Mercurial Mercurial > hg > sen-material / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
handouts/ho04.tex
changeset 443 67d7d239c617
parent 404 4e3bc09748f7
child 495 f5172bb6cf45 
--- a/handouts/ho04.tex	Tue Jan 05 01:37:31 2016 +0000
+++ b/handouts/ho04.tex	Mon Jan 11 02:05:24 2016 +0000
@@ -73,12 +73,15 @@
 (Ocaml does not allow buffer overflow attacks, for example).
 If you want to test the security of MirageOS, the 
 developers issued a Bitcoin challenge: if you can break into 
-their system, you can get 10 Bitcoins
+their system at
 
 \begin{center}
 \url{http://ownme.ipredator.se}
 \end{center}
 
+\noindent 
+you can get 10 Bitcoins. This is approximately 
+
 However, sometimes you cannot, or do not want to, get rid of
 the operating system. In such cases it is still a good idea
 to minimise the attack surface. For this it helps if the
@@ -90,30 +93,31 @@
   
   \draw[line width=1mm] (-.3, 0) rectangle (1.5,2);
   \draw (4.7,1) node {Internet};
-  \draw (-2.7,1.7) node {\footnotesize Application};
+  \draw (-2.7,1.5) node {\footnotesize 
+  \begin{tabular}{c}Application\\(dangerous part)\end{tabular}};
   \draw (0.6,1.7) node {\footnotesize Interface};
   \draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}};
   \draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}};
   
-  \draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2);
+  \draw[line width=1mm] (-1.6, 0) rectangle (-3.8,2);
 
   \draw[white] (1.7,1) node (X) {};
   \draw[white] (3.7,1) node (Y) {};
   \draw[<->, line width = 2mm] (X) -- (Y);
  
-  \draw[<->, line width = 1mm] (-0.6,1) -- (-1.6,1);
+  \draw[<->, line width = 1mm] (-0.4,1) -- (-1.5,1);
   \end{tikzpicture}
 \end{center}
 
-\noindent The idea is that all heavy-duty lifting in the
-application (for example database access) is done by a
-privileged process. All user input from the internet is
-received by an \emph{un}privileged process, which is
-restricted to only receive user input from the Internet and
-communicates with the privileged process. This communication,
-however, needs to be sanitised, meaning any unexpected
-user-input needs to be rejected. The idea behind this split is
-that if an attacker can take control of the
+\noindent The idea is that all heavy-duty lifting, or
+dangerous operations, in the application (for example database
+access or writing a file) is done by a privileged process. All user input from
+the internet is received by an \emph{un}privileged process,
+which is restricted to only receive user input from the
+Internet and communicates with the privileged process. This
+communication, however, needs to be sanitised, meaning any
+unexpected user-input needs to be rejected. The idea behind
+this split is that if an attacker can take control of the
 \emph{un}privileged process, then he or she cannot do much
 damage. However, the split into such privileged and
 unprivileged processes requires an operating system that
sen-material