sen-material: comparison slides04.tex

equal deleted inserted replaced

-:11681bbf0e01
+:b44341c0a7bb
+\documentclass[dvipsnames,14pt,t]{beamer}
+\usepackage{beamerthemeplainculight}
+\usepackage[T1]{fontenc}
+\usepackage[latin1]{inputenc}
+\usepackage{mathpartir}
+\usepackage[absolute,overlay]{textpos}
+\usepackage{ifthen}
+\usepackage{tikz}
+\usepackage{pgf}
+\usepackage{calc}
+\usepackage{ulem}
+\usepackage{courier}
+\usepackage{listings}
+\renewcommand{\uline}[1]{#1}
+\usetikzlibrary{arrows}
+\usetikzlibrary{automata}
+\usetikzlibrary{shapes}
+\usetikzlibrary{shadows}
+\usetikzlibrary{positioning}
+\usetikzlibrary{calc}
+\usepackage{graphicx}
+\definecolor{javared}{rgb}{0.6,0,0} % for strings
+\definecolor{javagreen}{rgb}{0.25,0.5,0.35} % comments
+\definecolor{javapurple}{rgb}{0.5,0,0.35} % keywords
+\definecolor{javadocblue}{rgb}{0.25,0.35,0.75} % javadoc
+\lstset{language=Java,
+	basicstyle=\ttfamily,
+	keywordstyle=\color{javapurple}\bfseries,
+	stringstyle=\color{javagreen},
+	commentstyle=\color{javagreen},
+	morecomment=[s][\color{javadocblue}]{/**}{*/},
+	numbers=left,
+	numberstyle=\tiny\color{black},
+	stepnumber=1,
+	numbersep=10pt,
+	tabsize=2,
+	showspaces=false,
+	showstringspaces=false}
+\lstdefinelanguage{scala}{
+morekeywords={abstract,case,catch,class,def,%
+do,else,extends,false,final,finally,%
+for,if,implicit,import,match,mixin,%
+new,null,object,override,package,%
+private,protected,requires,return,sealed,%
+super,this,throw,trait,true,try,%
+type,val,var,while,with,yield},
+otherkeywords={=>,<-,<\%,<:,>:,\#,@},
+sensitive=true,
+morecomment=[l]{//},
+morecomment=[n]{/*}{*/},
+morestring=[b]",
+morestring=[b]',
+morestring=[b]"""
+}
+\lstset{language=Scala,
+	basicstyle=\ttfamily,
+	keywordstyle=\color{javapurple}\bfseries,
+	stringstyle=\color{javagreen},
+	commentstyle=\color{javagreen},
+	morecomment=[s][\color{javadocblue}]{/**}{*/},
+	numbers=left,
+	numberstyle=\tiny\color{black},
+	stepnumber=1,
+	numbersep=10pt,
+	tabsize=2,
+	showspaces=false,
+	showstringspaces=false}
+% beamer stuff
+\renewcommand{\slidecaption}{APP 04, King's College London, 16 October 2012}
+\begin{document}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}<1>[t]
+\frametitle{%
+\begin{tabular}{@ {}c@ {}}
+\\
+\LARGE Access Control and \\[-3mm]
+\LARGE Privacy Policies (4)\\[-6mm]
+\end{tabular}}\bigskip\bigskip\bigskip
+%\begin{center}
+%\includegraphics[scale=1.3]{pics/barrier.jpg}
+%\end{center}
+\normalsize
+\begin{center}
+\begin{tabular}{ll}
+Email:  & christian.urban at kcl.ac.uk\\
+Of$\!$fice: & S1.27 (1st floor Strand Building)\\
+Slides: & KEATS (also homework is there)\\
+\end{tabular}
+\end{center}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{Unix-Style Access Control}
+\begin{itemize}
+\item Q: ``I am using Windows. Why should I care?'' \\ A: In Windows you have:
+\begin{center}
+\begin{tabular}{l}
+administrators group\\
+\hspace{5mm}(has complete control over the machine)\\
+authenticated users\\
+server operators\\
+power users\\
+network configuration operators\\
+\end{tabular}
+\end{center}\medskip
+\item Modern versions of Windows have more fine-grained AC; they do not have a setuid bit, but
+have \texttt{runas} (asks for a password).\pause
+\item OS provided access control can \alert{add} to your
+security.
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\begin{tabular}{c}Network Applications:\\[-1mm] Privilege Separation\end{tabular}}
+\begin{center}
+\begin{tikzpicture}[scale=1]
+\draw[line width=1mm] (-.3, 0) rectangle (1.5,2);
+\draw (4.7,1) node {Internet};
+\draw (0.6,1.7) node {\footnotesize Interface};
+\draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}};
+\draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}};
+\draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2);
+\draw[white] (1.7,1) node (X) {};
+\draw[white] (3.7,1) node (Y) {};
+\draw[red, <->, line width = 2mm] (X) -- (Y);
+\draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1);
+\end{tikzpicture}
+\end{center}
+\begin{itemize}
+\item the idea is make the attack surface smaller and
+mitigate the consequences of an attack
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{Shared Access Control}
+\begin{center}
+\includegraphics[scale=0.7]{pics/pointsplane.jpg}
+\end{center}
+\begin{textblock}{11}(10.5,10.5)
+\small
+To take an action you\\[-1mm]
+need either:
+\begin{itemize}
+\item 1 CEO\\[-5mm]
+\item 2 MDs\\[-5mm]
+\item 3 Ds
+\end{itemize}
+\end{textblock}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{Lessons from Access Control}
+\begin{itemize}
+\item if you have too many roles (i.e.~too finegrained AC), then
+	hierarchy is too complex\\
+	\textcolor{gray}{you invite situations like\ldots let's be root}\bigskip
+\item you can still abuse the system\ldots
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\begin{tabular}{@ {}c@ {}}A ``Cron''-Attack\end{tabular}}
+The idea is to trick a privileged person to do something on your behalf:
+\begin{itemize}
+\item root:\\\texttt{rm /tmp/*/*}\bigskip\bigskip\pause
+\footnotesize
+\begin{minipage}{1.1\textwidth}
+\textcolor{gray}{the shell behind the scenes:}\\
+\textcolor{gray}{\texttt{rm /tmp/dir$_1$/file$_1$ /tmp/dir$_1$/file$_2$ /tmp/dir$_2$/file$_1$ \ldots}}\bigskip\\
+\textcolor{gray}{this takes time}
+\end{minipage}
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\begin{tabular}{@ {}c@ {}}A ``Cron''-Attack\end{tabular}}
+\begin{enumerate}
+\item attacker \textcolor{gray}{(creates a fake passwd file)}\\
+\texttt{mkdir /tmp/a; cat > /tmp/a/passwd}\medskip
+\item root \textcolor{gray}{(does the daily cleaning)}\\
+\texttt{rm /tmp/*/*}\medskip\\
+\hspace{2cm}\textcolor{gray}{\small records that \texttt{/tmp/a/passwd}}\\
+\hspace{2cm}\textcolor{gray}{\small should be deleted, but does not do it yet}\medskip\\
+\item attacker \textcolor{gray}{(meanwhile deletes the fake passwd file, and establishes a link to
+the real passwd file)}\\
+\texttt{rm /tmp/a/passwd; rmdir /tmp/a;}\\\texttt{ln -s /etc /tmp/a}\\
+\item root now deletes  the real passwd file
+\end{enumerate}
+\only<2>{
+\begin{textblock}{11}(2,5)
+\begin{tikzpicture}
+\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
+{\normalsize\color{darkgray}
+\begin{minipage}{9cm}\raggedright
+To prevent this kind of attack, you need additional
+policies.
+\end{minipage}};
+\end{tikzpicture}
+\end{textblock}}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\begin{tabular}{@ {}c@ {}}Schneier Analysis\end{tabular}}
+\begin{itemize}
+\item What assets are you trying to protect?
+\item What are the risks to these assets?
+\item How well does the security solution mitigate those risks?
+\item What other risks does the security solution cause?
+\item What costs and trade-offs does the security solution impose?
+\end{itemize}
+\textcolor{gray}{There is no absolutely secure system and security almost never comes for free.}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}Example: Credit Cards\end{tabular}}
+You might have the policy of not typing in your credit card online. Worthwhile or not?
+\begin{itemize}
+\item<2->What assets are you trying to protect?\\
+\only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}your credit card number\end{tabular}}
+\item<3->What are the risks to these assets?\\
+\only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
+With credit cards you loose a fixed amount \pounds{50}. Amazon \pounds{50}. \end{tabular}}
+\item<4->How well does the security solution mitigate those risks?\\
+\only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
+Well, hackers steal credit cards from databases. They usually do not attack you individually.\end{tabular}}
+\item<5->What other risks does the security solution cause?
+\only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright None (?)\end{tabular}}
+\item<6->What costs and trade-offs does the security solution impose?
+\only<6>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright Internet shopping is convenient and sometimes cheaper.\end{tabular}}
+\item<7>[]{\bf\large No!}
+\end{itemize}\pause\pause
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\begin{tabular}{@ {}c@ {}}Example: Firewall\end{tabular}}
+\begin{center}
+\includegraphics[scale=0.5]{pics/firewall.png}
+\end{center}
+A firewall is a piece of software that controls incoming and outgoing traffic according to some rules.
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}Example: Firewall\end{tabular}}
+\begin{itemize}
+\item<1->What assets are you trying to protect?\\
+\only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}Whatever is behind the firewall
+(credit cards, passwords, blueprints, \ldots)\end{tabular}}
+\item<2->What are the risks to these assets?\\
+\only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
+With a small online shop you are already at risk. Pentagon, definitely.\end{tabular}}
+\item<3->How well does the security solution mitigate those risks?\\
+\only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
+Well, at home so not much. Everywhere else, if properly configurated then it does.\end{tabular}}
+\item<4->What other risks does the security solution cause?
+\only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright There might be backdoors or bugs in the firewall,
+but generally they are secure. You choose to prevent certain traffic.\end{tabular}}
+\item<5->What costs and trade-offs does the security solution impose?
+\only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
+Minimal to modest. Firewalls are part of free software. You need a knowledgeable
+person to set them up.\end{tabular}}
+\item<7>[]{\bf\large Yes!}
+\end{itemize}\pause\pause
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}Ex: Two-Factor Authentication\end{tabular}}
+Google uses nowadays two-factor authentication. But it is an old(er)
+idea. It is used for example in Germany and Netherlands for online transactions.
+\begin{center}
+\includegraphics[scale=0.6]{pics/tan1.jpg}\hspace{5mm}
+\includegraphics[scale=0.2]{pics/tan2.jpg}
+\end{center}
+\pause
+Or nowadays by SMS (restricts the validity of the numbers) or with a secure generator
+\begin{center}
+\includegraphics[scale=0.08]{pics/pinsentry.jpg}
+\end{center}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}Ex: Two-Factor Authentication\end{tabular}}
+\begin{itemize}
+\item<1->What assets are you trying to protect?\\
+\only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}Your bank account.\end{tabular}}
+\item<2->What are the risks to these assets?\\
+\only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
+Nowadays pretty high risk.\end{tabular}}
+\item<3->How well does the security solution mitigate those risks?\\
+\only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
+It prevents problems when passwords are stolen. Man-in-the-middle attacks
+still possible.\end{tabular}}
+\item<4->What other risks does the security solution cause?
+\only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright Your mobile phone or creditcard/pin might
+be stolen. SIM card become valuable.\end{tabular}}
+\item<5->What costs and trade-offs does the security solution impose?
+\only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
+Banks need to establish an infrastructure. For you it might be inconvenient.\end{tabular}}
+\item<7>[]{\bf\large Yes!}
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}Security Seals\end{tabular}}
+According to Ross Anderson: ``\ldots is a tamper-indicating device
+designed to leave non-erasable, unambiguous evidence of unauthorized
+entry or tampering.''
+\begin{center}
+\includegraphics[scale=0.45]{pics/seal.jpg}
+\end{center}\mbox{}\\[-12mm]
+They also need some quite sophisticated policies (seal regiment).
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}Security Seals (2)\end{tabular}}
+\begin{itemize}
+\item at the Argonne National Laboratory they tested 244 different security seals (including 19\%
+that were used for safeguard of nuclear material)
+\begin{itemize}
+\item mean time to break the seals for a trained person: 100 s
+\end{itemize}\bigskip
+\item Andrew Appel defeated all security seals which were supposed to keep
+voting machines safe.
+\end{itemize}
+\only<2>{
+\begin{textblock}{11}(1,1)
+\begin{tikzpicture}
+\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
+{\normalsize
+\begin{minipage}{11cm}\raggedright\small
+\begin{center}
+\includegraphics[scale=0.25]{pics/appelseals.jpg}
+\end{center}
+\begin{center}
+\begin{minipage}{10.5cm}
+\begin{itemize}
+\item The tamper-indicating tape can be lifted using a heat gun.
+\item The security screw cap can be removed using a screwdriver, then the
+serial-numbered top can be replaced (undamaged) onto a fresh (unnumbered) base.
+\item The wire seal can be defeated using a \#4 wood screw.
+\item The plastic strap seal can be picked using a jeweler's screwdriver.
+\end{itemize}
+\end{minipage}
+\end{center}
+\end{minipage}};
+\end{tikzpicture}
+\end{textblock}}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}Ex: Security Seals\end{tabular}}
+\begin{itemize}
+\item<1->What assets are you trying to protect?\\
+\only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}Voting machines, doors.\end{tabular}}
+\item<2->What are the risks to these assets?\\
+\only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright Casual thiefs, insider attacks.\end{tabular}}
+\item<3->How well does the security solution mitigate those risks?\\
+\only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
+Needs a quite complicated security regiment.\end{tabular}}
+\item<4->What other risks does the security solution cause?
+\only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright You might not notice tampering.\end{tabular}}
+\item<5->What costs and trade-offs does the security solution impose?
+\only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
+The ``hardware'' is cheap, but indirect costs can be quite high.\end{tabular}}
+\item<7>[]{\bf\large No!} {\textcolor{gray}{Though in some areas they work: airport.}}
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\end{document}
+%%% Local Variables:
+%%% mode: latex
+%%% TeX-master: t
+%%% End:

changeset 41	b44341c0a7bb
child 43	de3e32e10628