Security Considerations for Java Graders

Abstract

Dynamic testing of student submitted solutions in evaluation systems requires the automatic compilation and execution of untrusted code. Since the code is usually written by beginners it can contain potentially harmful programming mistakes. However, the code can also be deliberately malicious in order to cheat or even cause damage to the grader. Therefore, it is necessary to run it in a secured environment. This article analyzes possible threats for graders which process Java code and points out Java specific aspects to consider when processing untrusted code.