point
    private double fopt; // The optimum value

    public double Evaluate(Vector x);
}

As you can see, I need to pass a Function instance to these metaheuristics. These functions are implemented by myself. Most of them are in some sense random, that is, I choose a random optimum point in the function constructor. That is why you can see an xopt field in the class. The problem is, I don't want my students to be able to access the xopt or fopt fields by Reflection or any other technique, since that would be cheating, or at least, find out if they do it so I can punish them accordingly ;).

So, the general question is: Is there any way to disallow the use of Reflection in a piece of code I have dynamically loaded, or in any other sense disallow this code from accessing private fields (cheating).

Thanks in advance.

like image 693
Alejandro Piad Avatar asked Jun 22 '12 12:06

Alejandro Piad


3 Answers

Do they give you the source code? Write a separate tool that finds "using System.Reflection" and "System.Reflection." in the source. If they come up with a clever trick to avoid that, maybe they deserve the extra points they get by cheating. :)

Also, what about this in the code they use:

private double FakeOptimumPointWithAConvincingName{ get { return 12.07; } }

Then change that to this when you run your evaluator:

private double FakeOptimumPointWithAConvincingName{ get { throw new SomeoneCheatedException(); } }

There's a lot of other clever things to do along that line; point is you can use trickiness instead of technology to thwart them. And if they come up with better tricks, kudos. :)

like image 66
tallseth Avatar answered Oct 30 '22 04:10

tallseth


The short answer is that as long as the caller has full trust, until .Net 4.0 (see this for how to create sandboxed applications up to .Net. 3.5), you cannot avoid reflection discovery of private or internal methods.

For .Net 4, have you read Security Considerations for Reflection for .Net 4.0 on the MSDN?

like image 28
aledeniz Avatar answered Oct 30 '22 02:10

aledeniz


If you load the optimum values from a configfile the moment you need them it will be hard to reflect them before that time

like image 27
IvoTops Avatar answered Oct 30 '22 04:10

IvoTops