--- a/slides/slides02.tex Mon Sep 28 00:16:15 2015 +0100
+++ b/slides/slides02.tex Mon Sep 28 21:02:01 2015 +0100
@@ -857,152 +857,6 @@
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{Unix-Style Access Control}
-
-How to do control access? In Unix you have
-
-\begin{itemize}
-\item users and you have groups/roles:
-\item some special roles: root
-\end{itemize}
-
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{Unix-Style Access Control}
-\small
-
-\begin{itemize}
-\item
-Q: ``I am using Windows. Why should I care?'' \\
-A: In Windows you have similar AC:
-
-\begin{center}
-\begin{tabular}{l}
-administrators group\\
-\hspace{5mm}(has complete control over the machine)\\
-authenticated users\\
-server operators\\
-power users\\
-network configuration operators
-\end{tabular}
-\end{center}\medskip
-
-\item Modern versions of Windows have more fine-grained AC than Unix;
- they do not have a setuid bit, but have \texttt{runas} (asks for a
- password).\pause
-
-\item OS-provided access control can \alert{\bf add} to your security.
- (defence in depth)
-\end{itemize}
-
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Network Applications:\\[-1mm] Privilege Separation\end{tabular}}
-
-
-\begin{center}
- \begin{tikzpicture}[scale=1]
-
- \draw[line width=1mm] (-.3, 0) rectangle (1.5,2);
- \draw (4.7,1) node {Internet};
- \draw (-2.7,1.7) node {\footnotesize Application};
- \draw (0.6,1.7) node {\footnotesize Interface};
- \draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}};
- \draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}};
-
- \draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2);
-
- \draw[white] (1.7,1) node (X) {};
- \draw[white] (3.7,1) node (Y) {};
- \draw[red, <->, line width = 2mm] (X) -- (Y);
-
- \draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1);
- \end{tikzpicture}
-\end{center}
-
-\begin{itemize}
-\item the idea is make the attack surface smaller and mitigate the
- consequences of an attack
-\end{itemize}
-
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{Weaknesses of Unix AC}
-
-Not just restricted to Unix:
-
-\begin{itemize}
-\item if you have too many roles (i.e.~too finegrained AC), then
- hierarchy is too complex\\ \textcolor{gray}{you invite situations
- like\ldots let's be root}\bigskip
-
-\item you can still abuse the system\ldots
-\end{itemize}
-
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{A ``Cron''-Attack}
-
-The idea is to trick a privileged person to do something on your
-behalf:
-
-\begin{itemize}
-\item root:\\\texttt{rm /tmp/*/*}\bigskip\bigskip\pause
-
-\footnotesize
-\begin{minipage}{1.1\textwidth}
-\textcolor{gray}{the shell behind the scenes:}\\
-\textcolor{gray}{\texttt{rm /tmp/dir$_1$/file$_1$ /tmp/dir$_1$/file$_2$ /tmp/dir$_2$/file$_1$ \ldots}}\bigskip\\
-
-\textcolor{gray}{this takes time}
-\end{minipage}
-\end{itemize}
-
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{A ``Cron''-Attack}
-
-\begin{enumerate}
-\item attacker \textcolor{gray}{(creates a fake passwd file)}\\
-\texttt{mkdir /tmp/a; cat > /tmp/a/passwd}\medskip
-\item root \textcolor{gray}{(does the daily cleaning)}\\
-\texttt{rm /tmp/*/*}\medskip\\
-\hspace{2cm}\textcolor{gray}{\small records that \texttt{/tmp/a/passwd}}\\
-\hspace{2cm}\textcolor{gray}{\small should be deleted, but does not do it yet}\medskip\\
-
-\item attacker \textcolor{gray}{(meanwhile deletes the fake passwd file, and establishes a link to
-the real passwd file)}\\
-\texttt{rm /tmp/a/passwd; rmdir /tmp/a;}\\\texttt{ln -s /etc /tmp/a}\\
-\item root now deletes the real passwd file
-\end{enumerate}
-
-\only<2>{
-\begin{textblock}{11}(2,5)
-\begin{bubble}[8cm]
-\normalsize To prevent this kind of attack, you need additional
-policies (don't do such operations as root).
-\end{bubble}
-\end{textblock}}
-
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]