35 \end{frame} |
35 \end{frame} |
36 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
36 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
37 |
37 |
38 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
38 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
39 \begin{frame}[c] |
39 \begin{frame}[c] |
|
40 \frametitle{\begin{tabular}{c}Network Applications:\\[-1mm] Privilege Separation\end{tabular}} |
|
41 |
|
42 |
|
43 \begin{center} |
|
44 \begin{tikzpicture}[scale=1] |
|
45 |
|
46 \draw[line width=1mm] (-.3, 0) rectangle (1.5,2); |
|
47 \draw (4.7,1) node {Internet}; |
|
48 \draw (-2.7,1.7) node {\footnotesize Application}; |
|
49 \draw (0.6,1.7) node {\footnotesize Interface}; |
|
50 \draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}}; |
|
51 \draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}}; |
|
52 |
|
53 \draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2); |
|
54 |
|
55 \draw[white] (1.7,1) node (X) {}; |
|
56 \draw[white] (3.7,1) node (Y) {}; |
|
57 \draw[red, <->, line width = 2mm] (X) -- (Y); |
|
58 |
|
59 \draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1); |
|
60 \end{tikzpicture} |
|
61 \end{center} |
|
62 |
|
63 \begin{itemize} |
|
64 \item the idea is make the attack surface smaller and mitigate the |
|
65 consequences of an attack |
|
66 \item you need an OS that supports different roles (root vs.~users) |
|
67 \end{itemize} |
|
68 |
|
69 \end{frame} |
|
70 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
71 |
|
72 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
73 \begin{frame}[c] |
|
74 \frametitle{Weaknesses of Unix AC} |
|
75 |
|
76 Not just restricted to Unix: |
|
77 |
|
78 \begin{itemize} |
|
79 \item if you have too many roles (i.e.~too finegrained AC), then |
|
80 hierarchy is too complex\\ \textcolor{gray}{you invite situations |
|
81 like\ldots let's be root}\bigskip |
|
82 |
|
83 \item you can still abuse the system\ldots |
|
84 \end{itemize} |
|
85 |
|
86 \end{frame} |
|
87 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
88 |
|
89 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
90 \begin{frame}[c] |
40 \frametitle{A ``Cron''-Attack} |
91 \frametitle{A ``Cron''-Attack} |
41 |
92 |
42 The idea is to trick a privileged person to do something on your |
93 The idea is to trick a privileged person to do something on your |
43 behalf: |
94 behalf: |
44 |
95 |
45 \begin{itemize} |
96 \begin{itemize} |
46 \item root:\\\texttt{rm /tmp/*/*}\bigskip\bigskip\pause |
97 \item root:\\\texttt{rm /tmp/*/*}\bigskip\bigskip\pause |
47 |
98 |
48 \footnotesize |
99 \small |
49 \begin{minipage}{1.1\textwidth} |
100 \begin{minipage}{1.1\textwidth} |
50 \textcolor{gray}{the shell behind the scenes:}\\ |
101 \textcolor{gray}{the shell behind the scenes:}\\ |
51 \textcolor{gray}{\texttt{rm /tmp/dir$_1$/file$_1$ /tmp/dir$_1$/file$_2$ /tmp/dir$_2$/file$_1$ \ldots}}\bigskip\\ |
102 \textcolor{gray}{\texttt{rm /tmp/dir$_1$/file$_1$ /tmp/dir$_1$/file$_2$ /tmp/dir$_2$/file$_1$ \ldots}}\bigskip\\ |
52 |
103 |
53 \textcolor{gray}{this takes time} |
104 \textcolor{gray}{this takes time} |
436 \lstinputlisting[language=C]{../progs/C1.c} |
487 \lstinputlisting[language=C]{../progs/C1.c} |
437 |
488 |
438 \end{frame} |
489 \end{frame} |
439 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
490 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
440 |
491 |
441 |
492 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
493 \begin{frame}[c] |
|
494 \frametitle{Memory} |
|
495 |
|
496 \begin{itemize} |
|
497 \item each process will get a chunk of memory that is organised as |
|
498 follows: |
|
499 \end{itemize} |
|
500 |
|
501 \begin{center} |
|
502 \begin{tikzpicture}[scale=0.8] |
|
503 %\draw[step=1cm] (-3,-3) grid (3,3); |
|
504 \draw[line width=1mm] (-2, -3) rectangle (2,3); |
|
505 \draw[line width=1mm] (-2,1) -- (2,1); |
|
506 \draw[line width=1mm] (-2,-1) -- (2,-1); |
|
507 \draw (0,2) node {\large\tt text}; |
|
508 \draw (0,0) node {\large\tt heap}; |
|
509 \draw (0,-2) node {\large\tt stack}; |
|
510 |
|
511 \draw (-2.7,3) node[anchor=north east] {\tt\begin{tabular}{@{}l@{}}lower\\ address\end{tabular}}; |
|
512 \draw (-2.7,-3) node[anchor=south east] {\tt\begin{tabular}{@{}l@{}}higher\\ address\end{tabular}}; |
|
513 \draw[->, line width=1mm] (-2.5,3) -- (-2.5,-3); |
|
514 |
|
515 \draw (2.7,-2) node[anchor=west] {\tt grows}; |
|
516 \draw (2.7,-3) node[anchor=south west] {\tt\footnotesize older}; |
|
517 \draw (2.7,-1) node[anchor=north west] {\tt\footnotesize newer}; |
|
518 \draw[|->, line width=1mm] (2.5,-3) -- (2.5,-1); |
|
519 \end{tikzpicture} |
|
520 \end{center} |
|
521 |
|
522 \end{frame} |
|
523 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
442 |
524 |
443 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
525 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
444 \begin{frame}[c] |
526 \begin{frame}[c] |
445 \frametitle{The Problem} |
527 \frametitle{The Problem} |
446 |
528 |