\documentclass[dvipsnames,14pt,t]{beamer}\usepackage{../slides}\usepackage{../langs}\usepackage{../data}\usepackage{../graphics}\usepackage{soul}\tikzset{onslide/.code args={<#1>#2}{% \only<#1>{\pgfkeysalso{#2}} % \pgfkeysalso doesn't change the path}}\makeatletter\newenvironment<>{btHighlight}[1][]{\begin{onlyenv}#2\begingroup\tikzset{bt@Highlight@par/.style={#1}}\begin{lrbox}{\@tempboxa}}{\end{lrbox}\bt@HL@box[bt@Highlight@par]{\@tempboxa}\endgroup\end{onlyenv}}\newcommand<>\btHL[1][]{% \only#2{\begin{btHighlight}[#1]\bgroup\aftergroup\bt@HL@endenv}%}\def\bt@HL@endenv{% \end{btHighlight}% \egroup}\newcommand{\bt@HL@box}[2][]{% \tikz[#1]{% \pgfpathrectangle{\pgfpoint{1pt}{0pt}}{\pgfpoint{\wd #2}{\ht #2}}% \pgfusepath{use as bounding box}% \node[anchor=base west, fill=orange!30,outer sep=0pt,inner xsep=1pt, inner ysep=0pt, rounded corners=3pt, minimum height=\ht\strutbox+1pt,#1]{\raisebox{1pt}{\strut}\strut\usebox{#2}}; }%}\makeatother% beamer stuff\renewcommand{\slidecaption}{AFL 10, King's College London}\newcommand{\bl}[1]{\textcolor{blue}{#1}} \begin{document}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[t]\frametitle{% \begin{tabular}{@ {}c@ {}} \\[-3mm] \LARGE Automata and \\[-2mm] \LARGE Formal Languages (10)\\[3mm] \end{tabular}} \normalsize \begin{center} \begin{tabular}{ll} Email: & christian.urban at kcl.ac.uk\\ Office: & S1.27 (1st floor Strand Building)\\ Slides: & KEATS (also home work is there)\\ \end{tabular} \end{center}\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[c]\large\bfUsing a compiler, \\how can you mount the\\ perfect attack against a system?\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[c]{\large\bfWhat is a \alert{perfect} attack?}\bigskip\begin{enumerate}\item you can potentially completely take over a target system\item your attack is (nearly) undetectable\item the victim has (almost) no chance to recover\end{enumerate}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[c] \begin{center} \begin{tikzpicture}[scale=1] \onslide<1->{ \node (A) at (0,0) [draw=black, rectangle, very thick, minimum height=18mm, minimum width=17mm] {}; \node [below right] at (A.north west) {\footnotesize\begin{tabular}{@{}l@{}} \only<1,2>{clean}\only<3->{\alert{hacked}}\\compiler\end{tabular}};} \onslide<2->{ \node (B) at (-2,2) [draw=black, rectangle, very thick, minimum height=10mm, minimum width=12mm] {}; \node [below right] at (B.north west) {\footnotesize\begin{tabular}{@{}l@{}}login\\(src)\end{tabular}}; \node (C) at (2,2) [draw=black, rectangle, very thick, minimum height=10mm, minimum width=12mm] {}; \node [below right] at (C.north west) {\footnotesize\begin{tabular}{@{}l@{}}login\\(bin)\end{tabular}}; \draw[->, line width=2mm] (B) -- (C); } \onslide<3->{\node [above left=-1.5mm] at (C.south east) {\footnotesize \alert{$\blacksquare$}};} \end{tikzpicture} \end{center}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[c] \begin{center} \begin{tikzpicture}[scale=1] \onslide<1->{ \node (A) at (0,0) [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {}; \node [below right] at (A.north west) {\small V0.01}; \node [below right] (A1) at (A.south west) {\small Scala}; \node [below right] (A1) at (A1.south west) {\small\textcolor{gray}{host language}}; \node [above right] at (A.north west) {my compiler (src)};} \onslide<2->{ \node (B) at (1.8,0) [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {}; \node [below right] at (B.north west) {\small V0.02}; \node [below right] at (B.south west) {\small Scala}; \node at (3,0) {\ldots}; \node (C) at (5,0) [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {}; \node [below right] at (C.north west) {\small V1.00}; \node [below right] at (C.south west) {\small Scala};} \onslide<3->{ \node (D) at (6.8,0) [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {}; \node [below right] at (D.north west) {\small V1.00}; \node (E) at (6.8,2) [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {}; \node [below right] at (E.north west) {\small V1.01};} \onslide<4->{ \node (F) at (8.6,0) [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {}; \node [below right] at (F.north west) {\small V1.01}; \node (G) at (8.6,2) [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {}; \node [below right] at (G.north west) {\small V1.02}; \node at (9.8,0) {\ldots}; \node at (9.8,2) {\ldots}; \node at (8,-2) {\textcolor{gray}{\begin{tabular}{@{}l@{}}no host language\\needed\end{tabular}}}; } \end{tikzpicture} \end{center}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode<presentation>{ \begin{frame}<1-3> \frametitle{\LARGE\begin{tabular}{c}Hacking Compilers \end{tabular}} %Why is it so paramount to have a small trusted code base (TCB)? \bigskip\bigskip \begin{columns} \begin{column}{2.7cm} \begin{minipage}{2.5cm}% \begin{tabular}{c@ {}} \includegraphics[scale=0.2]{../pics/ken-thompson.jpg}\\[-1.8mm] \footnotesize Ken Thompson\\[-1.8mm] \footnotesize Turing Award, 1983\\ \end{tabular} \end{minipage} \end{column} \begin{column}{9cm} \begin{tabular}{l@ {\hspace{1mm}}p{8cm}} & Ken Thompson showed how to hide a Trojan Horse in a compiler \textcolor{red}{without} leaving any traces in the source code.\\[2mm] & No amount of source level verification will protect you from such Thompson-hacks.\\[2mm] & Therefore in safety-critical systems it is important to rely on only a very small TCB. \end{tabular} \end{column} \end{columns} \only<2>{ \begin{textblock}{6}(4,2) \begin{tikzpicture} \draw (0,0) node[inner sep=3mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] {\normalsize \begin{minipage}{8cm} \begin{quote} \includegraphics[scale=0.05]{../pics/evil.png} \begin{enumerate} \item[1)] Assume you ship the compiler as binary and also with sources. \item[2)] Make the compiler aware when it compiles itself. \item[3)] Add the Trojan horse. \item[4)] Compile. \item[5)] Delete Trojan horse from the sources of the compiler. \item[6)] Go on holiday for the rest of your life. ;o)\\[-7mm]\mbox{} \end{enumerate} \end{quote} \end{minipage}}; \end{tikzpicture} \end{textblock}} \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \end{document}%%% Local Variables: %%% mode: latex%%% TeX-master: t%%% End: