\documentclass[dvipsnames,14pt,t]{beamer}

\usepackage{beamerthemeplainculight}

\usepackage[T1]{fontenc}

\usepackage[latin1]{inputenc}

\usepackage{mathpartir}

\usepackage[absolute,overlay]{textpos}

\usepackage{ifthen}

\usepackage{tikz}

\usepackage{pgf}

\usepackage{calc} 

\usepackage{ulem}

\usepackage{courier}

\usepackage{listings}

\renewcommand{\uline}[1]{#1}

\usetikzlibrary{arrows}

\usetikzlibrary{automata}

\usetikzlibrary{shapes}

\usetikzlibrary{shadows}

\usetikzlibrary{positioning}

\usetikzlibrary{calc}

\usepackage{graphicx} 

\definecolor{javared}{rgb}{0.6,0,0} % for strings

\definecolor{javagreen}{rgb}{0.25,0.5,0.35} % comments

\definecolor{javapurple}{rgb}{0.5,0,0.35} % keywords

\definecolor{javadocblue}{rgb}{0.25,0.35,0.75} % javadoc

\lstset{language=Java,

	basicstyle=\ttfamily,

	keywordstyle=\color{javapurple}\bfseries,

	stringstyle=\color{javagreen},

	commentstyle=\color{javagreen},

	morecomment=[s][\color{javadocblue}]{/**}{*/},

	numbers=left,

	numberstyle=\tiny\color{black},

	stepnumber=1,

	numbersep=10pt,

	tabsize=2,

	showspaces=false,

	showstringspaces=false}

\lstdefinelanguage{scala}{

  morekeywords={abstract,case,catch,class,def,%

    do,else,extends,false,final,finally,%

    for,if,implicit,import,match,mixin,%

    new,null,object,override,package,%

    private,protected,requires,return,sealed,%

    super,this,throw,trait,true,try,%

    type,val,var,while,with,yield},

  otherkeywords={=>,<-,<\%,<:,>:,\#,@},

  sensitive=true,

  morecomment=[l]{//},

  morecomment=[n]{/*}{*/},

  morestring=[b]",

  morestring=[b]',

  morestring=[b]"""

}

\lstset{language=Scala,

	basicstyle=\ttfamily,

	keywordstyle=\color{javapurple}\bfseries,

	stringstyle=\color{javagreen},

	commentstyle=\color{javagreen},

	morecomment=[s][\color{javadocblue}]{/**}{*/},

	numbers=left,

	numberstyle=\tiny\color{black},

	stepnumber=1,

	numbersep=10pt,

	tabsize=2,

	showspaces=false,

	showstringspaces=false}

% beamer stuff 

\renewcommand{\slidecaption}{APP 04, King's College London, 16 October 2012}

\begin{document}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\mode<presentation>{

\begin{frame}<1>[t]

\frametitle{%

  \begin{tabular}{@ {}c@ {}}

  \\

  \LARGE Access Control and \\[-3mm] 

  \LARGE Privacy Policies (4)\\[-6mm] 

  \end{tabular}}\bigskip\bigskip\bigskip

  %\begin{center}

  %\includegraphics[scale=1.3]{pics/barrier.jpg}

  %\end{center}

\normalsize

  \begin{center}

  \begin{tabular}{ll}

  Email:  & christian.urban at kcl.ac.uk\\

  Of$\!$fice: & S1.27 (1st floor Strand Building)\\

  Slides: & KEATS (also homework is there)\\

  \end{tabular}

  \end{center}

\end{frame}}

 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\mode<presentation>{

\begin{frame}[c]

\frametitle{Unix-Style Access Control}

\begin{itemize}

\item Q: ``I am using Windows. Why should I care?'' \\ A: In Windows you have:

\begin{center}

\begin{tabular}{l}

administrators group\\ 

\hspace{5mm}(has complete control over the machine)\\

authenticated users\\

server operators\\

power users\\

network configuration operators\\

\end{tabular}

\end{center}\medskip

\item Modern versions of Windows have more fine-grained AC; they do not have a setuid bit, but

have \texttt{runas} (asks for a password).\pause

\item OS provided access control can \alert{add} to your

security.

\end{itemize}

\end{frame}}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\mode<presentation>{

\begin{frame}[c]

\frametitle{\begin{tabular}{c}Network Applications:\\[-1mm] Privilege Separation\end{tabular}}

\begin{center}

  \begin{tikzpicture}[scale=1]

  \draw[line width=1mm] (-.3, 0) rectangle (1.5,2);

  \draw (4.7,1) node {Internet};

  \draw (0.6,1.7) node {\footnotesize Interface};

  \draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}};

  \draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}};

  \draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2);

  \draw[white] (1.7,1) node (X) {};

  \draw[white] (3.7,1) node (Y) {};

  \draw[red, <->, line width = 2mm] (X) -- (Y);

  \draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1);

  \end{tikzpicture}

\end{center}

\begin{itemize}

\item the idea is make the attack surface smaller and 

mitigate the consequences of an attack

\end{itemize}

\end{frame}}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\mode<presentation>{

\begin{frame}[c]

\frametitle{Shared Access Control}

\begin{center}

\includegraphics[scale=0.7]{pics/pointsplane.jpg}

\end{center}

\begin{textblock}{11}(10.5,10.5)

\small

To take an action you\\[-1mm] 

need either:

\begin{itemize}

\item 1 CEO\\[-5mm]

\item 2 MDs\\[-5mm]

\item 3 Ds

\end{itemize}

\end{textblock}

\end{frame}}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\mode<presentation>{

\begin{frame}[c]

\frametitle{Lessons from Access Control}

\begin{itemize}

\item if you have too many roles (i.e.~too finegrained AC), then 

	hierarchy is too complex\\

	\textcolor{gray}{you invite situations like\ldots let's be root}\bigskip

\item you can still abuse the system\ldots

\end{itemize}

\end{frame}}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\mode<presentation>{

\begin{frame}[c]

\frametitle{\begin{tabular}{@ {}c@ {}}A ``Cron''-Attack\end{tabular}}

The idea is to trick a privileged person to do something on your behalf:

\begin{itemize}

\item root:\\\texttt{rm /tmp/*/*}\bigskip\bigskip\pause

\footnotesize

\begin{minipage}{1.1\textwidth}

\textcolor{gray}{the shell behind the scenes:}\\

\textcolor{gray}{\texttt{rm /tmp/dir$_1$/file$_1$ /tmp/dir$_1$/file$_2$ /tmp/dir$_2$/file$_1$ \ldots}}\bigskip\\

\textcolor{gray}{this takes time}

\end{minipage}

\end{itemize}

\end{frame}}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\mode<presentation>{

\begin{frame}[c]

\frametitle{\begin{tabular}{@ {}c@ {}}A ``Cron''-Attack\end{tabular}}

\begin{enumerate}

\item attacker \textcolor{gray}{(creates a fake passwd file)}\\ 

\texttt{mkdir /tmp/a; cat > /tmp/a/passwd}\medskip

\item root \textcolor{gray}{(does the daily cleaning)}\\

\texttt{rm /tmp/*/*}\medskip\\

\hspace{2cm}\textcolor{gray}{\small records that \texttt{/tmp/a/passwd}}\\ 

\hspace{2cm}\textcolor{gray}{\small should be deleted, but does not do it yet}\medskip\\

\item attacker \textcolor{gray}{(meanwhile deletes the fake passwd file, and establishes a link to 

the real passwd file)}\\

\texttt{rm /tmp/a/passwd; rmdir /tmp/a;}\\\texttt{ln -s /etc /tmp/a}\\

\item root now deletes  the real passwd file

\end{enumerate}

\only<2>{

\begin{textblock}{11}(2,5)

\begin{tikzpicture}

\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 

{\normalsize\color{darkgray}

\begin{minipage}{9cm}\raggedright

To prevent this kind of attack, you need additional

policies.

\end{minipage}};

\end{tikzpicture}

\end{textblock}}

\end{frame}}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\mode<presentation>{

\begin{frame}[c]

\frametitle{\begin{tabular}{@ {}c@ {}}Schneier Analysis\end{tabular}}

\begin{itemize}

\item What assets are you trying to protect?

\item What are the risks to these assets?

\item How well does the security solution mitigate those risks?

\item What other risks does the security solution cause?

\item What costs and trade-offs does the security solution impose?

\end{itemize}

\textcolor{gray}{There is no absolutely secure system and security almost never comes for free.}

\end{frame}}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\mode<presentation>{

\begin{frame}[t]

\frametitle{\begin{tabular}{@ {}c@ {}}Example: Credit Cards\end{tabular}}

You might have the policy of not typing in your credit card online. Worthwhile or not?

\begin{itemize}

\item<2->What assets are you trying to protect?\\

\only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}your credit card number\end{tabular}}

\item<3->What are the risks to these assets?\\

\only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright

With credit cards you loose a fixed amount \pounds{50}. Amazon \pounds{50}. \end{tabular}}

\item<4->How well does the security solution mitigate those risks?\\

\only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright

Well, hackers steal credit cards from databases. They usually do not attack you individually.\end{tabular}}

\item<5->What other risks does the security solution cause?

\only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright None (?)\end{tabular}}

\item<6->What costs and trade-offs does the security solution impose?

\only<6>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright Internet shopping is convenient and sometimes cheaper.\end{tabular}}

\item<7>[]{\bf\large No!}

\end{itemize}\pause\pause

\end{frame}}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\mode<presentation>{

\begin{frame}[c]

\frametitle{\begin{tabular}{@ {}c@ {}}Example: Firewall\end{tabular}}

\begin{center}

\includegraphics[scale=0.5]{pics/firewall.png}

\end{center}

A firewall is a piece of software that controls incoming and outgoing traffic according to some rules. 

\end{frame}}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\mode<presentation>{

\begin{frame}[t]

\frametitle{\begin{tabular}{@ {}c@ {}}Example: Firewall\end{tabular}}

\begin{itemize}

\item<1->What assets are you trying to protect?\\

\only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}Whatever is behind the firewall 

(credit cards, passwords, blueprints, \ldots)\end{tabular}}

\item<2->What are the risks to these assets?\\

\only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright

With a small online shop you are already at risk. Pentagon, definitely.\end{tabular}}

\item<3->How well does the security solution mitigate those risks?\\

\only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright

Well, at home so not much. Everywhere else, if properly configurated then it does.\end{tabular}}

\item<4->What other risks does the security solution cause?

\only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright There might be backdoors or bugs in the firewall,

but generally they are secure. You choose to prevent certain traffic.\end{tabular}}

\item<5->What costs and trade-offs does the security solution impose?

\only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright 

Minimal to modest. Firewalls are part of free software. You need a knowledgeable 

person to set them up.\end{tabular}}

\item<7>[]{\bf\large Yes!}

\end{itemize}\pause\pause

\end{frame}}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\mode<presentation>{

\begin{frame}[t]

\frametitle{\begin{tabular}{@ {}c@ {}}Ex: Two-Factor Authentication\end{tabular}}

Google uses nowadays two-factor authentication. But it is an old(er)

idea. It is used for example in Germany and Netherlands for online transactions.

\begin{center}

\includegraphics[scale=0.6]{pics/tan1.jpg}\hspace{5mm}

\includegraphics[scale=0.2]{pics/tan2.jpg}

\end{center}

\pause

Or nowadays by SMS (restricts the validity of the numbers) or with a secure generator

\begin{center}

\includegraphics[scale=0.08]{pics/pinsentry.jpg}

\end{center}

\end{frame}}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\mode<presentation>{

\begin{frame}[t]

\frametitle{\begin{tabular}{@ {}c@ {}}Ex: Two-Factor Authentication\end{tabular}}

\begin{itemize}

\item<1->What assets are you trying to protect?\\

\only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}Your bank account.\end{tabular}}

\item<2->What are the risks to these assets?\\

\only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright

Nowadays pretty high risk.\end{tabular}}

\item<3->How well does the security solution mitigate those risks?\\

\only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright

It prevents problems when passwords are stolen. Man-in-the-middle attacks 

still possible.\end{tabular}}

\item<4->What other risks does the security solution cause?

\only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright Your mobile phone or creditcard/pin might 

be stolen. SIM card become valuable.\end{tabular}}

\item<5->What costs and trade-offs does the security solution impose?

\only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright 

Banks need to establish an infrastructure. For you it might be inconvenient.\end{tabular}}

\item<7>[]{\bf\large Yes!}

\end{itemize}

\end{frame}}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\mode<presentation>{

\begin{frame}[t]

\frametitle{\begin{tabular}{@ {}c@ {}}Security Seals\end{tabular}}

According to Ross Anderson: ``\ldots is a tamper-indicating device 

designed to leave non-erasable, unambiguous evidence of unauthorized 

entry or tampering.''

\begin{center}

\includegraphics[scale=0.45]{pics/seal.jpg}

\end{center}\mbox{}\\[-12mm]

They also need some quite sophisticated policies (seal regiment).

\end{frame}}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\mode<presentation>{

\begin{frame}[t]

\frametitle{\begin{tabular}{@ {}c@ {}}Security Seals (2)\end{tabular}}

\begin{itemize}

\item at the Argonne National Laboratory they tested 244 different security seals (including 19\%

that were used for safeguard of nuclear material)

\begin{itemize}

\item mean time to break the seals for a trained person: 100 s 

\end{itemize}\bigskip

\item Andrew Appel defeated all security seals which were supposed to keep 

voting machines safe.

\end{itemize}

\only<2>{

\begin{textblock}{11}(1,1)

\begin{tikzpicture}

\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 

{\normalsize

\begin{minipage}{11cm}\raggedright\small

\begin{center}

\includegraphics[scale=0.25]{pics/appelseals.jpg}

\end{center}

\begin{center}

\begin{minipage}{10.5cm}

\begin{itemize}

\item The tamper-indicating tape can be lifted using a heat gun.

\item The security screw cap can be removed using a screwdriver, then the

serial-numbered top can be replaced (undamaged) onto a fresh (unnumbered) base.

\item The wire seal can be defeated using a \#4 wood screw.

\item The plastic strap seal can be picked using a jeweler's screwdriver.

\end{itemize}

\end{minipage}

\end{center}

\end{minipage}};

\end{tikzpicture}

\end{textblock}}

\end{frame}}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\mode<presentation>{

\begin{frame}[t]

\frametitle{\begin{tabular}{@ {}c@ {}}Ex: Security Seals\end{tabular}}

\begin{itemize}

\item<1->What assets are you trying to protect?\\

\only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}Voting machines, doors.\end{tabular}}

\item<2->What are the risks to these assets?\\

\only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright Casual thiefs, insider attacks.\end{tabular}}

\item<3->How well does the security solution mitigate those risks?\\

\only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright

Needs a quite complicated security regiment.\end{tabular}}

\item<4->What other risks does the security solution cause?

\only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright You might not notice tampering.\end{tabular}}

\item<5->What costs and trade-offs does the security solution impose?

\only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright 

The ``hardware'' is cheap, but indirect costs can be quite high.\end{tabular}}

\item<7>[]{\bf\large No!} {\textcolor{gray}{Though in some areas they work: airport.}}

\end{itemize}

\end{frame}}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

\end{document}

%%% Local Variables:  

%%% mode: latex

%%% TeX-master: t

%%% End: