--- a/slides02.tex Sun Dec 09 13:00:33 2012 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,454 +0,0 @@
-\documentclass[dvipsnames,14pt,t]{beamer}
-\usepackage{beamerthemeplainculight}
-\usepackage[T1]{fontenc}
-\usepackage[latin1]{inputenc}
-\usepackage{mathpartir}
-\usepackage[absolute,overlay]{textpos}
-\usepackage{ifthen}
-\usepackage{tikz}
-\usepackage{pgf}
-\usepackage{calc}
-\usepackage{ulem}
-\usepackage{courier}
-\usepackage{listings}
-\renewcommand{\uline}[1]{#1}
-\usetikzlibrary{arrows}
-\usetikzlibrary{automata}
-\usetikzlibrary{shapes}
-\usetikzlibrary{shadows}
-\usetikzlibrary{positioning}
-\usetikzlibrary{calc}
-\usepackage{graphicx}
-
-\definecolor{javared}{rgb}{0.6,0,0} % for strings
-\definecolor{javagreen}{rgb}{0.25,0.5,0.35} % comments
-\definecolor{javapurple}{rgb}{0.5,0,0.35} % keywords
-\definecolor{javadocblue}{rgb}{0.25,0.35,0.75} % javadoc
-
-\lstset{language=Java,
- basicstyle=\ttfamily,
- keywordstyle=\color{javapurple}\bfseries,
- stringstyle=\color{javagreen},
- commentstyle=\color{javagreen},
- morecomment=[s][\color{javadocblue}]{/**}{*/},
- numbers=left,
- numberstyle=\tiny\color{black},
- stepnumber=1,
- numbersep=10pt,
- tabsize=2,
- showspaces=false,
- showstringspaces=false}
-
-\lstdefinelanguage{scala}{
- morekeywords={abstract,case,catch,class,def,%
- do,else,extends,false,final,finally,%
- for,if,implicit,import,match,mixin,%
- new,null,object,override,package,%
- private,protected,requires,return,sealed,%
- super,this,throw,trait,true,try,%
- type,val,var,while,with,yield},
- otherkeywords={=>,<-,<\%,<:,>:,\#,@},
- sensitive=true,
- morecomment=[l]{//},
- morecomment=[n]{/*}{*/},
- morestring=[b]",
- morestring=[b]',
- morestring=[b]"""
-}
-
-\lstset{language=Scala,
- basicstyle=\ttfamily,
- keywordstyle=\color{javapurple}\bfseries,
- stringstyle=\color{javagreen},
- commentstyle=\color{javagreen},
- morecomment=[s][\color{javadocblue}]{/**}{*/},
- numbers=left,
- numberstyle=\tiny\color{black},
- stepnumber=1,
- numbersep=10pt,
- tabsize=2,
- showspaces=false,
- showstringspaces=false}
-
-% beamer stuff
-\renewcommand{\slidecaption}{APP 02, King's College London, 2 October 2012}
-
-
-\begin{document}
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}<1>[t]
-\frametitle{%
- \begin{tabular}{@ {}c@ {}}
- \\
- \LARGE Access Control and \\[-3mm]
- \LARGE Privacy Policies (2)\\[-6mm]
- \end{tabular}}\bigskip\bigskip\bigskip
-
- %\begin{center}
- %\includegraphics[scale=1.3]{pics/barrier.jpg}
- %\end{center}
-
-\normalsize
- \begin{center}
- \begin{tabular}{ll}
- Email: & christian.urban at kcl.ac.uk\\
- Of$\!$fice: & S1.27 (1st floor Strand Building)\\
- Slides: & KEATS (also home work is there)
- \end{tabular}
- \end{center}
-
-
-\end{frame}}
- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Homework\end{tabular}}
-
-
-\ldots{} I have a question about the homework.\\[3mm]
-Is it required to submit the homework before\\
-the next lecture?\\[5mm]
-
-Thank you!\\
-Anonymous
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-
-\begin{center}
-\begin{tabular}[t]{c}
-\includegraphics[scale=1.2]{pics/barrier.jpg}\\
-future lectures
-\end{tabular}\;\;\;
-\onslide<2>{
-\begin{tabular}[t]{c}
-\includegraphics[scale=0.32]{pics/trainwreck.jpg}\\
-today
-\end{tabular}
-}
-\end{center}
-
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}SmartWater\end{tabular}}
-
-\begin{textblock}{1}(1,3)
-\begin{tabular}{c}
-\includegraphics[scale=0.15]{pics/SmartWater}
-\end{tabular}
-\end{textblock}
-
-
-\begin{textblock}{8.5}(7,3)
-\begin{itemize}
-\item seems helpful for preventing cable theft\medskip
-\item wouldn't be helpful to make your property safe, because of possible abuse\medskip
-
-\item security is always a tradeoff
-\end{itemize}
-\end{textblock}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Plain-text Passwords at IEEE\end{tabular}}
-
-\small\textcolor{gray}{On 25 September 2012, a report on a data breach at IEEE:}
-
-
-\begin{itemize}
-\item IEEE is a standards organisation (not-for-profit)
-\item many standards in CS are by IEEE\medskip
-\item 100k plain-text passwords were recorded in logs
-\item the logs were openly accessible on their FTP server
-\end{itemize}\bigskip
-
-\begin{flushright}\small
-\textcolor{gray}{\url{http://ieeelog.com}}
-\end{flushright}
-
-\only<2>{
-\begin{textblock}{11}(3,2)
-\begin{tikzpicture}
-\draw (0,0) node[inner sep=2mm,fill=white, ultra thick, draw=red, rounded corners=2mm]
-{\normalsize\color{darkgray}
-\begin{minipage}{7.5cm}\raggedright\small
-\includegraphics[scale=0.6]{pics/IEEElog.jpg}
-\end{minipage}};
-\end{tikzpicture}
-\end{textblock}}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Virgin Mobile (USA)\end{tabular}}
-
-\begin{flushright}\small
-\textcolor{gray}{\url{http://arstechnica.com/security/2012/09/virgin-mobile-password-crack-risk/}}
-\end{flushright}
-
-\begin{itemize}
-\item for online accounts passwords must be 6 digits
-\item you must cycle through 1M combinations (online)\pause\bigskip
-
-\item he limited the attack on his own account to 1 guess per second, \alert{\bf and}
-\item wrote a script that cleared the cookie set after each guess\pause
-\item has been fixed now
-\end{itemize}
-
-
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Smash the Stack for Fun \ldots\end{tabular}}
-
-\begin{itemize}
-\item ``smashing the stack attacks'' or ``buffer overflow attacks''
-\item one of the most popular attacks;\\ attack of the (last) decade\\ ($>$ 50\% of security incidents reported at CERT are related to buffer overflows)
-\begin{flushright}\small
-\textcolor{gray}{\url{http://www.kb.cert.org/vuls}}
-\end{flushright}
-\medskip
-\item made popular in an article by Elias Levy\\ (also known as Aleph One):\\
-\begin{center}
-{\bf ``Smashing The Stack For Fun and Profit''}
-\end{center}\medskip
-
-\begin{flushright}
-\small\textcolor{gray}{\url{http://www.phrack.org}, Issue 49, Article 14}
-\end{flushright}
-
-\end{itemize}
-
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}The Problem\end{tabular}}
-
-\begin{itemize}
-\item The basic problem is that library routines in C look as follows:
-\begin{center}
-{\lstset{language=Java}\fontsize{8}{10}\selectfont%
-\texttt{\lstinputlisting{app5.c}}}
-\end{center}
-\item the resulting problems are often remotely exploitable
-\item can be used to circumvents all access control
-(botnets for further attacks)
-\end{itemize}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Variants\end{tabular}}
-
-There are many variants:
-
-\begin{itemize}
-\item return-to-lib-C attacks
-\item heap-smashing attacks\\
-\textcolor{gray}{\small(Slammer Worm in 2003 infected 90\% of vulnerable systems within 10 minutes)}\bigskip
-
-\item ``zero-days-attacks'' (new unknown vulnerability)
-\end{itemize}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-
-\small
-\texttt{my\_float} is printed twice:\bigskip
-
-{\lstset{language=Java}\fontsize{8}{10}\selectfont%
-\texttt{\lstinputlisting{C1.c}}}
-
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-
-\begin{center}
-\only<1>{\includegraphics[scale=0.9]{pics/stack1}\;\;}
-\only<2>{\includegraphics[scale=0.9]{pics/stack2}\;\;}
-\only<3>{\includegraphics[scale=0.9]{pics/stack3}\;\;}
-\end{center}
-
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-
-{\lstset{language=Java}\fontsize{8}{10}\selectfont%
-\texttt{\lstinputlisting{C2.c}}}
-
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-
-\small
-A programmer might be careful, but still introduce vulnerabilities:\bigskip
-
-{\lstset{language=Java}\fontsize{8}{10}\selectfont%
-\texttt{\lstinputlisting{C2a.c}}}
-
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Payloads\end{tabular}}
-
-\begin{itemize}
-\item the idea is you store some code as part to the buffer
-\item you then override the return address to execute this payload\medskip
-\item normally you start a root-shell\pause
-\item difficulty is to guess the right place where to ``jump''
-\end{itemize}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Payloads (2)\end{tabular}}
-
-\begin{itemize}
-\item another difficulty is that the code is not allowed to contain \texttt{$\backslash$x00}:
-
-\begin{center}
-\texttt{xorl \%eax, \%eax}
-\end{center}
-\end{itemize}\bigskip\bigskip
-
-{\lstset{language=Java}\fontsize{8}{10}\selectfont%
-\texttt{\lstinputlisting{app5.c}}}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Format String Vulnerability\end{tabular}}
-
-\small
-\texttt{string} is nowhere used:\bigskip
-
-{\lstset{language=Java}\fontsize{8}{10}\selectfont%
-\texttt{\lstinputlisting{programs/C4.c}}}\bigskip
-
-this vulnerability can be used to read out the stack
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Protections against BO Attacks\end{tabular}}
-
-\begin{itemize}
-\item use safe library functions
-\item ensure stack data is not executable (can be defeated)
-\item address space randomisation (makes one-size-fits-all more difficult)
-\item choice of programming language (one of the selling points of Java)
-
-\end{itemize}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Security Goals\end{tabular}}
-
-\begin{itemize}
-\item Prevent common vulnerabilities from occurring (e.g. buffer overflows)\pause
-\item Recover from attacks (traceability and auditing of security-relevant actions)\pause
-\item Monitoring (detect attacks)\pause
-\item Privacy, confidentiality, anonymity (to protect secrets)\pause
-\item Authenticity (needed for access control)\pause
-\item Integrity (prevent unwanted modification or tampering)\pause
-\item Availability and reliability (reduce the risk of DoS attacks)
-\end{itemize}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Homework\end{tabular}}
-
-\begin{itemize}
-\item Assume format string attacks allow you to read out the stack. What can you do
- with this information?\bigskip
-
-\item Assume you can crash a program remotely. Why is this a problem?
-\end{itemize}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-
-\end{document}
-
-%%% Local Variables:
-%%% mode: latex
-%%% TeX-master: t
-%%% End:
-