Mercurial Mercurial > hg > sen-material / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
slides04.tex
changeset 49 1d37142ea1ea
parent 48 e1a5d057db96 
--- a/slides04.tex	Tue Oct 16 14:20:20 2012 +0100
+++ b/slides04.tex	Tue Oct 16 14:42:43 2012 +0100
@@ -109,7 +109,7 @@
 \frametitle{Unix-Style Access Control}
 
 \begin{itemize}
-\item Q: ``I am using Windows. Why should I care?'' \\ A: In Windows you have similar groups:
+\item Q: ``I am using Windows. Why should I care?'' \\ A: In Windows you have similar AC:
 
 \begin{center}
 \begin{tabular}{l}
@@ -125,7 +125,7 @@
 \item Modern versions of Windows have more fine-grained AC than Unix; they do not have a setuid bit, but
 have \texttt{runas} (asks for a password).\pause
 
-\item OS provided access control can \alert{add} to your
+\item OS-provided access control can \alert{\bf add} to your
 security.
 \end{itemize}
 
@@ -316,7 +316,7 @@
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Example: Firewall\end{tabular}}
+\frametitle{\begin{tabular}{@ {}c@ {}}Example: Firewalls\end{tabular}}
 
 \begin{center}
 \includegraphics[scale=0.5]{pics/firewall.png}
@@ -330,7 +330,7 @@
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[t]
-\frametitle{\begin{tabular}{@ {}c@ {}}Example: Firewall\end{tabular}}
+\frametitle{\begin{tabular}{@ {}c@ {}}Example: Firewalls\end{tabular}}
 
 \begin{itemize}
 \item<1->What assets are you trying to protect?\\
@@ -397,7 +397,7 @@
 still possible.\end{tabular}}
 \item<4->What other risks does the security solution cause?
 \only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright Your mobile phone or credit card/pin might 
-be stolen. SIM card become valuable.\end{tabular}}
+be stolen. SIM card becomes more valuable.\end{tabular}}
 \item<5->What costs and trade-offs does the security solution impose?
 \only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright 
 Banks need to establish an infrastructure. For you it might be inconvenient.\end{tabular}}
@@ -489,7 +489,7 @@
 \item<5->What costs and trade-offs does the security solution impose?
 \only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright 
 The ``hardware'' is cheap, but indirect costs can be quite high.\end{tabular}}
-\item<7>[]{\bf\large No!} {\textcolor{gray}{Though in some areas they work: airport, swimming pool}}
+\item<7>[]{\bf\large No!} {\textcolor{gray}{Though in some areas they work: airports, swimming pools, \ldots}}
 \end{itemize}
 
 
@@ -499,23 +499,23 @@
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[t]
-\frametitle{\begin{tabular}{@ {}c@ {}}Ex: Security by Obscurity\end{tabular}}
+\frametitle{\begin{tabular}{@ {}c@ {}}Ex: Security-by-Obscurity\end{tabular}}
 
 You might think it is a good idea to keep a security relevant algorithm or 
 software secret.
 
 \begin{itemize}
 \item<1->What assets are you trying to protect?\\
-\only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}source code, an algorithm\end{tabular}}
+\only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}Source code, an algorithm and things that depend on it\end{tabular}}
 \item<2->What are the risks to these assets?\\
 \only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
 Can be pretty high (Oystercards).\end{tabular}}
 \item<3->How well does the security solution mitigate those risks?\\
 \only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
-Not really. The source code can be reverse engineered, stolen\ldots{}\end{tabular}}
+Not really. The source code can be reverse engineered, stolen, coerced \ldots{}\end{tabular}}
 \item<4->What other risks does the security solution cause?
 \only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright You prevent
-scrutiny and independent advice. You also more likely than not
+scrutiny and independent advice. You also more likely than not to
 get it wrong.\end{tabular}}
 \item<5>[]{\bf\large No!}
 \end{itemize}
@@ -549,8 +549,8 @@
 \begin{center}
 \begin{minipage}{4.5cm}
 \begin{itemize}
-\item The outcome matches with the voter intend.
-\item There might be gigantic sums at stake.
+\item The outcome matches with the voters' intend.
+\item There might be gigantic sums at stake and need to be defended against.
 \end{itemize}
 \end{minipage}
 \end{center}
@@ -602,7 +602,7 @@
 \begin{center}
 \begin{minipage}{4.5cm}
 \begin{itemize}
-\item Only authorised voters should be able to vote up to the permitted number of votes.
+\item Authorised voters should have the opportunity to vote.
 \end{itemize}
 \end{minipage}
 \end{center}
@@ -627,23 +627,6 @@
 \end{tikzpicture}
 \end{textblock}}
 
-\only<6>{
-\begin{textblock}{5.5}(8,5)
-\begin{tikzpicture}
-\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered] 
-{\small
-\begin{minipage}{5cm}\raggedright
-\begin{center}
-\begin{minipage}{4.5cm}
-\begin{itemize}
-\item Only authorised voters should be able to vote up to the permitted number of votes.
-\end{itemize}
-\end{minipage}
-\end{center}
-\end{minipage}};
-\end{tikzpicture}
-\end{textblock}}
-
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
 
@@ -693,7 +676,7 @@
 
 \begin{itemize}
 \item The Netherlands between 1997 - 2006 had electronic voting machines\\
-\textcolor{gray}{(hacktivists had found that they could be hacked and emitted radio signals revealing how you voted)}
+\textcolor{gray}{(hacktivists had found: they can be hacked and also emitted radio signals revealing how you voted)}
 
 \item Germany had used them in pilot studies\\ 
 \textcolor{gray}{(in 2007 a law suit has reached the highest court and it rejected electronic voting
@@ -711,10 +694,11 @@
 
 \mbox{}\\[-12mm]
 \begin{itemize}
-\item US used mechanical machines since the 50s, later punch cards, now DREs and 
+\item US used mechanical machines since the 30s, later punch cards, now DREs and 
 optical scan voting machines \textcolor{gray}{(fantastic ``ecosystem'' for study)}
 
-\item Estonia used in 2007 the world's first Internet vote in national elections (there are earlier pilot studies)
+\item Estonia used in 2007 the Internet for national elections 
+\textcolor{gray}{(there were earlier pilot studies in other countries)}
 
 \item India uses e-voting devices  since at least 2003\\
 \textcolor{gray}{(``keep-it-simple'' machines produced by a government owned company)}
@@ -744,7 +728,7 @@
 
 
 \item French Revolution and the US Constitution got things ``started'' with 
-paper ballots (you first had to bring your own, or later were pre-printed by the parties)
+paper ballots (you first had to bring your own; later they were pre-printed by parties)
 \end{itemize}
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
@@ -757,9 +741,9 @@
 Security policies involved with paper ballots:
 
 \begin{enumerate}
-\item you need to check that the ballot box is empty at the start of the poll / no false bottom (ballot stuffing)
-\item you need guard the ballot box during the poll
-\item tallied by a team at the end of the poll (you can have observers) 
+\item you need to check that the ballot box is empty at the start of the poll / no false bottom (to prevent ballot stuffing)
+\item you need to guard the ballot box during the poll until counting
+\item tallied by a team at the end of the poll (independent observers) 
 \end{enumerate}
 
 \begin{center}
@@ -963,8 +947,8 @@
 \frametitle{\begin{tabular}{@ {}c@ {}}Lessons to be Learned\end{tabular}}
 
 \begin{itemize}
-\item keep a paper trail and try to keep this secure
-\item make the software open source
+\item keep a paper trail and design your system to keep this secure\medskip
+\item make the software open source (avoid security-by-obscurity))\medskip
 \item have a simple design in order to minimise the attack surface
 \end{itemize}
sen-material