sen-material: slides03.tex@5d0f7da375da (annotated)

28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	1	\documentclass[dvipsnames,14pt,t]{beamer}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	2	\usepackage{beamerthemeplainculight}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	3	\usepackage[T1]{fontenc}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	4	\usepackage[latin1]{inputenc}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	5	\usepackage{mathpartir}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	6	\usepackage[absolute,overlay]{textpos}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	7	\usepackage{ifthen}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	8	\usepackage{tikz}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	9	\usepackage{pgf}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	10	\usepackage{calc}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	11	\usepackage{ulem}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	12	\usepackage{courier}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	13	\usepackage{listings}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	14	\renewcommand{\uline}[1]{#1}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	15	\usetikzlibrary{arrows}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	16	\usetikzlibrary{automata}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	17	\usetikzlibrary{shapes}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	18	\usetikzlibrary{shadows}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	19	\usetikzlibrary{positioning}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	20	\usetikzlibrary{calc}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	21	\usepackage{graphicx}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	22
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	23	\definecolor{javared}{rgb}{0.6,0,0} % for strings
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	24	\definecolor{javagreen}{rgb}{0.25,0.5,0.35} % comments
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	25	\definecolor{javapurple}{rgb}{0.5,0,0.35} % keywords
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	26	\definecolor{javadocblue}{rgb}{0.25,0.35,0.75} % javadoc
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	27
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	28	\lstset{language=Java,
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	29	basicstyle=\ttfamily,
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	30	keywordstyle=\color{javapurple}\bfseries,
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	31	stringstyle=\color{javagreen},
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	32	commentstyle=\color{javagreen},
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	33	morecomment=[s][\color{javadocblue}]{/*}{/},
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	34	numbers=left,
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	35	numberstyle=\tiny\color{black},
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	36	stepnumber=1,
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	37	numbersep=10pt,
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	38	tabsize=2,
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	39	showspaces=false,
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	40	showstringspaces=false}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	41
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	42	\lstdefinelanguage{scala}{
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	43	morekeywords={abstract,case,catch,class,def,%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	44	do,else,extends,false,final,finally,%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	45	for,if,implicit,import,match,mixin,%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	46	new,null,object,override,package,%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	47	private,protected,requires,return,sealed,%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	48	super,this,throw,trait,true,try,%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	49	type,val,var,while,with,yield},
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	50	otherkeywords={=>,<-,<\%,<:,>:,\#,@},
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	51	sensitive=true,
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	52	morecomment=[l]{//},
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	53	morecomment=[n]{/}{/},
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	54	morestring=[b]",
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	55	morestring=[b]',
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	56	morestring=[b]"""
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	57	}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	58
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	59	\lstset{language=Scala,
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	60	basicstyle=\ttfamily,
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	61	keywordstyle=\color{javapurple}\bfseries,
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	62	stringstyle=\color{javagreen},
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	63	commentstyle=\color{javagreen},
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	64	morecomment=[s][\color{javadocblue}]{/*}{/},
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	65	numbers=left,
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	66	numberstyle=\tiny\color{black},
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	67	stepnumber=1,
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	68	numbersep=10pt,
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	69	tabsize=2,
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	70	showspaces=false,
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	71	showstringspaces=false}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	72
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	73	% beamer stuff
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	74	\renewcommand{\slidecaption}{APP 02, King's College London, 9 October 2012}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	75
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	76
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	77	\begin{document}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	78
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	79	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	80	\mode<presentation>{
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	81	\begin{frame}<1>[t]
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	82	\frametitle{%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	83	\begin{tabular}{@ {}c@ {}}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	84	\\
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	85	\LARGE Access Control and \\[-3mm]
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	86	\LARGE Privacy Policies (3)\\[-6mm]
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	87	\end{tabular}}\bigskip\bigskip\bigskip
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	88
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	89	%\begin{center}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	90	%\includegraphics[scale=1.3]{pics/barrier.jpg}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	91	%\end{center}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	92
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	93	\normalsize
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	94	\begin{center}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	95	\begin{tabular}{ll}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	96	Email: & christian.urban at kcl.ac.uk\\
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	97	Of$\!$fice: & S1.27 (1st floor Strand Building)\\
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	98	Slides: & KEATS (also home work is there)\\
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	99	& \alert{\bf (I have put a temporary link in there.)}\\
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	100	\end{tabular}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	101	\end{center}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	102
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	103
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	104	\end{frame}}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	105	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	106
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	107	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	108	\mode<presentation>{
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	109	\begin{frame}[c]
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	110
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	111	\begin{center}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	112	\includegraphics[scale=0.45]{pics/trainwreck.jpg}\\
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	113	one general defence mechanism is\\\alert{\bf defence in depth}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	114	\end{center}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	115
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	116
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	117	\end{frame}}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	118	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	119
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	120	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	121	\mode<presentation>{
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	122	\begin{frame}<1-2>[c]
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	123	\frametitle{Defence in Depth}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	124
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	125	\begin{itemize}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	126	\item \alt<1>{overlapping}{{\LARGE\bf overlapping}} systems designed to provide\\ security even if one of them fails.
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	127	\end{itemize}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	128
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	129	\only<2->{
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	130	\begin{textblock}{11}(2,12)
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	131	\small otherwise your ``added security'' can become the point of failure
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	132	\end{textblock}}
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	133
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	134	\end{frame}}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	135	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	136
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	137	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	138	\mode<presentation>{
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	139	\begin{frame}[c]
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	140	\frametitle{PALs}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	141
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	142	\begin{itemize}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	143	\item \alert{Permissive Action Links} prevent unauthorised use of nuclear weapons (so the theory)
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	144	\end{itemize}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	145
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	146	\begin{center}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	147	\includegraphics[scale=0.25]{pics/nuclear1.jpg}\hspace{3mm}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	148	\includegraphics[scale=0.25]{pics/nuclear2.jpg}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	149	\end{center}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	150
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	151
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	152	\onslide<3->{
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	153	modern PALs also include a 2-person rule
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	154	}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	155
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	156	\only<2->{
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	157	\begin{textblock}{11}(3,2)
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	158	\begin{tikzpicture}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	159	\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	160	{\begin{minipage}{8cm}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	161	US Air Force's Strategic Air Command worried that in times of need the
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	162	codes would not be available, so until 1977 quietly decided to set them
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	163	to 00000000\ldots
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	164	\end{minipage}};
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	165	\end{tikzpicture}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	166	\end{textblock}}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	167
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	168
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	169	\end{frame}}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	170	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	171
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	172	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	173	\mode<presentation>{
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	174	\begin{frame}[c]
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	175
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	176	\begin{itemize}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	177	\item until 1998, Britain had nuclear weapons that could be launched from airplanes\bigskip\pause
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	178
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	179	\item these weapons were armed with a bicycle key
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	180
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	181	\begin{center}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	182	\begin{tabular}[b]{c}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	183	\includegraphics[scale=1.05]{pics/britkeys1.jpg}\\
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	184	\small nuclear weapon keys
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	185	\end{tabular}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	186	\hspace{3mm}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	187	\begin{tabular}[b]{c}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	188	\includegraphics[scale=0.35]{pics/britkeys2.jpg}\\
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	189	\small bicycle lock
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	190	\end{tabular}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	191	\end{center}\bigskip\pause
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	192
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	193	\item the current Trident nuclear weapons can be launched from a submarine without any code being transmitted
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	194	\end{itemize}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	195
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	196	\end{frame}}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	197	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	198
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	199
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	200
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	201	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	202	\mode<presentation>{
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	203	\begin{frame}[c]
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	204	\frametitle{Access Control in Unix}
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	205
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	206	\begin{itemize}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	207	\item access control provided by the OS
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	208	\item authenticate principals (login)
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	209	\item mediate access to files, ports, processes according to \alert{roles} (user ids)\\
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	210	\item roles get attached with privileges\bigskip\\%
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	211	\hspace{8mm}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	212	\begin{tikzpicture}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	213	\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	214	{\begin{minipage}{8cm}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	215	\alert{principle of least privilege:}\\
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	216	programs should only have as much privilege as they need
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	217	\end{minipage}};
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	218	\end{tikzpicture}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	219	\end{itemize}
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	220
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	221	\end{frame}}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	222	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	223
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	224	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	225	\mode<presentation>{
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	226	\begin{frame}[c]
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	227	\frametitle{Access Control in Unix (2)}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	228
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	229	\begin{itemize}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	230	\item the idea is to restrict access to files and therefore lower the consequences of an attack\\[1cm]\mbox{}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	231	\end{itemize}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	232
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	233	\begin{textblock}{1}(2.5,9.5)
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	234	\begin{tikzpicture}[scale=1]
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	235
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	236	\draw[line width=1mm] (-.3, 0) rectangle (1.5,2);
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	237	\draw (4.7,1) node {Internet};
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	238	\draw (0.6,1.7) node {\footnotesize Interface};
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	239	\draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unpriviledged\\[-1mm] process\end{tabular}};
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	240	\draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}priviledged\\[-1mm] process\end{tabular}};
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	241
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	242	\draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2);
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	243
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	244	\draw[white] (1.7,1) node (X) {};
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	245	\draw[white] (3.7,1) node (Y) {};
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	246	\draw[red, <->, line width = 2mm] (X) -- (Y);
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	247
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	248	\draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1);
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	249	\end{tikzpicture}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	250	\end{textblock}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	251
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	252	\end{frame}}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	253	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	254
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	255
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	256	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	257	\mode<presentation>{
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	258	\begin{frame}[t]
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	259	\frametitle{Process Ownership}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	260
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	261	\begin{itemize}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	262	\item access control in Unix is very coarse
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	263	\end{itemize}\bigskip\bigskip\bigskip
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	264
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	265	\begin{center}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	266	\begin{tabular}{c}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	267	root\\
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	268	\hline
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	269
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	270	user$_1$ user$_2$ \ldots www, mail, lp
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	271	\end{tabular}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	272	\end{center}\bigskip\bigskip\bigskip
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	273
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	274
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	275	\textcolor{gray}{\small root has UID $=$ 0}\\\pause
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	276	\textcolor{gray}{\small you also have groups that can share access to a file}\\
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	277	\textcolor{gray}{\small but it is difficult to exclude access selectively}\\
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	278	\end{frame}}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	279	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	280
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	281	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	282	\mode<presentation>{
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	283	\begin{frame}[c]
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	284	\frametitle{Access Control in Unix (2)}
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	285
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	286
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	287	\begin{itemize}
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	288	\item privileges are specified by file access permissions (``everything is a file'')
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	289	\item there are 9 (plus 2) bits that specify the permissions of a file
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	290
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	291	\begin{center}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	292	\begin{tabular}{l}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	293	\texttt{\$ ls - la}\\
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	294	\texttt{-rwxrw-r-{}- \hspace{3mm} foo\_file.txt}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	295	\end{tabular}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	296	\end{center}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	297	\end{itemize}
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	298
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	299	\end{frame}}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	300	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	301
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	302
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	303	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	304	\mode<presentation>{
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	305	\begin{frame}[c]
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	306	\frametitle{Login Process}
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	307
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	308
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	309	\begin{itemize}
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	310	\item login processes run under UID $=$ 0\medskip
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	311	\begin{center}
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	312	\texttt{ps -axl \| grep login}
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	313	\end{center}\medskip
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	314
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	315	\item after login, shells run under UID $=$ user (e.g.~501)\medskip
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	316	\begin{center}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	317	\texttt{id cu}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	318	\end{center}\medskip\pause
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	319
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	320	\item non-root users are not allowed to change the UID --- would break
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	321	access control
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	322	\item but needed for example for \texttt{passwd}
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	323	\end{itemize}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	324
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	325	\end{frame}}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	326	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	327
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	328
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	329
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	330	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	331	\mode<presentation>{
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	332	\begin{frame}[c]
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	333	\frametitle{Setuid and Setgid}
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	334
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	335	The solution is that unix file permissions are 9 + \underline{2 Bits}:
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	336	\alert{Setuid} and \alert{Setgid} Bits
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	337
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	338	\begin{itemize}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	339	\item When a file with setuid is executed, the resulting process will assume the UID given to the owner of the file.
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	340	\item This enables users to create processes as root (or another user).\bigskip
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	341
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	342	\item Essential for changing passwords, for example.
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	343	\end{itemize}
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	344
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	345	\begin{center}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	346	\texttt{chmod 4755 fobar\_file}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	347	\end{center}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	348
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	349	\end{frame}}
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	350	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	351
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	352
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	353	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	354	\mode<presentation>{
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	355	\begin{frame}[c]
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	356	\frametitle{\begin{tabular}{c}Privilege Separation in\\ OpenSSH\end{tabular}}
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	357
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	358	\begin{center}
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	359	\begin{tikzpicture}[scale=1]
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	360
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	361	\draw[line width=1mm] (0, 1.1) rectangle (1.2,2);
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	362	\draw (4.7,1) node {Internet};
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	363	\draw (0.6,1.7) node {\footnotesize Slave};
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	364	\draw[line width=1mm] (0, 0) rectangle (1.2,0.9);
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	365	\draw (0.6,1.7) node {\footnotesize Slave};
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	366	\draw (0.6,0.6) node {\footnotesize Slave};
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	367	\draw (0.6,-0.5) node {\footnotesize \begin{tabular}{c}unpriviledged\\[-1mm] processes\end{tabular}};
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	368	\draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}priviledged\\[-1mm] process\end{tabular}};
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	369
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	370	\draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2);
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	371	\draw (-2.9,1.7) node {\footnotesize Monitor};
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	372
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	373	\draw[white] (1.7,1) node (X) {};
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	374	\draw[white] (3.7,1) node (Y) {};
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	375	\draw[red, <->, line width = 2mm] (X) -- (Y);
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	376
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	377	\draw[red, <->, line width = 1mm] (-0.4,1.4) -- (-1.4,1.1);
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	378	\draw[red, <->, line width = 1mm] (-0.4,0.6) -- (-1.4,0.9);
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	379
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	380	\end{tikzpicture}
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	381	\end{center}
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	382
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	383	\begin{itemize}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	384	\item pre-authorisation slave
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	385	\item post-authorisation\bigskip
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	386	\item 25\% codebase is privileged, 75\% is unprivileged
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	387	\end{itemize}
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	388	\end{frame}}
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	389	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	390
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	391	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	392	\mode<presentation>{
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	393	\begin{frame}[c]
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	394	\frametitle{Network Applications}
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	395
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	396	ideally network application in Unix should be designed as follows:
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	397
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	398	\begin{itemize}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	399	\item need two distinct processes
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	400	\begin{itemize}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	401	\item one that listens to the network; has no privilege
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	402	\item one that is privileged and listens to the latter only (but does not trust it)
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	403
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	404	\end{itemize}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	405
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	406	\item to implement this you need a parent process, which forks a child process
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	407	\item this child process drops privileges and listens to hostile data\medskip
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	408
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	409	\item after authentication the parent forks again and the new child becomes the user
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	410	\end{itemize}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	411
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	412
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	413	\end{frame}}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	414	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	415
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	416
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	417	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	418	\mode<presentation>{
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	419	\begin{frame}[c]
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	420	\frametitle{\begin{tabular}{@ {}c@ {}}Famous Security Flaws in Unix\end{tabular}}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	421
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	422
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	423	\begin{itemize}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	424	\item \texttt{lpr} unfortunately runs with root privileges; you had the option to delete files after printing \ldots\pause\pause
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	425	\item for debugging purposes (FreeBSD) Unix provides a ``core dump'', but allowed to follow links \ldots\pause
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	426	\item \texttt{mkdir foo} is owned by root\medskip
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	427	\begin{center}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	428	\texttt{-rwxr-xr-x 1 root wheel /bin/mkdir}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	429	\end{center}\medskip
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	430	it first creates an i-node as root and then changes to ownership to the user's id\\ \textcolor{gray}{\small (automated with a shell script)}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	431	\end{itemize}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	432
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	433	\only<1>{
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	434	\begin{textblock}{1}(3,3)
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	435	\begin{tikzpicture}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	436	\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	437	{\begin{minipage}{8cm}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	438	Only failure makes us experts.
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	439	-- Theo de Raadt (OpenBSD, OpenSSH)
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	440	\end{minipage}};
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	441	\end{tikzpicture}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	442	\end{textblock}}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	443
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	444
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	445
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	446	\end{frame}}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	447	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	448
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	449	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	450	\mode<presentation>{
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	451	\begin{frame}[c]
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	452	\frametitle{\begin{tabular}{@ {}c@ {}}Other Problems\end{tabular}}
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	453
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	454	There are thing's you just cannot solve on the programming side:\bigskip
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	455
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	456	\begin{itemize}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	457	\item for system maintenance you often have \texttt{cron}-jobs cleaning \texttt{/tmp}\medskip
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	458	\begin{itemize}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	459	\item attacker:\\
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	460	\texttt{mkdir /tmp/a; cat > /tmp/a/passwd}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	461	\item root:\\\texttt{rm /tmp//}:
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	462	\item attacker:\\
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	463	\texttt{rm /tmp/a/passwd; rmdir /tmp/a;}\\\texttt{ln -s /etc /tmp/a}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	464	\end{itemize}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	465	\end{itemize}
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	466
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	467	\end{frame}}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	468	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	469
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	470	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	471	\mode<presentation>{
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	472	\begin{frame}[c]
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	473	\frametitle{\begin{tabular}{@ {}c@ {}}Security Levels\end{tabular}}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	474
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	475	Unix essentially can only distinguish between two security levels (root and non-root).
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	476
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	477	\begin{itemize}
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	478	\item In military applications you often have many security levels (top-secret, secret, confidential, unclassified)\bigskip\pause
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	479
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	480	\item Information flow: Bell --- La Pudela model
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	481
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	482	\begin{itemize}
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	483	\item read: your own level and below
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	484	\item write: your own level and above
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	485	\end{itemize}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	486	\end{itemize}
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	487
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	488	\end{frame}}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	489	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	490
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	491
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	492	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	493	\mode<presentation>{
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	494	\begin{frame}[c]
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	495	\frametitle{\begin{tabular}{@ {}c@ {}}Security Levels (2)\end{tabular}}
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	496
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	497	\begin{itemize}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	498	\item Bell --- La Pudela preserves data secrecy, but not data integrity\bigskip\pause
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	499
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	500	\item Biba model is for data integrity
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	501
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	502	\begin{itemize}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	503	\item read: your own level and above
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	504	\item write: your own level and below
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	505	\end{itemize}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	506	\end{itemize}
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	507
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	508	\end{frame}}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	509	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	510
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	511	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	512	\mode<presentation>{
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	513	\begin{frame}[c]
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	514	\frametitle{\begin{tabular}{@ {}c@ {}}Access Control in 2000\end{tabular}}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	515
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	516	According to Ross Anderson (1st edition of his book), some senior Microsoft people held the
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	517	following view:
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	518
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	519	\begin{center}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	520	\begin{tikzpicture}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	521	\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	522	{\begin{minipage}{10.5cm}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	523	\small Access control does not matter. Computers are becoming single-purpose
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	524	or single-user devices. Single-purpose devices, such as Web servers that deliver a single service, don't
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	525	need much in the way of access control as there's nothing for operating system access controls
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	526	to do; the job of separating users from each other is best left to application code. As for the PC
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	527	on your desk, if all the software on it comes from a single source, then again there's no need
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	528	for the operating system to provide separation. \hfill{}\textcolor{gray}{(in 2000)}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	529	\end{minipage}};
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	530	\end{tikzpicture}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	531	\end{center}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	532
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	533	\end{frame}}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	534	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	535
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	536
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	537	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	538	\mode<presentation>{
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	539	\begin{frame}[t]
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	540	\frametitle{\begin{tabular}{@ {}c@ {}}Research Problems\end{tabular}}
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	541
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	542	\begin{itemize}
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	543	\item with access control we are back to 1970s\bigskip
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	544
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	545	\only<1>{
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	546	\begin{tikzpicture}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	547	\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	548	{\begin{minipage}{10cm}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	549	\small Going all the way back to early time-sharing systems we systems people regarded the users, and any code they wrote, as the mortal enemies of us and each other. We were like the police force in a violent slum.\\
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	550	\mbox{}\hfill--- Roger Needham
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	551	\end{minipage}};
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	552	\end{tikzpicture}}\pause
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	553
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	554	\item the largest research area in access control in 2000-07 has been ``Trusted Computing'', but thankfully it
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	555	is dead now\bigskip
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	556	\item a useful research area is to not just have robust access control, but also usable access control --- by programmers and users\\
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	557	(one possible answer is operating system virtualisation, e.g.~Xen, VMWare)\medskip\pause
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	558
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	559	\item electronic voting
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	560	\end{itemize}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	561	\end{frame}}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	562	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	563
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	564	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	565	\mode<presentation>{
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	566	\begin{frame}[t]
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	567	\frametitle{\begin{tabular}{@ {}c@ {}}Mobile OS\end{tabular}}
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	568
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	569	\begin{itemize}
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	570	\item iOS and Android solve the defence-in-depth problem by \alert{sandboxing} applications\bigskip
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	571
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	572	\item you as developer have to specify the resources an application needs
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	573	\item the OS provides a sandbox where access is restricted to only these resources
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	574	\end{itemize}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	575	\end{frame}}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	576	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	577
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	578
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	579
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	580	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	581	\mode<presentation>{
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	582	\begin{frame}[c]
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	583	\frametitle{\begin{tabular}{@ {}c@ {}}Security Theater\end{tabular}}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	584
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	585
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	586	Security theater is the practice of investing in countermeasures intended to provide the
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	587	\underline{feeling} of improved security while doing little or nothing to actually achieve it.\hfill{}\textcolor{gray}{Bruce Schneier}
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	588
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	589	\end{frame}}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	590	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	591
29 5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	592	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	593	\mode<presentation>{
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	594	\begin{frame}[c]
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	595	\frametitle{\begin{tabular}{@ {}c@ {}}\end{tabular}}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	596
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	597
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	598	Security theater is the practice of investing in countermeasures intended to provide the
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	599	\underline{feeling} of improved security while doing little or nothing to actually achieve it.\hfill{}\textcolor{gray}{Bruce Schneier}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	600
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	601	\end{frame}}
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	602	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	603
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	604
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	605	From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	606	Sender: cl-security-research-bounces@lists.cam.ac.uk
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	607	To: cl-security-research@lists.cam.ac.uk
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	608	Subject: Tip off
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	609	Date: Tue, 02 Oct 2012 13:12:50 +0100
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	610
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	611	I received the following tip off, and have removed the sender's
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	612	coordinates. I suspect it is one of many security vendors who
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	613	don't even get the basics right; if you ever go to the RSA
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	614	conference, there are a thousand such firms in the hall, each
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	615	with several eager but ignorant salesmen. A trying experience
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	616
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	617	Ross
5d0f7da375da tuned Christian Urban <urbanc@in.tum.de> parents: 28 diff changeset	618
28 10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	619
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	620	\end{document}
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	621
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	622	%%% Local Variables:
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	623	%%% mode: latex
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	624	%%% TeX-master: t
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	625	%%% End:
10da75d5db5d pushed Christian Urban <urbanc@in.tum.de> parents: diff changeset	626

author	Christian Urban <urbanc@in.tum.de>
	Tue, 09 Oct 2012 13:39:31 +0100
changeset 29	5d0f7da375da
parent 28	10da75d5db5d
child 30	9dc8159c9af7
permissions	-rw-r--r--