226 \end{minipage} |
223 \end{minipage} |
227 \end{center} |
224 \end{center} |
228 \end{bubble} |
225 \end{bubble} |
229 \end{textblock}} |
226 \end{textblock}} |
230 |
227 |
231 \end{frame}} |
228 \end{frame} |
232 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
229 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
233 |
230 |
234 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
231 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
235 \begin{frame}[t] |
232 \begin{frame}[t] |
236 \frametitle{\begin{tabular}{@ {}c@ {}}Problems with Voting\end{tabular}} |
233 \frametitle{Problems with Voting} |
237 |
|
238 |
234 |
239 \begin{center}\large |
235 \begin{center}\large |
240 \begin{tabular}{rcl} |
236 \begin{tabular}{rcl} |
241 Integrity & vs. & Ballot Secrecy\bigskip\\ |
237 Integrity & vs. & Ballot Secrecy\bigskip\\ |
242 Authentication & vs. &Enfranchisement |
238 Authentication & vs. &Enfranchisement |
407 |
400 |
408 |
401 |
409 \item French Revolution and the US Constitution got things ``started'' with |
402 \item French Revolution and the US Constitution got things ``started'' with |
410 paper ballots (you first had to bring your own; later they were pre-printed by parties) |
403 paper ballots (you first had to bring your own; later they were pre-printed by parties) |
411 \end{itemize} |
404 \end{itemize} |
412 \end{frame}} |
405 \end{frame} |
413 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
406 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
414 |
407 |
415 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
408 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
416 \mode<presentation>{ |
409 \mode<presentation>{ |
417 \begin{frame}[t] |
410 \begin{frame}[t] |
584 What could go wrong?\pause \;\;Failure-in-depth.\bigskip\pause |
577 What could go wrong?\pause \;\;Failure-in-depth.\bigskip\pause |
585 |
578 |
586 A non-obvious problem: |
579 A non-obvious problem: |
587 |
580 |
588 \begin{itemize} |
581 \begin{itemize} |
589 \item you can nowadays get old machines, which still store old polls |
582 \item you can nowadays get old machines, which still store old polls\medskip |
590 |
583 |
591 \item the paper ballot box needed to be secured during the voting until counting; |
584 \item the paper ballot box needed to be secured during the voting until counting; |
592 e-voting machines need to be secured during the entire life-time |
585 e-voting machines need to be secured during the entire life-time |
593 \end{itemize} |
586 \end{itemize} |
594 |
587 |
642 \item keep a paper trail and design your system to keep this secure\medskip |
635 \item keep a paper trail and design your system to keep this secure\medskip |
643 \item make the software open source (avoid security-by-obscurity)\medskip |
636 \item make the software open source (avoid security-by-obscurity)\medskip |
644 \item have a simple design in order to minimise the attack surface |
637 \item have a simple design in order to minimise the attack surface |
645 \end{itemize}\pause |
638 \end{itemize}\pause |
646 |
639 |
647 But overall in times of NSA/state sponsered cyber-crime, e-voting is too |
640 But overall, in times of NSA/state sponsored cyber-crime, e-voting is |
648 hard with current technology. |
641 too hard with current technology. |
649 |
642 |
650 \end{frame} |
643 \end{frame} |
651 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
644 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
652 |
645 |
653 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
646 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
654 \begin{frame}[c] |
647 \begin{frame}[c] |
655 \frametitle{\Large Online Banking vs.~E-Voting} |
648 \frametitle{\Large Online Banking vs.~E-Voting} |
656 |
649 |
657 \begin{itemize} |
650 \begin{itemize} |
658 \item online banking: if fraud occurred you try to identify who did |
651 \item online banking: if fraud occurs you try to identify who did |
659 what (somebody's account got zero)\bigskip |
652 what (somebody's account got zero)\bigskip |
660 \item e-voting: some parts can be done electronically, but not the |
653 \item e-voting: some parts can be done electronically, but not the |
661 actual voting |
654 actual voting |
662 \end{itemize} |
655 \end{itemize} |
663 |
656 |
671 \begin{center} |
664 \begin{center} |
672 \includegraphics[scale=0.3]{pics/clicker.png} |
665 \includegraphics[scale=0.3]{pics/clicker.png} |
673 \end{center} |
666 \end{center} |
674 |
667 |
675 \begin{itemize} |
668 \begin{itemize} |
676 \item guaranties anonymity |
669 \item can guarantee anonymity |
677 \item integrity by electronic means\bigskip |
670 \item integrity by electronic means\bigskip |
678 |
671 |
679 \item how to achieve the same in ``software''? |
672 \item how to achieve the same in ``software''? |
680 \end{itemize} |
673 \end{itemize} |
681 |
|
682 |
674 |
683 \end{frame} |
675 \end{frame} |
684 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
676 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
685 |
677 |
686 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
678 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
750 |
742 |
751 \end{frame}} |
743 \end{frame}} |
752 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
744 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
753 |
745 |
754 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
746 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
755 \mode<presentation>{ |
|
756 \begin{frame}[c] |
747 \begin{frame}[c] |
757 \frametitle{Unix-Style Access Control} |
748 \frametitle{Unix-Style Access Control} |
758 |
749 |
759 How to do access control? In Unix you have |
750 How to do control access? In Unix you have |
760 |
751 |
761 \begin{itemize} |
752 \begin{itemize} |
762 \item you have users and you have groups/roles: |
753 \item users and you have groups/roles: |
763 |
|
764 \item some special roles: root |
754 \item some special roles: root |
765 \end{itemize} |
755 \end{itemize} |
766 |
|
767 |
756 |
768 \end{frame}} |
757 \end{frame} |
769 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
758 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
770 |
759 |
771 |
760 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
772 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
773 \mode<presentation>{ |
|
774 \begin{frame}[c] |
761 \begin{frame}[c] |
775 \frametitle{Unix-Style Access Control} |
762 \frametitle{Unix-Style Access Control} |
776 |
763 \small |
777 \begin{itemize} |
764 |
778 \item Q: ``I am using Windows. Why should I care?'' \\ A: In Windows you have similar AC: |
765 \begin{itemize} |
|
766 \item |
|
767 Q: ``I am using Windows. Why should I care?'' \\ |
|
768 A: In Windows you have similar AC: |
779 |
769 |
780 \begin{center} |
770 \begin{center} |
781 \begin{tabular}{l} |
771 \begin{tabular}{l} |
782 administrators group\\ |
772 administrators group\\ |
783 \hspace{5mm}(has complete control over the machine)\\ |
773 \hspace{5mm}(has complete control over the machine)\\ |
784 authenticated users\\ |
774 authenticated users\\ |
785 server operators\\ |
775 server operators\\ |
786 power users\\ |
776 power users\\ |
787 network configuration operators\\ |
777 network configuration operators |
788 \end{tabular} |
778 \end{tabular} |
789 \end{center}\medskip |
779 \end{center}\medskip |
790 |
780 |
791 \item Modern versions of Windows have more fine-grained AC than Unix; they do not have a setuid bit, but |
781 \item Modern versions of Windows have more fine-grained AC than Unix; |
792 have \texttt{runas} (asks for a password).\pause |
782 they do not have a setuid bit, but have \texttt{runas} (asks for a |
793 |
783 password).\pause |
794 \item OS-provided access control can \alert{\bf add} to your |
784 |
795 security. |
785 \item OS-provided access control can \alert{\bf add} to your security. |
796 \end{itemize} |
786 (defence in depth) |
797 |
787 \end{itemize} |
798 |
788 |
799 \end{frame}} |
789 \end{frame} |
800 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
790 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
801 |
791 |
802 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
792 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
803 \mode<presentation>{ |
|
804 \begin{frame}[c] |
793 \begin{frame}[c] |
805 \frametitle{\begin{tabular}{c}Network Applications:\\[-1mm] Privilege Separation\end{tabular}} |
794 \frametitle{\begin{tabular}{c}Network Applications:\\[-1mm] Privilege Separation\end{tabular}} |
806 |
795 |
807 |
796 |
808 \begin{center} |
797 \begin{center} |
824 \draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1); |
813 \draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1); |
825 \end{tikzpicture} |
814 \end{tikzpicture} |
826 \end{center} |
815 \end{center} |
827 |
816 |
828 \begin{itemize} |
817 \begin{itemize} |
829 \item the idea is make the attack surface smaller and |
818 \item the idea is make the attack surface smaller and mitigate the |
830 mitigate the consequences of an attack |
819 consequences of an attack |
831 \end{itemize} |
820 \end{itemize} |
832 |
821 |
833 |
822 \end{frame} |
834 \end{frame}} |
|
835 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
823 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
836 |
824 |
837 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
825 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
838 \mode<presentation>{ |
826 \begin{frame}[c] |
839 \begin{frame}[c] |
827 \frametitle{Weaknesses of Unix AC} |
840 \frametitle{Lessons from Access Control} |
|
841 |
828 |
842 Not just restricted to Unix: |
829 Not just restricted to Unix: |
843 |
830 |
844 \begin{itemize} |
831 \begin{itemize} |
845 \item if you have too many roles (i.e.~too finegrained AC), then |
832 \item if you have too many roles (i.e.~too finegrained AC), then |
846 hierarchy is too complex\\ |
833 hierarchy is too complex\\ \textcolor{gray}{you invite situations |
847 \textcolor{gray}{you invite situations like\ldots let's be root}\bigskip |
834 like\ldots let's be root}\bigskip |
848 |
835 |
849 \item you can still abuse the system\ldots |
836 \item you can still abuse the system\ldots |
850 |
837 \end{itemize} |
851 \end{itemize} |
838 |
852 |
839 \end{frame} |
853 \end{frame}} |
840 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
854 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
841 |
855 |
842 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
856 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
843 \begin{frame}[c] |
857 \mode<presentation>{ |
844 \frametitle{A ``Cron''-Attack} |
858 \begin{frame}[c] |
845 |
859 \frametitle{\begin{tabular}{@ {}c@ {}}A ``Cron''-Attack\end{tabular}} |
846 The idea is to trick a privileged person to do something on your |
860 |
847 behalf: |
861 The idea is to trick a privileged person to do something on your behalf: |
|
862 |
848 |
863 \begin{itemize} |
849 \begin{itemize} |
864 \item root:\\\texttt{rm /tmp/*/*}\bigskip\bigskip\pause |
850 \item root:\\\texttt{rm /tmp/*/*}\bigskip\bigskip\pause |
865 |
851 |
866 \footnotesize |
852 \footnotesize |
870 |
856 |
871 \textcolor{gray}{this takes time} |
857 \textcolor{gray}{this takes time} |
872 \end{minipage} |
858 \end{minipage} |
873 \end{itemize} |
859 \end{itemize} |
874 |
860 |
875 |
861 \end{frame} |
876 \end{frame}} |
862 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
877 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
863 |
878 |
864 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
879 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
865 \begin{frame}[c] |
880 \mode<presentation>{ |
866 \frametitle{A ``Cron''-Attack} |
881 \begin{frame}[c] |
|
882 \frametitle{\begin{tabular}{@ {}c@ {}}A ``Cron''-Attack\end{tabular}} |
|
883 |
867 |
884 \begin{enumerate} |
868 \begin{enumerate} |
885 \item attacker \textcolor{gray}{(creates a fake passwd file)}\\ |
869 \item attacker \textcolor{gray}{(creates a fake passwd file)}\\ |
886 \texttt{mkdir /tmp/a; cat > /tmp/a/passwd}\medskip |
870 \texttt{mkdir /tmp/a; cat > /tmp/a/passwd}\medskip |
887 \item root \textcolor{gray}{(does the daily cleaning)}\\ |
871 \item root \textcolor{gray}{(does the daily cleaning)}\\ |
895 \item root now deletes the real passwd file |
879 \item root now deletes the real passwd file |
896 \end{enumerate} |
880 \end{enumerate} |
897 |
881 |
898 \only<2>{ |
882 \only<2>{ |
899 \begin{textblock}{11}(2,5) |
883 \begin{textblock}{11}(2,5) |
900 \begin{tikzpicture} |
884 \begin{bubble}[8cm] |
901 \draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] |
885 \normalsize To prevent this kind of attack, you need additional |
902 {\normalsize\color{darkgray} |
|
903 \begin{minipage}{9cm}\raggedright |
|
904 To prevent this kind of attack, you need additional |
|
905 policies (don't do such operations as root). |
886 policies (don't do such operations as root). |
906 \end{minipage}}; |
887 \end{bubble} |
907 \end{tikzpicture} |
|
908 \end{textblock}} |
888 \end{textblock}} |
909 |
889 |
910 \end{frame}} |
890 \end{frame} |
911 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
891 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
912 |
892 |
|
893 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
894 \begin{frame}[c] |
|
895 \frametitle{\Large Buffer Overflow Attacks} |
|
896 |
|
897 \begin{center} |
|
898 \begin{columns}[b] |
|
899 \begin{column}{.4\textwidth} |
|
900 \centering |
|
901 \includegraphics[scale=1.2]{pics/barrier.jpg}\\ |
|
902 first lecture |
|
903 \end{column} |
|
904 \begin{column}<2>{.4\textwidth} |
|
905 \centering |
|
906 \includegraphics[scale=0.32]{pics/trainwreck.jpg}\\ |
|
907 next week |
|
908 \end{column} |
|
909 \end{columns} |
|
910 \end{center} |
|
911 |
|
912 \end{frame} |
|
913 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
913 |
914 |
914 \end{document} |
915 \end{document} |
915 |
916 |
916 %%% Local Variables: |
917 %%% Local Variables: |
917 %%% mode: latex |
918 %%% mode: latex |