afl-material: comparison slides01.tex

equal deleted inserted replaced

-:3a5e09a2ae54
+:b606c9439fa6
 	tabsize=2,
 	showspaces=false,
 	showstringspaces=false}
 % beamer stuff
-\renewcommand{\slidecaption}{APP 01, King's College London, 25.~September 2012}
+\renewcommand{\slidecaption}{AFL 01, King's College London, 26.~September 2012}
 \begin{document}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}<1>[t]
 \frametitle{%
 \begin{tabular}{@ {}c@ {}}
-\LARGE Access Control and \\[-3mm]
+\\[-3mm]
-\LARGE Privacy Policies (1)\\[-6mm]
+\LARGE Automata and \\[-2mm]
+\LARGE Formal Languages (1)\\[-3mm]
 \end{tabular}}
 \begin{center}
-%\includegraphics[scale=1.3]{pics/barrier.jpg}
+\includegraphics[scale=0.3]{pics/ante1.jpg}\hspace{5mm}
+\includegraphics[scale=0.31]{pics/ante2.jpg}\\
+\footnotesize\textcolor{gray}{Antikythera automaton, 100 BC (Archimedes?)}
 \end{center}
 \normalsize
 \begin{center}
 \begin{tabular}{ll}
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
-\begin{frame}
+\begin{frame}[c]
-\begin{center}
+\begin{textblock}{1}(2,5)
-%\includegraphics[scale=2.1]{pics/barrier.jpg}
+\begin{tabular}{c}
-\end{center}
+\includegraphics[scale=0.15]{pics/servers.png}\\[-2mm]
+\small Server
-\end{frame}}
+\end{tabular}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\end{textblock}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{textblock}{1}(5.6,4)
-\mode<presentation>{
+\begin{tikzpicture}[scale=1.1]
-\begin{frame}[c]
+\draw[white] (0,1) node (X) {};
-\frametitle{\begin{tabular}{@ {}c@ {}}Security Engineers\end{tabular}}
+\draw[white] (2,1) node (Y) {};
+\draw[white] (0,0) node (X1) {};
-According to Bruce Schneier, {\bf security engineers} require
+\draw[white] (2,0) node (Y1) {};
-a particular {\bf mindset}:\bigskip
+\draw[white] (0,-1) node (X2) {};
+\draw[white] (2,-1) node (Y2) {};
-\begin{tikzpicture}
+\draw[red, <-, line width = 2mm] (X) -- (Y);
-\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
+\node [inner sep=5pt,label=above:\textcolor{black}{GET request}] at ($ (X)!.5!(Y) $) {};
-{\normalsize\color{darkgray}
+\draw[red, ->, line width = 2mm] (X1) -- (Y1);
-\begin{minipage}{10cm}\raggedright\small
+\node [inner sep=5pt,label=above:\textcolor{black}{webpage}] at ($ (X1)!.5!(Y1) $) {};
-``Security engineers --- at least the good ones --- see the world dif$\!$ferently.
+\draw[red, <-, line width = 2mm] (X2) -- (Y2);
-They can't walk into a store without noticing how they might shoplift. They can't
+\node [inner sep=7pt,label=above:\textcolor{black}{POST data}] at ($ (X2)!.5!(Y2) $) {};
-use a computer without wondering about the security vulnerabilities. They can't
+\end{tikzpicture}
-vote without trying to figure out how to vote twice. They just can't help it.''
+\end{textblock}
-\end{minipage}};
-\end{tikzpicture}
+\begin{textblock}{1}(9,5.5)
+\begin{tabular}{c}
+\includegraphics[scale=0.15]{pics/laptop.png}\\[-2mm]
+\small Browser
+\end{tabular}
+\end{textblock}
+\only<2>{
+\begin{textblock}{10}(2,13.5)
+\begin{itemize}
+\item programming languages, compilers
+\end{itemize}
+\end{textblock}}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+transforming strings into structured data\\[10mm]
+{\LARGE\bf Lexing}\medskip\\
+\hspace{5mm}(recognising ``words'')\\[6mm]
+{\LARGE\bf Parsing}\medskip\\
+\hspace{5mm}(recognising ``sentences'')
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+The subject is quite old:
+\begin{itemize}
+\item Turing Machines, 1936
+\item first compiler for COBOL, 1957 (Grace Hopper)
+\item but surprisingly research papers are still published now
+\end{itemize}
 \begin{flushright}
-%\includegraphics[scale=0.0087]{pics/schneierbook1.jpg}\;
+\includegraphics[scale=0.3]{pics/hopper.jpg}\\
-%\includegraphics[scale=0.0087]{pics/schneierbook2.jpg}\;
+\footnotesize\textcolor{gray}{Grace Hopper}
-%\includegraphics[scale=0.85]{pics/schneier.png}
 \end{flushright}
+{\footnotesize\textcolor{gray}{(she made it to David Letterman's Tonight Show, \url{http://www.youtube.com/watch?v=aZOxtURhfEU})}}
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Chip-and-PIN\end{tabular}}
+\frametitle{\begin{tabular}{c}This Course\end{tabular}}
-\begin{center}
+\begin{itemize}
-%\includegraphics[scale=0.3]{pics/creditcard1.jpg}\;
+\item regular expression / regular expression matching
-%\includegraphics[scale=0.3]{pics/creditcard2.jpg}
+\item a bit of sets (of strings)
-\end{center}
+\item automata
+\item the Myhill-Nerode theorem
-\begin{itemize}
+\item parsing
-\item Chip-and-PIN was introduced in the UK in 2004
+\item grammars
-\item before that customers had to sign a receipt\medskip
+\item a small interpreter / webbrowser
-\item Is Chip-and-PIN a more secure system?
+\end{itemize}
-\end{itemize}
+\end{frame}}
-\begin{flushright}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\small\textcolor{gray}{(Some other countries still use the old method.)}
-\end{flushright}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
-\end{frame}}
+\frametitle{\begin{tabular}{c}This Course\end{tabular}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{itemize}
+\item the ultimate goal is to implement a small web-browser (really small)\bigskip
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\end{itemize}
-\mode<presentation>{
-\begin{frame}[c]
+Let's start with:
-\frametitle{\begin{tabular}{@ {}c@ {}}Yes \ldots\end{tabular}}
+\begin{itemize}
-\begin{tikzpicture}
+\item a web-crawler
-\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
+\item an email harvester
-{\normalsize\color{darkgray}
+\item a web-scraper
-\begin{minipage}{10cm}\raggedright\small
+\end{itemize}
-``Chip-and-PIN is so effective in this country [UK] that fraudsters are starting to move their activities overseas,''
-said Emile Abu-Shakra, spokesman for Lloyds TSB (in the Guardian, 2006).
+\end{frame}}
-\end{minipage}};
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\end{tikzpicture}\bigskip
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
-\begin{itemize}
+\begin{frame}[c]
-\item mag-stripe cards cannot be cloned anymore
+\frametitle{\begin{tabular}{c}Scala\end{tabular}}
-\item stolen or cloned cards need to be used abroad
-\item fraud on lost, stolen and counterfeit credit cards was down \pounds{}60m (24\%) on 2004's figure
+\footnotesize a simple function for reading webpages
-\end{itemize}
+{\lstset{language=Scala}\fontsize{8}{10}\selectfont
+\texttt{\lstinputlisting{app0.scala}}}\pause\bigskip
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}But let's see \ldots\end{tabular}}
-\begin{textblock}{1}(3,4)
-\begin{tabular}{c}
-%\includegraphics[scale=0.3]{pics/bank.png}\\[-2mm]
-\small Bank
-\end{tabular}
-\end{textblock}
-\begin{textblock}{1}(7,4.5)
-\begin{tabular}{c}
-%\includegraphics[scale=3]{pics/store.png}\\[-2mm]
-\end{tabular}
-\end{textblock}
-\begin{textblock}{1}(4.5,9.9)
-\begin{tabular}{c}
-%\includegraphics[scale=0.16]{pics/rman.png}\\[-1mm]
-\small costumer / you
-\end{tabular}
-\end{textblock}
-\only<2->{
-\begin{textblock}{1}(4.5,7.5)
-\begin{tikzpicture}[scale=1.3]
-\draw[white] (0,0) node (X) {};
-\draw[white] (1,-1) node (Y) {};
-\draw[red, ->, line width = 2mm] (X) -- (Y);
-\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
-\end{tikzpicture}
-\end{textblock}}
-\only<3->{
-\begin{textblock}{1}(6.8,7.5)
-\begin{tikzpicture}[scale=1.3]
-\draw[white] (0,0) node (X) {};
-\draw[white] (1,1) node (Y) {};
-\draw[red, ->, line width = 2mm] (X) -- (Y);
-\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
-\end{tikzpicture}
-\end{textblock}
-\begin{textblock}{1}(4.8,5.9)
-\begin{tikzpicture}[scale=1.3]
-\draw[white] (0,0) node (X) {};
-\draw[white] (1.4,0) node (Y) {};
-\draw[red, <->, line width = 2mm] (X) -- (Y);
-\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
-\end{tikzpicture}
-\end{textblock}}
-\only<4->{
-\begin{textblock}{1}(12,6.5)
-\begin{tabular}{c}
-%\includegraphics[scale=0.8]{pics/factory.png}\\[-1mm]
-\small card\\[-2mm]\small terminal\\[-2mm] \small producer
-\end{tabular}
-\end{textblock}
-\begin{textblock}{1}(10,7)
-\begin{tikzpicture}[scale=1.6]
-\draw[white] (0,0) node (X) {};
-\draw[white] (-1,0.6) node (Y) {};
-\draw[red, ->, line width = 2mm] (X) -- (Y);
-\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
-\end{tikzpicture}
-\end{textblock}}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Chip-and-PIN\end{tabular}}
-\begin{itemize}
-\item A ``tamperesitant'' terminal playing Tetris on
-\textcolor{blue}{\href{http://www.youtube.com/watch?v=wWTzkD9M0sU}{youtube}}.\\
-\textcolor{lightgray}{\footnotesize(\url{http://www.youtube.com/watch?v=wWTzkD9M0sU})}
-\end{itemize}
-%\includegraphics[scale=0.2]{pics/tetris.jpg}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Chip-and-PIN\end{tabular}}
-\begin{itemize}
-\item in 2006, Shell petrol stations stopped accepting Chip-and-PIN after \pounds{}1m had been stolen from customer accounts\smallskip
-\item in 2008, hundreds of card readers for use in Britain, Ireland, the Netherlands, Denmark, and Belgium had been
-expertly tampered with shortly after manufacture so that details and PINs of credit cards were sent during the 9 months
-before over mobile phone networks to criminals in Lahore, Pakistan
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Chip-and-PIN is Broken\end{tabular}}
-\begin{flushright}
-%\includegraphics[scale=0.01]{pics/andersonbook1.jpg}\;
-%\includegraphics[scale=1.5]{pics/anderson.jpg}
-\end{flushright}
-\begin{itemize}
-\item man-in-the-middle attacks by the group around Ross Anderson\medskip
-\end{itemize}
-\begin{center}
-\mbox{}\hspace{-20mm}%\includegraphics[scale=0.5]{pics/chip-attack.png}
-\end{center}
-\begin{textblock}{1}(11.5,13.7)
-\begin{tabular}{l}
-\footnotesize on BBC Newsnight\\[-2mm]
-\footnotesize in 2010 or \textcolor{blue}{\href{http://www.youtube.com/watch?v=JPAX32lgkrw}{youtube}}
-\end{tabular}
-\end{textblock}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Chip-and-PIN is Really Broken\end{tabular}}
-\begin{flushright}
-%\includegraphics[scale=0.01]{pics/andersonbook1.jpg}\;
-%\includegraphics[scale=1.5]{pics/anderson.jpg}
-\end{flushright}
-\begin{itemize}
-\item same group successfully attacked this year card readers and ATM machines
-\item the problem: several types of ATMs generate poor random numbers, which are used as nonces
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}The Problem \ldots\end{tabular}}
-\begin{textblock}{1}(3,4)
-\begin{tabular}{c}
-%\includegraphics[scale=0.3]{pics/bank.png}\\[-2mm]
-\small Bank
-\end{tabular}
-\end{textblock}
-\begin{textblock}{1}(7,4.5)
-\begin{tabular}{c}
-%\includegraphics[scale=3]{pics/store.png}\\[-2mm]
-\end{tabular}
-\end{textblock}
-\begin{textblock}{1}(12,6.5)
-\begin{tabular}{c}
-%\includegraphics[scale=0.8]{pics/factory.png}\\[-1mm]
-\small terminal\\[-2mm] \small producer
-\end{tabular}
-\end{textblock}
-\begin{textblock}{1}(4.5,9.9)
-\begin{tabular}{c}
-%\includegraphics[scale=0.13]{pics/rman.png}\\[-1mm]
-\small costumer / you
-\end{tabular}
-\end{textblock}
-\begin{textblock}{1}(4.5,7.5)
-\begin{tikzpicture}[scale=1.3]
-\draw[white] (0,0) node (X) {};
-\draw[white] (1,-1) node (Y) {};
-\draw[gray, ->, line width = 2mm] (X) -- (Y);
-\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
-\end{tikzpicture}
-\end{textblock}
-\begin{textblock}{1}(6.8,7.5)
-\begin{tikzpicture}[scale=1.3]
-\draw[white] (0,0) node (X) {};
-\draw[white] (1,1) node (Y) {};
-\draw[gray, ->, line width = 2mm] (X) -- (Y);
-\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
-\end{tikzpicture}
-\end{textblock}
-\begin{textblock}{1}(4.8,5.9)
-\begin{tikzpicture}[scale=1.3]
-\draw[white] (0,0) node (X) {};
-\draw[white] (1.4,0) node (Y) {};
-\draw[gray, <->, line width = 2mm] (X) -- (Y);
-\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
-\end{tikzpicture}
-\end{textblock}
-\begin{textblock}{1}(10,7)
-\begin{tikzpicture}[scale=1.6]
-\draw[white] (0,0) node (X) {};
-\draw[white] (-1,0.6) node (Y) {};
-\draw[gray, ->, line width = 2mm] (X) -- (Y);
-\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
-\end{tikzpicture}
-\end{textblock}
-\begin{textblock}{14}(1,13.5)
-\begin{itemize}
-\item the burden of proof for fraud and financial liability was shifted to the costumer
-\end {itemize}
-\end{textblock}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Being Screwed Again\end{tabular}}
-\begin{flushright}
-%\includegraphics[scale=0.3]{pics/rbssecure.jpg}
-\end{flushright}
-\begin{itemize}
-\item {\bf Responsibility}\\
-``You understand that you are financially responsible for all uses of RBS Secure.''\\
-\textcolor{lightgray}{\footnotesize\url{https://www.rbssecure.co.uk/rbs/tdsecure/terms_of_use.jsp}}
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Web Applications\end{tabular}}
-\begin{textblock}{1}(2,5)
-\begin{tabular}{c}
-%\includegraphics[scale=0.15]{pics/servers.png}\\[-2mm]
-\small Servers from\\[-2mm]
-\small Dot.com Inc.
-\end{tabular}
-\end{textblock}
-\begin{textblock}{1}(5.6,6)
-\begin{tikzpicture}[scale=2.5]
-\draw[white] (0,0) node (X) {};
-\draw[white] (1,0) node (Y) {};
-\only<2>{\draw[red, <-, line width = 2mm] (X) -- (Y);
-\node [inner sep=5pt,label=above:\textcolor{black}{GET request}] at ($ (X)!.5!(Y) $) {};}
-\only<3>{\draw[red, ->, line width = 2mm] (X) -- (Y);
-\node [inner sep=5pt,label=above:\textcolor{black}{webpage}] at ($ (X)!.5!(Y) $) {};}
-\only<4>{\draw[red, <-, line width = 2mm] (X) -- (Y);
-\node [inner sep=7pt,label=above:\textcolor{black}{POST data}] at ($ (X)!.5!(Y) $) {};}
-\end{tikzpicture}
-\end{textblock}
-\begin{textblock}{1}(9,5.5)
-\begin{tabular}{c}
-%\includegraphics[scale=0.15]{pics/laptop.png}\\[-2mm]
-\small Client(s)
-\end{tabular}
-\end{textblock}
-\begin{textblock}{13}(1,13)
-\begin{itemize}
-\item What are pitfalls and best practices?
-\end{itemize}
-\end{textblock}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Scala + Play\end{tabular}}
-\footnotesize a simple response from the server:
-%{\lstset{language=Scala}\fontsize{8}{10}\selectfont
-%\texttt{\lstinputlisting{app0.scala}}}\bigskip
 \footnotesize
-alternative response:\\
 {\lstset{language=Scala}\fontsize{8}{10}\selectfont
-\texttt{\lstinline{Ok("<H1>Hello world!</H1>").as(HTML)}}}
+\texttt{\lstinputlisting{app1.scala}}}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
-%{\lstset{language=Scala}\fontsize{8}{10}\selectfont
+\begin{frame}[c]
-%\texttt{\lstinputlisting{app1.scala}}}
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \item cookie value encoded as hash
 \end{itemize}
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\begin{center}
-%\includegraphics[scale=1.8]{pics/barrier.jpg}
-\end{center}
-\begin{itemize}
-\item data integrity needs to be ensured
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\mbox{}\\[-7mm]
-%{\lstset{language=Scala}\fontsize{8}{10}\selectfont
-%\texttt{\lstinputlisting{app3.scala}}}
-\small
-\begin{itemize}
-\item the counter/hash pair is intended to prevent tampering
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
-\frametitle{\begin{tabular}{c}SHA-1\end{tabular}}
+\frametitle{\begin{tabular}{c}Exam\end{tabular}}
 \begin{itemize}
-\item SHA-1 is a cryptographic hash function\\
+\item The question ``Is this relevant for the exams?'' is not appreciated!\bigskip\\
-(MD5, SHA-256, SHA-512, \ldots)
-\item message $\rightarrow$ digest
-\item no known attack exists, except brute force\bigskip\pause
-\item but dictionary attacks are very ef$\!$fective for extracting passwords (later)
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\mbox{}\\[-9mm]
-%{\lstset{language=Scala}\fontsize{8}{10}\selectfont
-%\texttt{\lstinputlisting{app4.scala}}}
-\begin{textblock}{1}(9,1)
-\begin{tikzpicture}[scale=1.3]
-\draw[white] (0,0) node (X) {};
-\draw[white] (3,0) node (Y) {};
-\draw[red, <-, line width = 2mm] (X) -- (Y);
-\node [inner sep=5pt,label=above:\textcolor{black}{\small should be random}] at ($ (X)!.5!(Y) $) {};
-\end{tikzpicture}
-\end{textblock}
-\begin{textblock}{1}(6.6,4.9)
-\begin{tikzpicture}[scale=1.3]
-\draw[white] (0,0) node (X) {};
-\draw[white] (1,-1) node (Y) {};
-\draw[red, <-, line width = 2mm] (X) -- (Y);
-\node [inner sep=5pt,label=above:{}] at ($ (X)!.5!(Y) $) {};
-\end{tikzpicture}
-\end{textblock}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Unix Passwords\end{tabular}}
-\begin{itemize}
-\item passwords are \alert{\bf not} stored in clear text
-\item instead \texttt{/etc/shadow} contains
-\end{itemize}
-{\small
-\texttt{name:\$1\$QIGCa\$/ruJs8AvmrknzKTzM2TYE.:other\_info}
-}
-\begin{itemize}
-\item \texttt{\$} is separator
-\item \texttt{1} is MD5 (actually SHA-512 is used nowadays, \texttt{6})
-\item \texttt{QIGCa} is salt
-\item \texttt{ruJs8AvmrknzKTzM2TYE} $\rightarrow$ password + salt
-\end{itemize}
-\textcolor{gray}{\small
-(\texttt{openssl passwd -1 -salt QIGCa pippo})
-}
-% Unix password
-% http://ubuntuforums.org/showthread.php?p=5318038
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Password Blunders\end{tabular}}
-\begin{itemize}
-\item in late 2009, when an SQL injection attack against online games
-service RockYou.com exposed 32 million \alert{plaintext} passwords
-\item  1.3 million Gawker credentials exposed in December 2010 containing
-unsalted(?) \alert{MD5} hashes
-\item June 6th, 2012, 6 million unsalted SHA-1 passwords were leaked from linkedIn
-% linkedIn password
-% http://erratasec.blogspot.co.uk/2012/06/confirmed-linkedin-6mil-password-dump.html
-\end{itemize}\medskip
-\small
-Web user maintains 25 separate accounts but uses just 6.5 passwords
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%For instance, SHA512crypt, which is included in Mac OS X and most Unix-based operating systems, passes text through 5,000 iterations, a %hurdle that would have limited Gosney to slightly less than 2,600 guesses per second. The Bcrypt algorithm is even more computationally %expensive, in large part because it subjects text to multiple iterations of the Blowfish cipher that was deliberately modified to increase the %time required to generate a hash. PBKDF2, a function built into Microsoft's .Net software developer framework, offers similar benefits.
-% rainbow tables
-% http://en.wikipedia.org/wiki/Rainbow_table
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Brute Forcing Passwords\end{tabular}}
-\begin{itemize}
-\item How fast can hackers crack SHA-1 passwords? \pause
-\item The answer is 2 billion attempts per second\\
-using a Radeon HD 7970
-\end{itemize}
-\begin{center}
-\begin{tabular}{@ {\hspace{-12mm}}rl}
-password length & time\smallskip\\\hline
-5 letters & 5 secs\\
-6 letters & 500 secs\\
-7 letters & 13 hours\\
-8 letters & 57 days\\
-9 letters & 15 years\\
-\end{tabular}
-\end{center}
-\small
-5 letters $\approx$ 100$^5$ $=$ 10 billion combinations\\
-(1 letter - upper case, lower case, digits, symbols $\approx$ 100)
-\only<2->{
-\begin{textblock}{1}(12,5)
-\begin{tabular}{c}
-%\includegraphics[scale=0.3]{pics/radeon.jpg}\\[-6mm]
-\footnotesize graphics card\\[-1mm]
-\footnotesize ca.~\pounds{}300
-\end{tabular}
-\end{textblock}}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Passwords\end{tabular}}
-How to recover from a breakin?\pause\medskip
-\begin{itemize}
-\item Do not send passwords in plain text.
-\item Security questions are tricky to get right.
-\item QQ (Chinese Skype) authenticates you via contacts.
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}This Course\end{tabular}}
-\begin{itemize}
-\item break-ins (buffer overflows)
-\item access control\\ (role based, data security / data integrity)
-\item protocols\\
-(specification)
-\item access control logic
-\item privacy
-\begin{quote}
-Scott McNealy: \\``You have zero privacy anyway. Get over it.''
-\end{quote}
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Books + Homework\end{tabular}}
-\begin{itemize}
-\item there is no single book I am following
-\begin{center}
-%\includegraphics[scale=0.012]{pics/andersonbook1.jpg}
-%\includegraphics[scale=0.23]{pics/accesscontrolbook.jpg}
-\end{center}\medskip\pause
-\item The question ``Is this relevant for the exams'' is not appreciated!\medskip\\
 Whatever is in the homework sheets (and is not marked optional) is relevant for the
-exam. No code needs to be written.
+exam.\\ No code needs to be written.
 \end{itemize}
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Take-Home Points\end{tabular}}
-\begin{itemize}
-\item Never store passwords in plain text.\medskip
-\item Always salt your hashes!\medskip
-\item Use an existing algorithm; do not write your own!
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Thinking as a Defender\end{tabular}}
-\begin{itemize}
-\item What are you trying to protect?
-\item What properties are you trying to enforce?\medskip
-\item Who are the attackers? Capabilities? Motivations?
-\item What kind of attack are we trying to protect?
-\item Who can fix any vulnerabilities?\medskip
-\item What are the weaknesses of the system?
-\item What will successful attacks cost us?
-\item How likely are the attacks?
-\end{itemize}
-\small
-\textcolor{gray}{Security almost always is {\bf not} free!}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}The Security Mindset\end{tabular}}
-\begin{itemize}
-\item How things can go wrong.
-\item Think outside the box.
-\end{itemize}\bigskip
-The difference between being criminal is to only \alert{\bf think} about how things can go wrong.
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[t]

changeset 1	b606c9439fa6
parent 0	3a5e09a2ae54
child 2	6e7da958ba8c