Mercurial Mercurial > hg > sen-material / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
slides/slides04.tex
changeset 481 a7a7d6b0150b
parent 415 56bc53ba7c5b
child 483 337a8f5cb1ad
equal deleted inserted replaced
480:ab31912a3b65 481:a7a7d6b0150b 
    43 \includegraphics[scale=0.34]{../pics/trainwreck.jpg}\\
 
    43 \includegraphics[scale=0.34]{../pics/trainwreck.jpg}\\
 
    44 last week: buffer overflow attacks
 
    44 last week: buffer overflow attacks
 
    45 \end{center}
 
    45 \end{center}
 
    46 
    46 
    47 \begin{itemize}
 
    47 \begin{itemize}
 
    48 \item no ``cheating'' needed for format string attacks
 
    48 %\item no ``cheating'' needed for format string attacks
 
    49 \item the main point: no cheating to start with 
    49 \item required some cheating on modern OS
 
       
    50 \item the main point: no cheating in practice\pause
 
       
    51 \item one class of attacks not mentioned last week
 
    50 \end{itemize} 
    52 \end{itemize} 
    51 
    53 
    52 \end{frame}
 
    54 \end{frame}
 
    53 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
    55 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
    54 
    56 
    55 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
    57 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
    56 \begin{frame}[c]
 
    58 \begin{frame}[c]
 
       
    59 \frametitle{Format String Vulnerability}
 
       
    60 
       
    61 \small
 
       
    62 \texttt{string} is nowhere used:\bigskip
 
       
    63 
       
    64 {\footnotesize\lstinputlisting[language=C]{../progs/C4.c}}\bigskip
 
       
    65 
       
    66 this vulnerability can be used to read out the stack and even
 
       
    67 modify it
 
       
    68   
       
    69 \end{frame}
 
       
    70 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
       
    71 
       
    72 
       
    73 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
       
    74 \begin{frame}[c]
 
    57 \frametitle{Case-In-Point: Android}
 
    75 \frametitle{Case-In-Point: Android}
 
    58 
    76 
    59 \begin{itemize}
 
    77 \begin{itemize}
 
    60 \item a list of common Android vulnerabilities
 
    78 \item a list of common Android vulnerabilities
 
    61 (5 BOAs out of 35 vulnerabilities; all from 2013 and later)
 
    79 (5 BOAs out of 35 vulnerabilities; all from 2013 and later):
 
    62 
    80 
    63 \begin{center}
 
    81 \begin{center}
 
    64 \url{http://androidvulnerabilities.org/}
 
    82 \url{http://androidvulnerabilities.org/}
 
    65 \end{center}\bigskip
 
    83 \end{center}\bigskip
 
    66 
    84 
    67 \item a paper that attempts measures security of Android phones
 
    85 \item a paper that attempts to measure the security of Android phones:
 
    68 
    86 
    69 \begin{quote}\small\rm ``We find that on average 87.7\% of Android
 
    87 \begin{quote}\small\it ``We find that on average 87.7\% of Android
 
    70 devices are exposed to at least one of 11 known critical
 
    88 devices are exposed to at least one of 11 known critical
 
    71 vulnerabilities\ldots''
 
    89 vulnerabilities\ldots''
 
    72 \end{quote} 
    90 \end{quote} 
    73  
    91  
    74 \begin{center}\small
 
    92 \begin{center}\small
 
    80 \end{frame}
 
    98 \end{frame}
 
    81 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
    99 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
    82 
   100 
    83 
   101 
    84 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
   102 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
    85 \begin{frame}[c]
 
   103 %\begin{frame}[c]
 
    86 
   104 %
 
    87 A student asked:
 
   105 %A student asked:
 
    88 
   106 %
 
    89 \begin{bubble}[10cm]\small How do we implement BOAs? On a
 
   107 %\begin{bubble}[10cm]\small How do we implement BOAs? On a
 
    90 webpage login, for example Facebook, we can't do this. 
   108 %webpage login, for example Facebook, we can't do this. 
    91 I am sure the script will stop us even before we reach the 
   109 %I am sure the script will stop us even before we reach the 
    92 server. The
 
   110 %server. The
 
    93 script will not let us enter hexadecimal numbers where email
 
   111 %script will not let us enter hexadecimal numbers where email
 
    94 or username is required and plus it will have a max length,
 
   112 %or username is required and plus it will have a max length,
 
    95 like 32 characters only. In this case, what can we do, since
 
   113 %like 32 characters only. In this case, what can we do, since
 
    96 the method you showed us wouldn't work?
 
   114 %the method you showed us wouldn't work?
 
    97 \end{bubble}\bigskip\bigskip\pause
 
   115 %\end{bubble}\bigskip\bigskip\pause
 
    98 
   116 
    99 \begin{itemize}
 
   117 %\begin{itemize}
 
   100 \item Facebook no
 
   118 %\item Facebook no
 
   101 \item printers, routers, cars, IoT etc likely\pause
 
   119 %\item printers, routers, cars, IoT etc likely\pause
 
   102 \item I do not want to teach you hacking, rather defending
 
   120 %\item I do not want to teach you hacking, rather defending
 
   103 \end{itemize}
 
   121 %\end{itemize}
 
   104 
   122 %
 
   105 
   123 %\end{frame}
 
   106 
       
   107 \end{frame}
 
       
   108 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
   124 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
   109 
   125 
   110 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
   126 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
   111 \begin{frame}[c]
 
   127 \begin{frame}[c]
 
   112 \frametitle{Survey}
 
   128 \frametitle{Survey}
 
   113   
   129   
   114 \end{frame}
 
   130 \end{frame}
 
   115 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
   131 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
   116 
   132 
   117 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
   133 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
   118 \begin{frame}[c]
 
   134 %\begin{frame}[c]
 
   119 
   135 %
 
   120 \begin{center}
 
   136 %\begin{center}
 
   121 \includegraphics[scale=0.45]{../pics/trainwreck.jpg}\\
 
   137 %\includegraphics[scale=0.45]{../pics/trainwreck.jpg}\\
 
   122 last week: buffer overflow attacks
 
   138 %last week: buffer overflow attacks
 
   123 \end{center}
 
   139 %\end{center}
 
   124   
   140 %  
   125 \end{frame}
 
   141 %\end{frame}
 
   126 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
   142 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
   127 
   143 
   128 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
   144 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
   129 \begin{frame}[c]
 
   145 \begin{frame}[c]
 
   130 \frametitle{\begin{tabular}{c}Two General Counter\\[-1mm] 
   146 \frametitle{\begin{tabular}{c}\LARGE Two General Counter\\[-1mm] 
   131             Measures against BOAs etc\end{tabular}}
 
   147             \LARGE Measures against BOAs etc\end{tabular}}
 
   132 
   148 
   133 Both try to reduce the attack surface:\bigskip
 
   149 Both try to reduce the attack surface (trusted computing base):\bigskip
 
   134 
   150 
   135 \begin{itemize}
 
   151 \begin{itemize}
 
   136 \item \alert{\bf unikernels} -- the idea is to not have
 
   152 \item \alert{\bf unikernels} -- the idea is to not have
 
   137 an operating system at all
 
   153 an operating system at all
 
   138 \item all functionality of the server is implemented in a
 
   154 \item all functionality of the server is implemented in a
 
   344 \only<4->{
 
   360 \only<4->{
 
   345 \begin{textblock}{1}(3,7)
 
   361 \begin{textblock}{1}(3,7)
 
   346 \begin{tikzpicture}
 
   362 \begin{tikzpicture}
 
   347 \draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 
   363 \draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 
   348 {\begin{minipage}{8cm}
 
   364 {\begin{minipage}{8cm}
 
   349 Only failure makes us experts.
 
   365 Only failure makes us experts.\\
 
   350 	-- Theo de Raadt (OpenBSD, OpenSSH)
 
   366 \hfill\small-- Theo de Raadt (OpenBSD, OpenSSH)
 
   351 \end{minipage}};
 
   367 \end{minipage}};
 
   352 \end{tikzpicture}
 
   368 \end{tikzpicture}
 
   353 \end{textblock}}
 
   369 \end{textblock}}
 
   354 
   370 
   355 \end{frame}
 
   371 \end{frame}
 
   829 
   845 
   830   \includegraphics[scale=0.4]{../pics/oysterc.jpg}
 
   846   \includegraphics[scale=0.4]{../pics/oysterc.jpg}
 
   831 
   847 
   832   \begin{itemize}
 
   848   \begin{itemize}
 
   833   \item good example of a bad protocol\\ (security by obscurity)\bigskip
 
   849   \item good example of a bad protocol\\ (security by obscurity)\bigskip
 
   834   \item<3->  ``Breaching security on Oyster cards should not 
   850   \item<3->  {\it``Breaching security on Oyster cards should not 
   835   allow unauthorised use for more than a day, as TfL promises to turn 
   851   allow unauthorised use for more than a day, as TfL promises to turn 
   836   off any cloned cards within 24 hours\ldots''
 
   852   off any cloned cards within 24 hours\ldots''}
 
   837   \end{itemize}
 
   853   \end{itemize}
 
   838 
   854 
   839   \only<2>{
 
   855   \only<2>{
 
   840   \begin{textblock}{12}(0.5,0.5)
 
   856   \begin{textblock}{12}(0.5,0.5)
 
   841   \begin{bubble}[11cm]\footnotesize
 
   857   \begin{bubble}[11cm]\footnotesize
sen-material