rc: comparison Slides/Slides1.thy

equal deleted inserted replaced

-:cfd4b8219c87
+:c3517b281164
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
 \frametitle{Access Control}
 \only<1>{
-Perhaps most known are
+\begin{itemize}
+\item perhaps most known are
-\begin{itemize}
+Unix-style access control systems
-\item Unix-style access control systems\\
 (root super-user, setuid mechanism)\bigskip
 \begin{center}\footnotesize
 \begin{semiverbatim}
 > ls -ld . * */*
 \end{semiverbatim}
 \end{center}
 \end{itemize}}
 \only<2->{
-More fine-grained access control is provided by\medskip
+more fine-grained access control is provided by\medskip
 \begin{itemize}
 \item SELinux\\ (security enhanced Linux devloped by the NSA;\\ mandatory access control system)\bigskip
 \item Role-Compatibility Model\\ (developed by Amon Ott;\\ main application in the
 Apache server)
 \only<2>{
 \draw [black, fill=red, line width=0.5mm] (2,1) circle (3mm);
 \draw [red, line width=2mm, <-] (2.3,1.2) -- (3.5,2);
-\node at (3.8,2.3) {a seed};}
+\node at (3.8,2.6) {\begin{tabular}{l}a seed\\[-1mm] \footnotesize virus, Trojan\end{tabular}};}
 \only<3>{
 \draw [black, fill=red, line width=0.5mm] (2,1) circle (7mm);
 \node[white] at (2,1) {\small tainted};}
 \item working purely on \emph{static} policies also does not\\ work -\!-\!- because of over approximation
 \smallskip
 \begin{itemize}
 \item suppose a tainted file has type \emph{bin} and
 \item there is a role \bl{$r$} which can both read and write \emph{bin}-files\pause
-\item then we would conclude that the tainted file can spread\medskip\pause
+\item then we would conclude that this tainted file can spread\medskip\pause
 \item but if there is no process with role \bl{$r$} and it will never been
 created, then the file actually does not spread
 \end{itemize}\bigskip\pause
 \item \alert{our solution:} take a middle ground and record precisely the information
 \end{itemize}
 \colorbox{cream}{
 \begin{minipage}{10.5cm}
 {\bf Thm (Soundness)}\\ If our test says an object is taintable, then
-it is taintable, and we produce a sequence of events that show how it can
+it is taintable in the OS, and we produce a sequence of events that show how it can
 be tainted.
 \end{minipage}}\bigskip\pause
 \colorbox{cream}{
 \begin{minipage}{10.5cm}
 \begin{frame}[c]
 \frametitle{Why the Restriction?}
 \begin{itemize}
 \item assume a process with \bl{\emph{ID}} is tainted but gets killed by another process
-\item after that a proces with \bl{\emph{ID}} gets \emph{re-created} by cloning an untainted process\medskip
+\item after that a proces with the same
-\item clearly the new process should be considered untainted\pause
+\bl{\emph{ID}} gets \emph{re-created} by cloning an untainted process\medskip
+\item clearly the new process should be considered \emph{un}tainted\pause
 \end{itemize}
 unfortunately our test will not be able to detect the difference (we are
 less precise about newly created processes)\bigskip\medskip\pause
 \mode<presentation>{
 \begin{frame}[c]
 \frametitle{Conclusion}
 \begin{itemize}
-\item we considered Role-Compatibility Model for the Apache Server\medskip \\
+\item we considered the Role-Compatibility Model used for securing the Apache Server\medskip \\
 13 events, 13 rules for OS admisibility, 14 rules for RC-granting, 10 rules for
 tainted
-\end{itemize}\bigskip
+\end{itemize}\medskip
 \begin{itemize}
 \item we can scale this to SELinux\medskip\\
 more fine-grainded OS events (inodes, hard-links, shared memory, \ldots)
-\end{itemize}\pause\bigskip
+\end{itemize}\smallskip
+22 events, 22 admisibility, 22 granting, 15 taintable
+\pause\bigskip
 \begin{itemize}
 \item hard sell to Ott (who designed the RC-model)
 \item hard sell to the community working on access control (beyond \emph{good science})
 \end{itemize}

changeset 19	c3517b281164
parent 18	cfd4b8219c87
child 20	928c015eb03e