2 \usepackage{beamerthemeplainculight}

     2 \usepackage{beamerthemeplaincu}

     3 \usepackage[T1]{fontenc}

     3 %\usepackage[T1]{fontenc}

     4 \usepackage[latin1]{inputenc}

     4 %\usepackage[latin1]{inputenc}

   101 \renewcommand{\slidecaption}{AFL 09, King's College London, 28.~November 2012}

   101 \renewcommand{\slidecaption}{AFL 09, King's College London, 27.~November 2013}

   105 

   105  \pgfdeclareradialshading{smallbluesphere}{\pgfpoint{0.5mm}{0.5mm}}%

   106   {rgb(0mm)=(0,0,0.9);

   107   rgb(0.9mm)=(0,0,0.7);

   108   rgb(1.3mm)=(0,0,0.5);

   109   rgb(1.4mm)=(1,1,1)}

   110 

   111   \def\myitemi{\begin{pgfpicture}{-1ex}{-0.55ex}{1ex}{1ex}

   112     \usebeamercolor[fg]{subitem projected}

   113     {\pgftransformscale{0.8}\pgftext{\normalsize\pgfuseshading{bigsphere}}}

   114     \pgftext{%

   115       \usebeamerfont*{subitem projected}}

   116   \end{pgfpicture}}

   117   

   168   Of$\!$fice: & S1.27 (1st floor Strand Building)\\

   180   Office: & S1.27 (1st floor Strand Building)\\

   180 Imagine the following situation: You talk to somebody

   192 \large\bf

   181 and you find out that she/he has implemented a compiler.\smallskip

   193 Using a compiler, \\how can you mount the\\ perfect attack against a system?

   182 

   194 

   183 What is your reaction? Check all that apply.\bigskip\pause

   195 \end{frame}}

   184 

   196 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

   185  \begin{itemize}

   197 

   186  \item[$\Box$] You think she/he is God

   198 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   187  \item[$\Box$] \"Uberhacker

   199 \mode<presentation>{

   188  \item[$\Box$] superhuman

   200 \begin{frame}[c]

   189  \item[$\Box$] wizard

   201 

   190  \item[$\Box$] supremo

   202 {\large\bf

   191  \end{itemize}

   203 What is a perfect attack?}

   192 

   204 

   193 \end{frame}}

   205 \begin{enumerate}

   194 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

   206 \item you can potentially completely take over a target system

   207 \item your attack is (nearly) undetectable

   208 \end{enumerate}

   209 

   210 \end{frame}}

   211 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

   212 

   213 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   214 \mode<presentation>{

   215 \begin{frame}[c]

   216 

   217 

   218   \begin{center}

   219   \begin{tikzpicture}[scale=1]

   220   

   221   \onslide<1->{

   222   \node (A) at (0,0)  [draw=black, rectangle, very thick, minimum height=18mm, minimum width=17mm] {};

   223   \node [below right] at (A.north west) {\footnotesize\begin{tabular}{@{}l@{}}clean\\compiler\end{tabular}};}

   224 

   225 

   226   \onslide<2->{

   227   \node (B) at (0,3)  [draw=black, rectangle, very thick, minimum height=8mm, minimum width=12mm] {};

   228   \node [below right] at (B.north west) {\footnotesize login};

   229   \node [above right] at (B.south west) {\footnotesize \alert{infected}};

   230   \node [right] at (B.east) {\ldots};

   231   }

   232  

   233 

   234 

   235   

   236   \end{tikzpicture}

   237   \end{center}

   238 

   239 

   240 

   241 \end{frame}}

   242 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

   243 

   244 

   245 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   246 \mode<presentation>{

   247 \begin{frame}[c]

   248 

   249 

   250   \begin{center}

   251   \begin{tikzpicture}[scale=1]

   252   

   253   \onslide<1->{

   254   \node (A) at (0,0)  [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {};

   255   \node [below right] at (A.north west) {\small V0.01};

   256   \node [below right] (A1) at (A.south west) {\small Scala};

   257   \node [below right] (A1) at (A1.south west) {\small\textcolor{gray}{host language}};

   258   \node [above right] at (A.north west) {my compiler (src)};}

   259 

   260   \onslide<2->{

   261   \node (B) at (1.8,0)  [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {};

   262   \node [below right] at (B.north west) {\small V0.02};

   263   \node [below right] at (B.south west) {\small Scala};

   264   \node at (3,0) {\ldots};

   265 

   266   \node (C) at (5,0)  [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {};

   267   \node [below right] at (C.north west) {\small V1.00};

   268   \node [below right] at (C.south west) {\small Scala};}

   269 

   270   \onslide<3->{

   271   \node (D) at (6.8,0)  [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {};

   272   \node [below right] at (D.north west) {\small V1.00};

   273 

   274   \node (E) at (6.8,2)  [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {};

   275   \node [below right] at (E.north west) {\small V1.01};}

   276   

   277   \onslide<4->{

   278   \node (F) at (8.6,0)  [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {};

   279   \node [below right] at (F.north west) {\small V1.01};

   280 

   281   \node (G) at (8.6,2)  [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {};

   282   \node [below right] at (G.north west) {\small V1.02};

   283   \node at (9.8,0) {\ldots};

   284   \node at (9.8,2) {\ldots};}

   285   

   286   \end{tikzpicture}

   287   \end{center}

   288 

   289 

   290 

   291 \end{frame}}

   292 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

   293 

   294 

   295   %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   296   \mode<presentation>{

   297   \begin{frame}<1-3>

   298   \frametitle{\LARGE\begin{tabular}{c}Hacking Compilers 

   299   \end{tabular}}

   300   

   301   %Why is it so paramount to have a small trusted code base (TCB)?

   302   \bigskip\bigskip

   303 

   304   \begin{columns}

   305   \begin{column}{2.7cm}

   306   \begin{minipage}{2.5cm}%

   307   \begin{tabular}{c@ {}}

   308   \includegraphics[scale=0.2]{../pics/ken-thompson.jpg}\\[-1.8mm]

   309   \footnotesize Ken Thompson\\[-1.8mm]

   310   \footnotesize Turing Award, 1983\\

   311   \end{tabular}

   312   \end{minipage}

   313   \end{column}

   314   \begin{column}{9cm}

   315   \begin{tabular}{l@ {\hspace{1mm}}p{8cm}}

   316   \myitemi

   317   & Ken Thompson showed how to hide a Trojan Horse in a 

   318   compiler \textcolor{red}{without} leaving any traces in the source code.\\[2mm]

   319   \myitemi

   320   & No amount of source level verification will protect 

   321   you from such Thompson-hacks.\\[2mm]

   322 

   323   \myitemi

   324   & Therefore in safety-critical systems it is important to rely 

   325   on only a very small TCB.

   326   \end{tabular}

   327   \end{column}

   328   \end{columns}

   329 

   330   \only<2>{

   331   \begin{textblock}{6}(4,2)

   332   \begin{tikzpicture}

   333   \draw (0,0) node[inner sep=3mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 

   334   {\normalsize

   335   \begin{minipage}{8cm}

   336   \begin{quote}

   337   \includegraphics[scale=0.05]{../pics/evil.png}

   338   \begin{enumerate}

   339   \item[1)] Assume you ship the compiler as binary and also with sources.

   340   \item[2)] Make the compiler aware when it compiles itself.

   341   \item[3)] Add the Trojan horse.

   342   \item[4)] Compile.

   343   \item[5)] Delete Trojan horse from the sources of the compiler.

   344   \item[6)] Go on holiday for the rest of your life. ;o)\\[-7mm]\mbox{}

   345   \end{enumerate}

   346   \end{quote}

   347   \end{minipage}};

   348   \end{tikzpicture}

   349   \end{textblock}}

   350 

   351   \end{frame}}

   352   %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

   353 

   230 \texttt{\lstinputlisting{fib.while}}}

   389 \texttt{\lstinputlisting{../progs/fib.while}}}

   289 \texttt{\lstinputlisting{loops.while}}}

   448 \texttt{\lstinputlisting{../progs/loops.while}}}