113 

   136 

   137 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   138 \mode<presentation>{

   139 \begin{frame}[c]

   140 \frametitle{\begin{tabular}{c}Network Applications:\\[-1mm] Privilege Separation\end{tabular}}

   141 

   142 

   143 \begin{center}

   144   \begin{tikzpicture}[scale=1]

   145   

   146   \draw[line width=1mm] (-.3, 0) rectangle (1.5,2);

   147   \draw (4.7,1) node {Internet};

   148   \draw (-2.7,1.7) node {\footnotesize Application};

   149   \draw (0.6,1.7) node {\footnotesize Interface};

   150   \draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}};

   151   \draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}};

   152   

   153   \draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2);

   154 

   155   \draw[white] (1.7,1) node (X) {};

   156   \draw[white] (3.7,1) node (Y) {};

   157   \draw[red, <->, line width = 2mm] (X) -- (Y);

   158  

   159   \draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1);

   160   \end{tikzpicture}

   161 \end{center}

   162 

   163 \begin{itemize}

   164 \item the idea is make the attack surface smaller and 

   165 mitigate the consequences of an attack

   166 \end{itemize}

   167 

   168 

   169 \end{frame}}

   170 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

   171 

   172 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   173 \mode<presentation>{

   174 \begin{frame}[c]

   175 \frametitle{Access Control in Unix}

   176 

   177 \begin{itemize}

   178 \item access control provided by the OS

   179 \item authenticate principals (login)

   180 \item mediate access to files, ports, processes according to \alert{roles} (user ids)\\

   181 \item roles get attached with privileges\bigskip\\%

   182 \hspace{8mm}

   183 \begin{tikzpicture}

   184 \draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 

   185 {\begin{minipage}{8cm}

   186 \alert{The principle of least privilege:}\\

   187 programs should only have as much privilege as they need 

   188 \end{minipage}};

   189 \end{tikzpicture}

   190 \end{itemize}

   191 

   192 \end{frame}}

   193 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

   194 

   195 

   196 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   197 \mode<presentation>{

   198 \begin{frame}[c]

   199 \frametitle{\begin{tabular}{@ {}c@ {}}A ``Cron''-Attack\end{tabular}}

   200 

   201 \begin{enumerate}

   202 \item attacker \textcolor{gray}{(creates a fake passwd file)}\\ 

   203 \texttt{mkdir /tmp/a; cat > /tmp/a/passwd}\medskip

   204 \item root \textcolor{gray}{(does the daily cleaning)}\\

   205 \texttt{rm /tmp/*/*}\medskip\\

   206 \hspace{2cm}\textcolor{gray}{\small records that \texttt{/tmp/a/passwd}}\\ 

   207 \hspace{2cm}\textcolor{gray}{\small should be deleted, but does not do it yet}\medskip\\

   208 

   209 \item attacker \textcolor{gray}{(meanwhile deletes the fake passwd file, and establishes a link to 

   210 the real passwd file)}\\

   211 \texttt{rm /tmp/a/passwd; rmdir /tmp/a;}\\\texttt{ln -s /etc /tmp/a}\\

   212 \item root now deletes  the real passwd file

   213 \end{enumerate}

   214 

   215 \only<2>{

   216 \begin{textblock}{11}(2,5)

   217 \begin{tikzpicture}

   218 \draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 

   219 {\normalsize\color{darkgray}

   220 \begin{minipage}{9cm}\raggedright

   221 To prevent this kind of attack, you need additional

   222 policies (don't do such operations as root).

   223 \end{minipage}};

   224 \end{tikzpicture}

   225 \end{textblock}}

   226 

   227 \end{frame}}

   228 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

   229 

   230 

   231