120 power users\\ |
120 power users\\ |
121 network configuration operators\\ |
121 network configuration operators\\ |
122 \end{tabular} |
122 \end{tabular} |
123 \end{center}\medskip |
123 \end{center}\medskip |
124 |
124 |
125 \item Modern versions of Windows have more fine-grained AC; they do not have a setuid bit, but |
125 \item Modern versions of Windows have more fine-grained AC than Unix; they do not have a setuid bit, but |
126 have \texttt{runas} (asks for a password).\pause |
126 have \texttt{runas} (asks for a password).\pause |
127 |
127 |
128 \item OS provided access control can \alert{add} to your |
128 \item OS provided access control can \alert{add} to your |
129 security. |
129 security. |
130 \end{itemize} |
130 \end{itemize} |
142 \begin{center} |
142 \begin{center} |
143 \begin{tikzpicture}[scale=1] |
143 \begin{tikzpicture}[scale=1] |
144 |
144 |
145 \draw[line width=1mm] (-.3, 0) rectangle (1.5,2); |
145 \draw[line width=1mm] (-.3, 0) rectangle (1.5,2); |
146 \draw (4.7,1) node {Internet}; |
146 \draw (4.7,1) node {Internet}; |
|
147 \draw (-2.7,1.7) node {\footnotesize Application}; |
147 \draw (0.6,1.7) node {\footnotesize Interface}; |
148 \draw (0.6,1.7) node {\footnotesize Interface}; |
148 \draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}}; |
149 \draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}}; |
149 \draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}}; |
150 \draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}}; |
150 |
151 |
151 \draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2); |
152 \draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2); |
192 |
193 |
193 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
194 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
194 \mode<presentation>{ |
195 \mode<presentation>{ |
195 \begin{frame}[c] |
196 \begin{frame}[c] |
196 \frametitle{Lessons from Access Control} |
197 \frametitle{Lessons from Access Control} |
|
198 |
|
199 Not just restricted to Unix: |
197 |
200 |
198 \begin{itemize} |
201 \begin{itemize} |
199 \item if you have too many roles (i.e.~too finegrained AC), then |
202 \item if you have too many roles (i.e.~too finegrained AC), then |
200 hierarchy is too complex\\ |
203 hierarchy is too complex\\ |
201 \textcolor{gray}{you invite situations like\ldots let's be root}\bigskip |
204 \textcolor{gray}{you invite situations like\ldots let's be root}\bigskip |
254 \begin{tikzpicture} |
257 \begin{tikzpicture} |
255 \draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] |
258 \draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] |
256 {\normalsize\color{darkgray} |
259 {\normalsize\color{darkgray} |
257 \begin{minipage}{9cm}\raggedright |
260 \begin{minipage}{9cm}\raggedright |
258 To prevent this kind of attack, you need additional |
261 To prevent this kind of attack, you need additional |
259 policies. |
262 policies (don't do such operations as root). |
260 \end{minipage}}; |
263 \end{minipage}}; |
261 \end{tikzpicture} |
264 \end{tikzpicture} |
262 \end{textblock}} |
265 \end{textblock}} |
263 |
266 |
264 \end{frame}} |
267 \end{frame}} |
267 |
270 |
268 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
271 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
269 \mode<presentation>{ |
272 \mode<presentation>{ |
270 \begin{frame}[c] |
273 \begin{frame}[c] |
271 \frametitle{\begin{tabular}{@ {}c@ {}}Schneier Analysis\end{tabular}} |
274 \frametitle{\begin{tabular}{@ {}c@ {}}Schneier Analysis\end{tabular}} |
|
275 |
|
276 \textcolor{gray}{There is no absolutely secure system and security almost never comes for free.} |
272 |
277 |
273 \begin{itemize} |
278 \begin{itemize} |
274 \item What assets are you trying to protect? |
279 \item What assets are you trying to protect? |
275 \item What are the risks to these assets? |
280 \item What are the risks to these assets? |
276 \item How well does the security solution mitigate those risks? |
281 \item How well does the security solution mitigate those risks? |
277 \item What other risks does the security solution cause? |
282 \item What other risks does the security solution cause? |
278 \item What costs and trade-offs does the security solution impose? |
283 \item What costs and trade-offs does the security solution impose? |
279 \end{itemize} |
284 \end{itemize} |
280 |
285 |
281 \textcolor{gray}{There is no absolutely secure system and security almost never comes for free.} |
|
282 |
286 |
283 \end{frame}} |
287 \end{frame}} |
284 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
288 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
285 |
289 |
286 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
290 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
426 \mode<presentation>{ |
430 \mode<presentation>{ |
427 \begin{frame}[t] |
431 \begin{frame}[t] |
428 \frametitle{\begin{tabular}{@ {}c@ {}}Security Seals (2)\end{tabular}} |
432 \frametitle{\begin{tabular}{@ {}c@ {}}Security Seals (2)\end{tabular}} |
429 |
433 |
430 \begin{itemize} |
434 \begin{itemize} |
431 \item at the Argonne National Laboratory they tested 244 different security seals (including 19\% |
435 \item at the Argonne National Laboratory they tested 244 different security seals |
432 that were used for safeguard of nuclear material) |
436 \begin{itemize} |
433 \begin{itemize} |
437 \item meantime to break the seals for a trained person: 100 s |
434 \item mean time to break the seals for a trained person: 100 s |
438 \item including 19\% that were used for safeguard of nuclear material |
435 \end{itemize}\bigskip |
439 \end{itemize}\bigskip |
436 |
440 |
437 \item Andrew Appel defeated all security seals which were supposed to keep |
441 \item Andrew Appel defeated all security seals which were supposed to keep |
438 voting machines safe |
442 voting machines safe |
439 \end{itemize} |
443 \end{itemize} |
468 |
472 |
469 |
473 |
470 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
474 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
471 \mode<presentation>{ |
475 \mode<presentation>{ |
472 \begin{frame}[t] |
476 \begin{frame}[t] |
473 \frametitle{\begin{tabular}{@ {}c@ {}}Ex: Security Seals\end{tabular}} |
477 \frametitle{\begin{tabular}{@ {}c@ {}}Example: Security Seals\end{tabular}} |
474 |
478 |
475 \begin{itemize} |
479 \begin{itemize} |
476 \item<1->What assets are you trying to protect?\\ |
480 \item<1->What assets are you trying to protect?\\ |
477 \only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}Voting machines, doors.\end{tabular}} |
481 \only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}Voting machines, doors.\end{tabular}} |
478 \item<2->What are the risks to these assets?\\ |
482 \item<2->What are the risks to these assets?\\ |
509 \item<3->How well does the security solution mitigate those risks?\\ |
513 \item<3->How well does the security solution mitigate those risks?\\ |
510 \only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright |
514 \only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright |
511 Not really. The source code can be reverse engineered, stolen\ldots{}\end{tabular}} |
515 Not really. The source code can be reverse engineered, stolen\ldots{}\end{tabular}} |
512 \item<4->What other risks does the security solution cause? |
516 \item<4->What other risks does the security solution cause? |
513 \only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright You prevent |
517 \only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright You prevent |
514 scrutiny and independent advice. You also more likely than not, |
518 scrutiny and independent advice. You also more likely than not |
515 get it wrong.\end{tabular}} |
519 get it wrong.\end{tabular}} |
516 \item<5>[]{\bf\large No!} |
520 \item<5>[]{\bf\large No!} |
517 \end{itemize} |
521 \end{itemize} |
518 |
522 |
519 |
523 |
687 \begin{frame}[t] |
690 \begin{frame}[t] |
688 \frametitle{\begin{tabular}{@ {}c@ {}}E-Voting\end{tabular}} |
691 \frametitle{\begin{tabular}{@ {}c@ {}}E-Voting\end{tabular}} |
689 |
692 |
690 |
693 |
691 \begin{itemize} |
694 \begin{itemize} |
692 \item The Netherlands, between 1997 - 2006 had electronic voting machines\\ |
695 \item The Netherlands between 1997 - 2006 had electronic voting machines\\ |
693 \textcolor{gray}{(it has been found that they could be hacked and emitted radio signals)} |
696 \textcolor{gray}{(hacktivists had found that they could be hacked and emitted radio signals revealing how you voted)} |
694 |
697 |
695 \item Germany, had been used in pilot studies\\ |
698 \item Germany had used them in pilot studies\\ |
696 \textcolor{gray}{(in 2007 a law suit has reached the highest court and it rejected electronic voting |
699 \textcolor{gray}{(in 2007 a law suit has reached the highest court and it rejected electronic voting |
697 on the grounds of not being understandable by the general public)} |
700 on the grounds of not being understandable by the general public)} |
698 |
701 |
699 \item UK, used optical scan voting systems in a few polls |
702 \item UK used optical scan voting systems in a few polls |
700 \end{itemize} |
703 \end{itemize} |
701 \end{frame}} |
704 \end{frame}} |
702 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
705 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
703 |
706 |
704 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
707 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
706 \begin{frame}[t] |
709 \begin{frame}[t] |
707 \frametitle{\begin{tabular}{@ {}c@ {}}E-Voting\end{tabular}} |
710 \frametitle{\begin{tabular}{@ {}c@ {}}E-Voting\end{tabular}} |
708 |
711 |
709 \mbox{}\\[-12mm] |
712 \mbox{}\\[-12mm] |
710 \begin{itemize} |
713 \begin{itemize} |
711 \item US, used mechanical machines since the 50s, later punch cards, DREs and |
714 \item US used mechanical machines since the 50s, later punch cards, now DREs and |
712 optical scan voting machines \textcolor{gray}{(fantastic ``ecosystem'' for research)} |
715 optical scan voting machines \textcolor{gray}{(fantastic ``ecosystem'' for study)} |
713 |
716 |
714 \item Estonia used in 2007 the world's first Internet vote in national elections (there are earlier pilot studies) |
717 \item Estonia used in 2007 the world's first Internet vote in national elections (there are earlier pilot studies) |
715 |
718 |
716 \item India, the biggest democracy uses e-voting devices since at least 2003\\ |
719 \item India uses e-voting devices since at least 2003\\ |
717 \textcolor{gray}{(keep-it-simple machines produced by a government owned company)} |
720 \textcolor{gray}{(``keep-it-simple'' machines produced by a government owned company)} |
718 |
721 |
719 \item South Africa used software for its tallying in the 1993 elections (Nelson Mandela) |
722 \item South Africa used software for its tallying in the 1993 elections (when Nelson Mandela was elected) |
720 \textcolor{gray}{(they found the software was rigged, but they were able to manually tally)} |
723 \textcolor{gray}{(they found the tallying software was rigged, but they were able to tally manually)} |
721 \end{itemize} |
724 \end{itemize} |
722 \end{frame}} |
725 \end{frame}} |
723 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
726 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
724 |
727 |
725 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
728 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
732 \item Athenians |
735 \item Athenians |
733 \begin{itemize} |
736 \begin{itemize} |
734 \item show of hands |
737 \item show of hands |
735 \item ballots on pieces of pottery |
738 \item ballots on pieces of pottery |
736 \item different colours of stones |
739 \item different colours of stones |
737 \item ``facebook''-like autorisation |
740 \item ``facebook''-like authorisation |
738 \end{itemize}\bigskip |
741 \end{itemize}\bigskip |
|
742 |
|
743 \textcolor{gray}{problems with vote buying / no ballot privacy}\bigskip |
|
744 |
739 |
745 |
740 \item French Revolution and the US Constitution got things ``started'' with |
746 \item French Revolution and the US Constitution got things ``started'' with |
741 paper ballots (you first had to bring your own, or later were pre-printed by the parties) |
747 paper ballots (you first had to bring your own, or later were pre-printed by the parties) |
742 \end{itemize} |
748 \end{itemize} |
|
749 \end{frame}} |
|
750 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
751 |
|
752 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
753 \mode<presentation>{ |
|
754 \begin{frame}[t] |
|
755 \frametitle{\begin{tabular}{@ {}c@ {}}Ballot Boxes\end{tabular}} |
|
756 |
|
757 Security policies involved with paper ballots: |
|
758 |
|
759 \begin{enumerate} |
|
760 \item you need to check that the ballot box is empty at the start of the poll / no false bottom (ballot stuffing) |
|
761 \item you need guard the ballot box during the poll |
|
762 \item tallied by a team at the end of the poll (you can have observers) |
|
763 \end{enumerate} |
|
764 |
|
765 \begin{center} |
|
766 \includegraphics[scale=1.5]{pics/ballotbox.jpg} |
|
767 \end{center} |
|
768 |
|
769 |
743 \end{frame}} |
770 \end{frame}} |
744 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
771 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
745 |
772 |
746 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
773 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
747 \mode<presentation>{ |
774 \mode<presentation>{ |
812 \includegraphics[scale=0.40]{pics/dre2.jpg}\\\hline\\ |
841 \includegraphics[scale=0.40]{pics/dre2.jpg}\\\hline\\ |
813 \includegraphics[scale=0.5]{pics/opticalscan.jpg} |
842 \includegraphics[scale=0.5]{pics/opticalscan.jpg} |
814 \end{tabular} |
843 \end{tabular} |
815 \end{center} |
844 \end{center} |
816 |
845 |
|
846 \only<1->{ |
|
847 \begin{textblock}{5.5}(1,4) |
|
848 DREs |
|
849 \end{textblock}} |
|
850 \only<1->{ |
|
851 \begin{textblock}{5.5}(1,11) |
|
852 Optical Scan |
|
853 \end{textblock}} |
|
854 |
|
855 \only<2>{ |
|
856 \begin{textblock}{5.5}(0.5,14.5) |
|
857 all are computers |
|
858 \end{textblock}} |
|
859 |
|
860 \end{frame}} |
|
861 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
862 |
|
863 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
864 \mode<presentation>{ |
|
865 \begin{frame}[c] |
|
866 \frametitle{\begin{tabular}{@ {}c@ {}}DREs\end{tabular}} |
|
867 |
|
868 Direct-recording electronic voting machines\\ |
|
869 (votes are recorded for example memory cards) |
|
870 |
|
871 typically touchscreen machines |
|
872 |
|
873 usually no papertrail (hard to add: ballot secrecy) |
|
874 |
|
875 \begin{center} |
|
876 \includegraphics[scale=0.56]{pics/dre1.jpg} |
|
877 \end{center} |
|
878 |
|
879 |
|
880 \end{frame}} |
|
881 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
882 |
|
883 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
884 \mode<presentation>{ |
|
885 \begin{frame}[c] |
|
886 \frametitle{\begin{tabular}{@ {}c@ {}}Diebold Machines\end{tabular}} |
|
887 |
|
888 The work by J.~Alex Halderman: |
|
889 |
|
890 \begin{itemize} |
|
891 \item acquired a machine from an anonymous source\medskip |
|
892 \item the source code running the machine was tried to keep secret\medskip\pause |
|
893 |
|
894 \item first reversed-engineered the machine (extremely tedious) |
|
895 \item could completely reboot the machine and even install a virus that infects other Diebold machines |
|
896 \item obtained also the source code for other machines |
|
897 \end{itemize} |
|
898 |
|
899 |
|
900 \end{frame}} |
|
901 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
902 |
|
903 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
904 \mode<presentation>{ |
|
905 \begin{frame}[c] |
|
906 \frametitle{\begin{tabular}{@ {}c@ {}}Diebold Machines\end{tabular}} |
|
907 |
|
908 The work by J.~Alex Halderman: |
|
909 |
|
910 \begin{itemize} |
|
911 \item acquired a machine from an anonymous source\medskip |
|
912 \item the source code running the machine was tried to keep secret\medskip\pause |
|
913 |
|
914 \item first reversed-engineered the machine (extremely tedious) |
|
915 \item could completely reboot the machine and even install a virus that infects other Diebold machines |
|
916 \item obtained also the source code for other machines |
|
917 \end{itemize} |
|
918 |
|
919 |
817 \end{frame}} |
920 \end{frame}} |
818 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
921 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
819 |
922 |
820 |
923 |
821 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
924 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |