13

I'm implementing an automatic "evaluator" for a course I'm currently teaching. The overall idea is that every student delivers a DLL with some algorithms implemented. My evaluator loads all these DLLs using Reflection, finds the student implementations and evaluates them in a tournament. All these algorithms are black-box optimizers, which implement the following interface

public interface IContinuousMetaheuristic { // ... Some unimportant properties Vector Evaluate(Function function, int maxEvaluations, ...); }

The class definition for Function (at least the relevant part) is:

public class Function: { private Vector xopt; // The optimum point private double fopt; // The optimum value public double Evaluate(Vector x); }

As you can see, I need to pass a Function instance to these metaheuristics. These functions are implemented by myself. Most of them are in some sense random, that is, I choose a random optimum point in the function constructor. That is why you can see an xopt field in the class. The problem is, I don't want my students to be able to access the xopt or fopt fields by Reflection or any other technique, since that would be cheating, or at least, find out if they do it so I can punish them accordingly ;).

So, the general question is: Is there any way to disallow the use of Reflection in a piece of code I have dynamically loaded, or in any other sense disallow this code from accessing private fields (cheating).

Thanks in advance.

Improve this question
11
  • 3
    Does the optimum point have to be in the Function class, or could you not just store it in another data structure not available in the reference dll you give your students? Commented Jun 22, 2012 at 12:43
  • 2
    Wouldn't it be simpler to just decouple the vector-evaluating-function from the optimum values? If you only pass them a Func<Vector, double> they're going to have a hard time stealing the optimum answers. Commented Jun 22, 2012 at 12:43
  • 3
    Also possible duplicate stackoverflow.com/questions/4447939/… Commented Jun 22, 2012 at 12:45
  • 1
    Make Function a remoting proxy. Commented Jun 22, 2012 at 12:45
  • 2
    I think the easiest, most foolproof way to prevent such cheating would be to require your students to provide their source code, so that you can check it for any reflection (look for typeof(T) or GetType()). Commented Jun 22, 2012 at 13:01

3 Answers 3

Reset to default
2

Do they give you the source code? Write a separate tool that finds "using System.Reflection" and "System.Reflection." in the source. If they come up with a clever trick to avoid that, maybe they deserve the extra points they get by cheating. :)

Also, what about this in the code they use:

private double FakeOptimumPointWithAConvincingName{ get { return 12.07; } }

Then change that to this when you run your evaluator:

private double FakeOptimumPointWithAConvincingName{ get { throw new SomeoneCheatedException(); } }

There's a lot of other clever things to do along that line; point is you can use trickiness instead of technology to thwart them. And if they come up with better tricks, kudos. :)

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I would prefer not going through the source-code. I like the faking though, except because I need to keep changing the code back and forth whenever I need to give them the evaluator so that they can train. You get my up-vote anyway for the cleverness.
Thanks. You don't have to keep rebuilding though, you just use a different build than them always. If you don't want them to have full access to your code, you should give them something that is slightly different.
I like the two different builds option. I think i'll stick to this approach, given that I'm running out of time. Thanks @tallseth and everyone else for their useful answers.
1

The short answer is that as long as the caller has full trust, until .Net 4.0 (see this for how to create sandboxed applications up to .Net. 3.5), you cannot avoid reflection discovery of private or internal methods.

For .Net 4, have you read Security Considerations for Reflection for .Net 4.0 on the MSDN?

Improve this answer

1 Comment

I have put the [SecurityCritical] attribute on top of the private fields, but it still doesn't work.
1

If you load the optimum values from a configfile the moment you need them it will be hard to reflect them before that time

Improve this answer

3 Comments

But the thing is that at the moment of evaluating the function in the user code that value is already loaded, and then they can reflect it at that specific time.
Not if you make the loading of the variables lazy. Meaning they are retrieved only just before the code needs them and you zero the values again right after using them. In that case the window in which they can reflect will be very short.
You're right @IvoTops. It could be a good idea. I'm not so sure though on how to avoid them to do the same as me: loading that config file. If the config path is fixed then is a piece of cake, if its stored, they could reflect it, and so on.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.