\documentclass[dvipsnames,14pt,t]{beamer}\usepackage{../slides}\usepackage{../langs}\usepackage{../graphics}\usepackage{../data}\usepackage{../grammar}% beamer stuff \renewcommand{\slidecaption}{SEN 10, King's College London}\newcommand{\bl}[1]{\textcolor{blue}{#1}}\begin{document}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[t]\frametitle{% \begin{tabular}{@ {}c@ {}} \\ \LARGE Access Control and \\[-3mm] \LARGE Privacy Policies (10)\\[-6mm] \end{tabular}}\bigskip\bigskip\bigskip \normalsize \begin{center} \begin{tabular}{ll} Email: & christian.urban at kcl.ac.uk\\ Office: & N7.07 (North Wing, Bush House)\\ Slides: & KEATS (also homework is there)\\ \end{tabular} \end{center}\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[c]\frametitle{\begin{tabular}{c}\mbox{}\\[20mm]\Huge Revision\end{tabular}}\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[c]\frametitle{Security Engineering} \begin{center} \begin{tabular}{cc} \raisebox{-0.8mm}{\includegraphics[scale=0.28]{../pics/flight.jpg}} & \includegraphics[scale=0.31]{../pics/airbus.jpg}\\ \small Wright brothers, 1901 & \small Airbus, 2005 \\ \end{tabular} \end{center} \end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[c]\frametitle{1st Lecture}\begin{itemize}\item chip-and-pin, banks vs.~customers\begin{quote}\small\rm the one who can improve security should also be liable for the losses \end{quote}\pause\bigskip\item hashes and salts to guarantee data integrity\medskip\item storing passwords (you should know the difference betweenbrute force attacks and dictionary attacks; how do salts help?)\end{itemize}\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[c]\frametitle{1st Lecture: Cookies}\begin{itemize}\item good uses of cookies?\medskip\item bad uses of cookies: snooping, tracking, profiling\ldots the ``disadvantage'' is that the user is in \alert{control}, because you can delete them \begin{center} ``Please track me using cookies.'' \end{center}\bigskip\pause\item fingerprinting beyond browser cookies \begin{quote}\small\rm Pixel Perfect: Fingerprinting Canvas in HTML5\\ (a research paper from 2012)\\ \footnotesize \url{http://cseweb.ucsd.edu/~hovav/papers/ms12.html} \end{quote} \end{itemize}\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[c]\frametitle{1st Lecture: Cookies}\begin{itemize}\item a bit of JavaScript and HTML5 + canvas\medskip\begin{center}\begin{tabular}{cc}Firefox & Safari\\\includegraphics[scale=0.31]{../pics/firefox1.png} &\includegraphics[scale=0.31]{../pics/safari1.png} \\\tiny\pcode{55b2257ad0f20ecbf927fb66a15c61981f7ed8fc} &\tiny\pcode{17bc79f8111e345f572a4f87d6cd780b445625d3}\end{tabular}\end{center}\bigskip\item\small no actual drawing needed\pause\item\small in May 2014 a crawl of 100,000 popular webpages revealed 5.5\% already use canvas fingerprinting\smallskip\begin{center}\scriptsize\url{https://securehomes.esat.kuleuven.be/~gacar/persistent/the_web_never_forgets.pdf}\end{center}\end{itemize}\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[c]\frametitle{1st Lecture: Cookies}Remember the small web-app I showed where a cookie protected a counter\bigskip \begin{itemize}\item NYT, the cookie looks the ``resource'' - harm\medskip\item imaginary discount unlocked by cookie - no harm\end{itemize}\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[t]\frametitle{2nd Lecture: E-Voting}Where are paper ballots better than voice voting?\bigskip\begin{itemize}\item Integrity \item \alert{Ballot Secrecy}\item Voter Authentication\item Enfranchisement\item Availability\end{itemize}\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[t]\frametitle{2nd Lecture: E-Voting}\begin{itemize}\item (two weeks ago) an Australian parliamentary committee found: e-voting is highly vulnerable to hacking and Australia will not use it any time soon\bigskip\pause\item Alex Halderman, Washington D.C.~hack\begin{center}\scriptsize\url{https://jhalderm.com/pub/papers/dcvoting-fc12.pdf}\end{center}\medskip\item PDF-ballot tampering at the wireless router (the modification is nearly undetectable and leaves no traces; MITM attack with firmware updating)\begin{center}\scriptsize\url{http://galois.com/wp-content/uploads/2014/11/technical-hack-a-pdf.pdf}\end{center}\end{itemize}\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\tikzset{alt/.code args={<#1>#2#3#4}{% \alt<#1>{\pgfkeysalso{#2}}{\pgfkeysalso{#3}} % \pgfkeysalso doesn't change the path}}\begin{frame}[t]\frametitle{\begin{tabular}{c}3rd Lecture:\\ Buffer Overflow Attacks\end{tabular}}\begin{itemize}\item the problem arises from the way C/C++ organises its function calls\\[-8mm]\mbox{}\end{itemize}\begin{center}\begin{tikzpicture}[scale=1]%\draw[black!10,step=2mm] (0,0) grid (9,4);%\draw[black!10,thick,step=10mm] (0,0) grid (9,4);\node at (0.5,4.5) {\small\begin{tabular}{l}main\\[-2mm] prog.\end{tabular}};\draw[line width=0mm, white, alt=<2->{fill=red}{fill=blue}] (0,2.5) rectangle (1,3.8);\draw[line width=0mm, white, alt=<9->{fill=red}{fill=blue}] (0,0.2) rectangle (1,0.5);\draw[line width=1mm, alt=<3->{fill=yellow}{fill=blue}] (0,2.0) rectangle (1,2.5);\draw[line width=1mm, alt=<6->{fill=red}{fill=blue}] (0,1.0) rectangle (1,2.0);\draw[line width=1mm, alt=<7->{fill=yellow}{fill=blue}] (0,0.5) rectangle (1,1.0);\draw[line width=1mm] (0,0) -- (0,4);\draw[line width=1mm] (1,0) -- (1,4);\node at (3.5,3.5) {\small\begin{tabular}{l}fact(n)\end{tabular}};\draw[line width=1mm, alt=<{4-5,8}>{fill=red}{fill=blue}] (3,1.0) rectangle (4,3.0);\onslide<3-4>{\draw[->, line width=1mm,red] (1,2.3) to node [above,sloped,midway] {n=4} (3,3);}\onslide<5>{\draw[<-, line width=1mm,red] (1,2.3) to node [above,sloped,midway] {res=24} (3,1);}\onslide<7-8>{\draw[->, line width=1mm,red] (1,0.8) to node [above,sloped,midway] {n=3} (3,3);}\onslide<9>{\draw[<-, line width=1mm,red] (1,0.8) to node [above,sloped,midway] {res=6} (3,1);}\node at (7.75,3.9) {\small\begin{tabular}{l}stack\end{tabular}};\draw[line width=1mm] (7,3.5) -- (7,0.5) -- (8.5,0.5) -- (8.5,3.5);\onslide<3,4,7,8>{\node at (7.75, 1.4) {ret};\draw[line width=1mm] (7,1.1) -- (8.5,1.1);\node at (7.75, 2.0) {sp};\draw[line width=1mm] (7,2.3) -- (8.5,2.3);}\onslide<3,4>{\node at (7.75, 0.8) {4};\draw[line width=1mm] (7,1.7) -- (8.5,1.7);}\onslide<7,8>{\node at (7.75, 0.8) {3};\draw[line width=1mm] (7,1.7) -- (8.5,1.7);}\end{tikzpicture}\end{center}\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[t]\begin{center}\begin{tikzpicture}[scale=1]%\draw[black!10,step=2mm] (0,0) grid (9,4);%\draw[black!10,thick,step=10mm] (0,0) grid (9,4);\node at (0.5,4.5) {\small\begin{tabular}{l}main\\[-2mm] prog.\end{tabular}};\draw[line width=0mm, white, alt=<2->{fill=red}{fill=blue}] (0,2.5) rectangle (1,3.8);\draw[line width=1mm, white, fill=blue] (0,1.0) rectangle (1,2.0);\draw[line width=1mm, alt=<3->{fill=yellow}{fill=blue}] (0,2.0) rectangle (1,2.5);\draw[line width=1mm] (0,0) -- (0,4);\draw[line width=1mm] (1,0) -- (1,4);\node at (3.5,3.5) {\small\begin{tabular}{l}fact(n)\end{tabular}};\draw[line width=0mm, alt=<{4-}>{red, fill=red}{blue, fill=blue}] (3,2.8) rectangle (4,3.0);\draw[line width=0mm, alt=<{5-}>{red, fill=red}{blue, fill=blue}] (3,2.8) rectangle (4,2.0);\draw[line width=0mm, alt=<{7-}>{red, fill=red}{blue, fill=blue}] (3,2.0) rectangle (4,1.0);\draw[line width=1mm] (3,1.0) rectangle (4,3.0);\onslide<3->{\draw[->, line width=1mm,red] (1,2.3) to node [above,sloped,midway] {n=4} (3,3);}\onslide<5->{\draw[<-, line width=2mm,red] (4,2) to node [above,sloped,midway] {\begin{tabular}{l}user\\[-1mm] input\end{tabular}} (6,2);}\onslide<8->{\draw[<-, line width=1mm,red] (1,-2) to (3,1);}\node at (7.75,3.9) {\small\begin{tabular}{l}stack\end{tabular}};\draw[line width=1mm] (7,3.5) -- (7,-0.1) -- (8.5,-0.1) -- (8.5,3.5);\onslide<3->{\node at (7.75, 0.2) {4};\draw[line width=1mm,alt=<6->{fill=red}{fill=white}] (7,0.5) rectangle (8.5,1.1);\node at (7.75, 0.8) {\alt<6->{@a\#}{ret}};\draw[line width=1mm,alt=<6->{fill=red}{fill=white}] (7,1.1) rectangle (8.5,1.7);\node at (7.75, 1.4) {\alt<6->{!?w;}sp};}\onslide<4->{\draw[line width=1mm,fill=red] (7,1.7) rectangle (8.5,3.0);\node[white] at (7.75, 2.4) {buffer};}\end{tikzpicture}\end{center}\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[t]\frametitle{\begin{tabular}{c}3rd Lecture:\\[-3mm] Buffer Overflow Attacks\end{tabular}}US National Vulnerability Database\\ \small(636 out of 6675 in 2014)\begin{center}\begin{tikzpicture}\begin{axis}[ xlabel={year}, ylabel={\% of total attacks}, ylabel style={yshift=0em}, enlargelimits=false, xtick={1997,1998,2000,...,2014}, xmin=1996.5, xmax=2015, ymax=21, ytick={0,5,...,20}, scaled ticks=false, axis lines=left, width=11cm, height=5cm, ybar, nodes near coords= {\footnotesize $\pgfmathprintnumber[fixed,fixed zerofill,precision=1,use comma]{\pgfkeysvalueof{/data point/y}}$}, x tick label style={font=\scriptsize,/pgf/number format/1000 sep={}}]\addplot table [x=Year,y=Percentage] {bufferoverflows.data};\end{axis}\end{tikzpicture}\end{center}\scriptsize\url{http://web.nvd.nist.gov/view/vuln/statistics}\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[t]\frametitle{\begin{tabular}{c}4th Lecture:\\ Unix Access Control\end{tabular}}\begin{itemize}\item privileges are specified by file access permissions (``everything is a file'') \end{itemize}\medskip\begin{center} \begin{tikzpicture}[scale=1] \draw[line width=1mm] (-.3, 0) rectangle (1.5,2); \draw (4.7,1) node {Internet}; \draw (-2.7,1.7) node {\footnotesize Application}; \draw (0.6,1.7) node {\footnotesize Interface}; \draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}}; \draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}}; \draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2); \draw[white] (1.7,1) node (X) {}; \draw[white] (3.7,1) node (Y) {}; \draw[red, <->, line width = 2mm] (X) -- (Y); \draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1); \end{tikzpicture}\end{center}\begin{itemize}\item the idea is to make the attack surface smaller and mitigate the consequences of an attack\end{itemize}\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[fragile,t]\frametitle{\begin{tabular}{c}4th Lecture:\\ Unix Access Control\end{tabular}}\begin{itemize}\item when a file with setuid is executed, the resulting process will assume the UID given to the owner of the file\end{itemize}\footnotesize\tt\begin{center}\begin{verbatim}$ ls -ld . * */*drwxr-xr-x 1 ping staff 32768 Apr 2 2010 .-rw----r-- 1 ping students 31359 Jul 24 2011 manual.txt-r--rw--w- 1 bob students 4359 Jul 24 2011 report.txt-rwsr--r-x 1 bob students 141359 Jun 1 2013 microeditdr--r-xr-x 1 bob staff 32768 Jul 23 2011 src-rw-r--r-- 1 bob staff 81359 Feb 28 2012 src/code.c-r--rw---- 1 emma students 959 Jan 23 2012 src/code.h\end{verbatim}\end{center}\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[t]\frametitle{\begin{tabular}{c}4th Lecture:\\ Unix Access Control\end{tabular}}\begin{itemize}\item Alice wants to have her files readable, \alert{except} for her office mates.\end{itemize}\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[c]\frametitle{5rd Lecture: Protocols}Simple Challenge Response\\(solving the replay problem):\begin{center}\begin{tabular}{lll}\bl{$A \rightarrow B:$} & \bl{Hi I am A}\\\bl{$B \rightarrow A:$} & \bl{$N$} & (challenge)\\\bl{$A \rightarrow B:$} & \bl{$\{N\}_{K_{AB}}$}\\\end{tabular} \end{center}\pauseMutual Challenge Response:\begin{center}\begin{tabular}{ll}\bl{$A \rightarrow B:$} & \bl{$N_A$}\\\bl{$B \rightarrow A:$} & \bl{$\{N_A, N_B\}_{K_{AB}}$}\\\bl{$A \rightarrow B:$} & \bl{$N_B$}\\\end{tabular} \end{center}\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[c]\frametitle{5rd Lecture: Protocols}A car-transponder protocol:\begin{enumerate}\item \bl{$C$} generates a random number \bl{$N$}\item \bl{$C$} calculates \bl{$(F,G) = \{N\}_K$}\item \bl{$C \to T$}: \bl{$N, F$}\item \bl{$T$} calculates \bl{$(F',G') = \{N\}_K$}\item \bl{$T$} checks that \bl{$F = F'$}\item \bl{$T \to C$}: \bl{$N, G'$}\item \bl{$C$} checks that \bl{$G = G'$}\end{enumerate}Authentication: \bl{$T \to C$}, \bl{$C \to T$}?\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[c]\frametitle{5rd Lecture: Protocols}The interlock protocol (``best bet'' against MITM):\begin{center}\begin{tabular}{ll@{\hspace{2mm}}l}1. & \bl{$A \to B :$} & \bl{$K^{pub}_A$}\\2. & \bl{$B \to A :$} & \bl{$K^{pub}_B$}\\3. & & \bl{$\{A,m\}_{K^{pub}_B} \;\mapsto\; H_1,H_2$}\\ & & \bl{$\{B,m'\}_{K^{pub}_A} \;\mapsto\; M_1,M_2$}\\4. & \bl{$A \to B :$} & \bl{$H_1$}\\5. & \bl{$B \to A :$} & \bl{$\{H_1, M_1\}_{K^{pub}_A}$}\\6. & \bl{$A \to B :$} & \bl{$\{H_2, M_1\}_{K^{pub}_B}$}\\7. & \bl{$B \to A :$} & \bl{$M_2$}\end{tabular}\end{center}\pause\footnotesize\bl{$m$} = How is your grandmother? \bl{$m'$} = How is theweather today in London?\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[c]\frametitle{5th Lecture: Protocols}An article in The Guardian from 2013 reveals how GCHQ and theNSA at a G20 Summit in 2009 sniffed emails from Internetcafes, monitored phone calls from delegates and attempted tolisten on phone calls which were made by Russians and whichwere transmitted via satellite links:\begin{center}\small\url{http://www.theguardian.com/uk/2013/jun/16/gchq-intercepted-communications-g20-summits}\end{center}\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[c]\frametitle{\begin{tabular}{c}6th Lecture:\\[-2mm] Zero-Knowledge Proofs\end{tabular}}\begin{center}\addtolength{\fboxsep}{4mm}\fbox{\includegraphics[scale=0.3]{../pics/Dismantling_Megamos_Crypto.png}}\end{center}\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[c]\frametitle{7th Lecture: Privacy}\begin{itemize}\item de-anonymisation attacks\\ (Netflix, DNA databases, \ldots) \end{itemize}\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[c]\frametitle{7th Lecture: Privacy}\begin{itemize}\item differential privacy for anonymising research data\begin{center}User\;\;\;\; \begin{tabular}{c}tell me \bl{$f(x)$} $\Rightarrow$\\$\Leftarrow$ \bl{$f(x) + \text{noise}$}\end{tabular}\;\;\;\;\begin{tabular}{@{}c}Database\\\bl{$x_1, \ldots, x_n$}\end{tabular}\end{center}\item \bl{$f(x)$} can be released, if \bl{$f$} is insensitive toindividual entries \bl{$x_1, \ldots, x_n$}\\\item The intuition: whatever is learned from the dataset would be learned regardless of whether\bl{$x_i$} participates\bigskip\pause\end{itemize}\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[c]\frametitle{8th Lecture: Bitcoins}\begin{itemize}\item conclusion: not anonymous, not free from (potential) government interference\bigskip\bigskip\item The department has large labs full of computers that are pretty much idle over night. Why is it a bad idea to let them mine for Bitcoins?\bigskip\pause\item other cryptocurrencies (Litecoins,\ldots)\begin{center}\small\url{http://en.wikipedia.org/wiki/Cryptocurrency}\end{center}\end{itemize}\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[c]\frametitle{9th Lecture: Static Analysis}\begin{itemize}\item more principled way of writing software\item testing can show the presence of bugs, but not their absence\bigskip\item ``A good attack is one that the engineers never even thought about.'' ---Bruce Schneier\end{itemize}\begin{center} \includegraphics[scale=1]{../pics/barrier.jpg}\end{center}\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[c]\frametitle{9th Lecture}\begin{itemize}\item model checking\medskip\item program logics (Hoare logics, separation logic)\medskip\item proof-carrying code\medskip\item specifications / correctness proofs\end{itemize}\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[c]\frametitle{Further Reading}\begin{itemize}\item Risks mailing list\begin{center}\small\url{http://catless.ncl.ac.uk/Risks}\end{center}\item Crypto-Gram\begin{center}\small\url{https://www.schneier.com/crypto-gram.html}\end{center}\item Light blue touchpaper\begin{center}\small\url{https://www.lightbluetouchpaper.org}\end{center}\end{itemize}\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\begin{frame}[c]\begin{itemize}\item you can still send me your hws\bigskip \item projects\end{itemize}\end{frame}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \end{document}%%% Local Variables: %%% mode: latex%%% TeX-master: t%%% End: