diff -r 490079e16157 -r f99817977494 slides/slides05.tex --- a/slides/slides05.tex Mon Oct 23 00:36:34 2017 +0100 +++ b/slides/slides05.tex Mon Oct 23 00:50:09 2017 +0100 @@ -529,21 +529,21 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{Protocol Attacks} +% \begin{frame}[c] +% \frametitle{Protocol Attacks} -\begin{itemize} -\item replay attacks -\item reflection attacks -\item man-in-the-middle attacks -\item timing attacks -\item parallel session attacks -\item binding attacks (public key protocols) -\item changing environment / changing assumptions\bigskip +% \begin{itemize} +% \item replay attacks +% \item reflection attacks +% \item man-in-the-middle attacks +% \item timing attacks +% \item parallel session attacks +% \item binding attacks (public key protocols) +% \item changing environment / changing assumptions\bigskip -\item (social engineering attacks) -\end{itemize} -\end{frame} +% \item (social engineering attacks) +% \end{itemize} +% \end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -564,7 +564,7 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] -\frametitle{Man-in-the-Middle} +\frametitle{A Simple PK Protocol} ``Normal'' protocol run:\bigskip @@ -582,6 +582,25 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] +\frametitle{A Simple PK Protocol} + + +\begin{center} +\begin{tabular}{ll@{\hspace{2mm}}l} +1. & \bl{$A \to B :$} & \bl{$K^{pub}_A$}\smallskip\\ +2. & \bl{$B \to A :$} & \bl{$K^{pub}_B$}\smallskip\\ +3. & \bl{$A \to B :$} & \bl{$\{A,m\}_{K^{pub}_B}$}\smallskip\\ +4. & \bl{$B \to A :$} & \bl{$\{B,m'\}_{K^{pub}_A}$} +\end{tabular} +\end{center}\pause\bigskip + +unfortunately there is a simple man-in-the- middle-attack +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] \frametitle{Man-in-the-Middle} Attack: @@ -599,48 +618,49 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] -\frametitle{Man-in-the-Middle} +\frametitle{A MITM Attack} -Potential Prevention? -\begin{itemize} -\item \bl{$A$} sends public key to \bl{$B$} -\item \bl{$B$} sends public key to \bl{$A$} -\item \bl{$A$} encrypts message with \bl{$B$}'s public key, send's {\bf half} of the message -\item \bl{$B$} encrypts message with \bl{$A$}'s public key, send's {\bf half} of the message -\item \bl{$A$} sends other half, \bl{$B$} can now decrypt entire message -\item \bl{$B$} sends other half, \bl{$A$} can now decrypt entire message -\end{itemize}\pause +\begin{center} +\begin{tabular}{ll@{\hspace{2mm}}l} +1. & \bl{$A \to E :$} & \bl{$K^{pub}_A$}\smallskip\\ +2. & \bl{$E \to B :$} & \bl{$K^{pub}_E$}\smallskip\\ +3. & \bl{$B \to E :$} & \bl{$K^{pub}_B$}\smallskip\\ +4. & \bl{$E \to A :$} & \bl{$K^{pub}_E$}\smallskip\\ +5. & \bl{$A \to E :$} & \bl{$\{A,m\}_{K^{pub}_E}$}\smallskip\\ +6. & \bl{$E \to B :$} & \bl{$\{E,m\}_{K^{pub}_B}$}\smallskip\\ +7. & \bl{$B \to E :$} & \bl{$\{B,m'\}_{K^{pub}_E}$}\smallskip\\ +8. & \bl{$E \to A :$} & \bl{$\{E,m'\}_{K^{pub}_A}$} +\end{tabular} +\end{center}\pause\medskip -%\bl{$C$} would have to invent a totally new message -\alert{Under which circumstances does this protocol prevent -MiM-attacks, or does it?} +and \bl{$A$} and \bl{$B$} have no chance to detect it +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{Car Transponder (HiTag2)} +% \begin{frame}[c] +% \frametitle{Man-in-the-Middle} + +% Potential Prevention? -\begin{enumerate} -\item \bl{$C$} generates a random number \bl{$N$} -\item \bl{$C$} calculates \bl{$(F,G) = \{N\}_K$} -\item \bl{$C \to T$}: \bl{$N, F$} -\item \bl{$T$} calculates \bl{$(F',G') = \{N\}_K$} -\item \bl{$T$} checks that \bl{$F = F'$} -\item \bl{$T \to C$}: \bl{$N, G'$} -\item \bl{$C$} checks that \bl{$G = G'$} -\end{enumerate}\pause +% \begin{itemize} +% \item \bl{$A$} sends public key to \bl{$B$} +% \item \bl{$B$} sends public key to \bl{$A$} +% \item \bl{$A$} encrypts message with \bl{$B$}'s public key, send's {\bf half} of the message +% \item \bl{$B$} encrypts message with \bl{$A$}'s public key, send's {\bf half} of the message +% \item \bl{$A$} sends other half, \bl{$B$} can now decrypt entire message +% \item \bl{$B$} sends other half, \bl{$A$} can now decrypt entire message +% \end{itemize}\pause -\small -This process means that the transponder believes the car knows -the key \bl{$K$}, and the car believes the transponder knows -the key \bl{$K$}. They have authenticated themselves -to each other, or have they? +% %\bl{$C$} would have to invent a totally new message +% \alert{Under which circumstances does this protocol prevent +% MiM-attacks, or does it?} -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] @@ -664,76 +684,38 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{Problems with EMV} +% \begin{frame}[c] +% \frametitle{Problems with EMV} -\begin{itemize} -\item it is a wrapper for many protocols -\item specification by consensus (resulted unmanageable complexity) -\item its specification is 700 pages in English plus 2000+ pages for testing, additionally some -further parts are secret -\item other attacks have been found -\end{itemize} +% \begin{itemize} +% \item it is a wrapper for many protocols +% \item specification by consensus (resulted unmanageable complexity) +% \item its specification is 700 pages in English plus 2000+ pages for testing, additionally some +% further parts are secret +% \item other attacks have been found +% \end{itemize} -\end{frame} +% \end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{Protocols are Difficult} +% \begin{frame}[c] +% \frametitle{Protocols are Difficult} -\begin{itemize} -\item even the systems designed by experts regularly fail\medskip -\item the one who can fix a system should also be liable for the losses\medskip -\item cryptography is often not the problem\bigskip\bigskip -\end{itemize} +% \begin{itemize} +% \item even the systems designed by experts regularly fail\medskip +% \item the one who can fix a system should also be liable for the losses\medskip +% \item cryptography is often not the problem\bigskip\bigskip +% \end{itemize} -\end{frame} +% \end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{A Simple PK Protocol} -\begin{center} -\begin{tabular}{ll@{\hspace{2mm}}l} -1. & \bl{$A \to B :$} & \bl{$K^{pub}_A$}\smallskip\\ -2. & \bl{$B \to A :$} & \bl{$K^{pub}_B$}\smallskip\\ -3. & \bl{$A \to B :$} & \bl{$\{A,m\}_{K^{pub}_B}$}\smallskip\\ -4. & \bl{$B \to A :$} & \bl{$\{B,m'\}_{K^{pub}_A}$} -\end{tabular} -\end{center}\pause\bigskip - -unfortunately there is a simple man-in-the- middle-attack -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{A MITM Attack} - - -\begin{center} -\begin{tabular}{ll@{\hspace{2mm}}l} -1. & \bl{$A \to E :$} & \bl{$K^{pub}_A$}\smallskip\\ -2. & \bl{$E \to B :$} & \bl{$K^{pub}_E$}\smallskip\\ -3. & \bl{$B \to E :$} & \bl{$K^{pub}_B$}\smallskip\\ -4. & \bl{$E \to A :$} & \bl{$K^{pub}_E$}\smallskip\\ -5. & \bl{$A \to E :$} & \bl{$\{A,m\}_{K^{pub}_E}$}\smallskip\\ -6. & \bl{$E \to B :$} & \bl{$\{E,m\}_{K^{pub}_B}$}\smallskip\\ -7. & \bl{$B \to E :$} & \bl{$\{B,m'\}_{K^{pub}_E}$}\smallskip\\ -8. & \bl{$E \to A :$} & \bl{$\{E,m'\}_{K^{pub}_A}$} -\end{tabular} -\end{center}\pause\medskip - -and \bl{$A$} and \bl{$B$} have no chance to detect it -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] \frametitle{Interlock Protocol} @@ -849,6 +831,30 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] +\frametitle{Car Transponder (HiTag2)} + +\begin{enumerate} +\item \bl{$C$} generates a random number \bl{$N$} +\item \bl{$C$} calculates \bl{$(F,G) = \{N\}_K$} +\item \bl{$C \to T$}: \bl{$N, F$} +\item \bl{$T$} calculates \bl{$(F',G') = \{N\}_K$} +\item \bl{$T$} checks that \bl{$F = F'$} +\item \bl{$T \to C$}: \bl{$N, G'$} +\item \bl{$C$} checks that \bl{$G = G'$} +\end{enumerate}\pause + +\small +This process means that the transponder believes the car knows +the key \bl{$K$}, and the car believes the transponder knows +the key \bl{$K$}. They have authenticated themselves +to each other, or have they? + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] \frametitle{Trusted Third Parties} Simple protocol for establishing a secure connection via a @@ -1159,400 +1165,6 @@ %\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{Mid-Term} - -\begin{itemize} -\item homework, handouts, programs\ldots -\end{itemize}\bigskip\bigskip\bigskip - -\begin{center} -{\huge\bf\alert{Any Questions?}} -\end{center} - -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{Security Engineering} - - \begin{center} - \begin{tabular}{cc} - \raisebox{-0.8mm}{\includegraphics[scale=0.28]{../pics/flight.jpg}} & - \includegraphics[scale=0.31]{../pics/airbus.jpg}\\ - \small Wright brothers, 1901 & \small Airbus, 2005 \\ - \end{tabular} - \end{center} - - \end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{1st Lecture} - -\begin{itemize} -\item chip-and-pin, banks vs.~customers -\begin{quote}\small\rm - the one who can improve security should also be - liable for the losses -\end{quote}\pause\bigskip - -\item hashes and salts to guarantee data integrity\medskip -\item storing passwords (you should know the difference between -brute force attacks and dictionary attacks; how do salts help?) -\end{itemize} - -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{1st Lecture: Cookies} - -\begin{itemize} -\item good uses of cookies?\medskip - -\item bad uses of cookies: snooping, tracking, profiling\ldots - the ``disadvantage'' is that the user is in - \alert{control}, because you can delete them - - \begin{center} ``Please track me using cookies.'' - \end{center}\bigskip\pause - -\item fingerprinting beyond browser cookies - \begin{quote}\small\rm - Pixel Perfect: Fingerprinting Canvas in HTML5\\ - (a research paper from 2012)\\ - \footnotesize - \url{http://cseweb.ucsd.edu/~hovav/papers/ms12.html} - \end{quote} -\end{itemize} - -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{1st Lecture: Cookies} - -\begin{itemize} -\item a bit of JavaScript and HTML5 + canvas\medskip -\begin{center} -\begin{tabular}{cc} -Firefox & Safari\\ -\includegraphics[scale=0.31]{../pics/firefox1.png} & -\includegraphics[scale=0.31]{../pics/safari1.png} \\ -\tiny -\pcode{55b2257ad0f20ecbf927fb66a15c61981f7ed8fc} & -\tiny -\pcode{17bc79f8111e345f572a4f87d6cd780b445625d3} -\end{tabular} -\end{center}\bigskip - -\item\small no actual drawing needed\pause -\item\small in May 2014 a crawl of 100,000 popular -webpages revealed 5.5\% already use canvas -fingerprinting\smallskip -\begin{center}\scriptsize -\url{https://securehomes.esat.kuleuven.be/~gacar/persistent/the_web_never_forgets.pdf} -\end{center} -\end{itemize} - -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{1st Lecture: Cookies} - -Remember the small web-app I showed you where a cookie -protected a counter?\bigskip - -\begin{itemize} -\item NYT, the cookie looks the ``resource'' - harm\medskip -\item imaginary discount unlocked by cookie - no harm -\end{itemize} - -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[t] -\frametitle{2nd Lecture: E-Voting} - -Where are paper ballots better than voice voting?\bigskip - -\begin{itemize} -\item Integrity -\item \alert{Ballot Secrecy} -\item Voter Authentication -\item Enfranchisement -\item Availability -\end{itemize} - -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[t] -\frametitle{2nd Lecture: E-Voting} - -\begin{itemize} -\item recently an Australian parliamentary committee -found: e-voting is highly vulnerable to hacking and Australia -will not use it any time soon\bigskip\pause -\item Alex Halderman, Washington D.C.~hack -\begin{center} -\scriptsize -\url{https://jhalderm.com/pub/papers/dcvoting-fc12.pdf} -\end{center}\medskip - -\item PDF-ballot tampering at the wireless router (the modification -is nearly undetectable and leaves no traces; MITM attack with firmware -updating) -\begin{center} -\scriptsize -\url{http://galois.com/wp-content/uploads/2014/11/technical-hack-a-pdf.pdf} -\end{center} - -\end{itemize} - -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\tikzset{alt/.code args={<#1>#2#3#4}{% - \alt<#1>{\pgfkeysalso{#2}}{\pgfkeysalso{#3}} % \pgfkeysalso doesn't change the path -}} - -\begin{frame}[t] -\frametitle{\begin{tabular}{c}3rd Lecture:\\ Buffer Overflow Attacks\end{tabular}} - -\begin{itemize} -\item the problem arises from the way C/C++ organises its function calls\\[-8mm]\mbox{} -\end{itemize} - -\begin{center} -\begin{tikzpicture}[scale=1] -%\draw[black!10,step=2mm] (0,0) grid (9,4); -%\draw[black!10,thick,step=10mm] (0,0) grid (9,4); - -\node at (0.5,4.5) {\small\begin{tabular}{l}main\\[-2mm] prog.\end{tabular}}; -\draw[line width=0mm, white, alt=<2->{fill=red}{fill=blue}] (0,2.5) rectangle (1,3.8); -\draw[line width=0mm, white, alt=<9->{fill=red}{fill=blue}] (0,0.2) rectangle (1,0.5); -\draw[line width=1mm, alt=<3->{fill=yellow}{fill=blue}] (0,2.0) rectangle (1,2.5); -\draw[line width=1mm, alt=<6->{fill=red}{fill=blue}] (0,1.0) rectangle (1,2.0); -\draw[line width=1mm, alt=<7->{fill=yellow}{fill=blue}] (0,0.5) rectangle (1,1.0); -\draw[line width=1mm] (0,0) -- (0,4); -\draw[line width=1mm] (1,0) -- (1,4); - -\node at (3.5,3.5) {\small\begin{tabular}{l}fact(n)\end{tabular}}; -\draw[line width=1mm, alt=<{4-5,8}>{fill=red}{fill=blue}] (3,1.0) rectangle (4,3.0); - -\onslide<3-4>{\draw[->, line width=1mm,red] (1,2.3) to node [above,sloped,midway] {n=4} (3,3);} -\onslide<5>{\draw[<-, line width=1mm,red] (1,2.3) to node [above,sloped,midway] {res=24} (3,1);} - -\onslide<7-8>{\draw[->, line width=1mm,red] (1,0.8) to node [above,sloped,midway] {n=3} (3,3);} -\onslide<9>{\draw[<-, line width=1mm,red] (1,0.8) to node [above,sloped,midway] {res=6} (3,1);} - - -\node at (7.75,3.9) {\small\begin{tabular}{l}stack\end{tabular}}; -\draw[line width=1mm] (7,3.5) -- (7,0.5) -- (8.5,0.5) -- (8.5,3.5); - -\onslide<3,4,7,8>{ -\node at (7.75, 1.4) {ret}; -\draw[line width=1mm] (7,1.1) -- (8.5,1.1); -\node at (7.75, 2.0) {sp}; -\draw[line width=1mm] (7,2.3) -- (8.5,2.3); -} -\onslide<3,4>{ -\node at (7.75, 0.8) {4}; -\draw[line width=1mm] (7,1.7) -- (8.5,1.7); -} -\onslide<7,8>{ -\node at (7.75, 0.8) {3}; -\draw[line width=1mm] (7,1.7) -- (8.5,1.7); -} - - -\end{tikzpicture} -\end{center} - -\end{frame} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[t] - -\begin{center} -\begin{tikzpicture}[scale=1] -%\draw[black!10,step=2mm] (0,0) grid (9,4); -%\draw[black!10,thick,step=10mm] (0,0) grid (9,4); - -\node at (0.5,4.5) {\small\begin{tabular}{l}main\\[-2mm] prog.\end{tabular}}; -\draw[line width=0mm, white, alt=<2->{fill=red}{fill=blue}] (0,2.5) rectangle (1,3.8); -\draw[line width=1mm, white, fill=blue] (0,1.0) rectangle (1,2.0); -\draw[line width=1mm, alt=<3->{fill=yellow}{fill=blue}] (0,2.0) rectangle (1,2.5); -\draw[line width=1mm] (0,0) -- (0,4); -\draw[line width=1mm] (1,0) -- (1,4); - -\node at (3.5,3.5) {\small\begin{tabular}{l}fact(n)\end{tabular}}; -\draw[line width=0mm, alt=<{4-}>{red, fill=red}{blue, fill=blue}] (3,2.8) rectangle (4,3.0); -\draw[line width=0mm, alt=<{5-}>{red, fill=red}{blue, fill=blue}] (3,2.8) rectangle (4,2.0); -\draw[line width=0mm, alt=<{7-}>{red, fill=red}{blue, fill=blue}] (3,2.0) rectangle (4,1.0); -\draw[line width=1mm] (3,1.0) rectangle (4,3.0); - -\onslide<3->{\draw[->, line width=1mm,red] (1,2.3) to node [above,sloped,midway] {n=4} (3,3);} -\onslide<5->{\draw[<-, line width=2mm,red] (4,2) to node [above,sloped,midway] -{\begin{tabular}{l}user\\[-1mm] input\end{tabular}} (6,2);} -\onslide<8->{\draw[<-, line width=1mm,red] (1,-2) to (3,1);} - -\node at (7.75,3.9) {\small\begin{tabular}{l}stack\end{tabular}}; -\draw[line width=1mm] (7,3.5) -- (7,-0.1) -- (8.5,-0.1) -- (8.5,3.5); - -\onslide<3->{ -\node at (7.75, 0.2) {4}; -\draw[line width=1mm,alt=<6->{fill=red}{fill=white}] (7,0.5) rectangle (8.5,1.1); -\node at (7.75, 0.8) {\alt<6->{@a\#}{ret}}; -\draw[line width=1mm,alt=<6->{fill=red}{fill=white}] (7,1.1) rectangle (8.5,1.7); -\node at (7.75, 1.4) {\alt<6->{!?w;}sp}; -} - -\onslide<4->{ -\draw[line width=1mm,fill=red] (7,1.7) rectangle (8.5,3.0); -\node[white] at (7.75, 2.4) {buffer}; -} - -\end{tikzpicture} -\end{center} - -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[t] -\frametitle{\begin{tabular}{c}3rd Lecture:\\[-3mm] -Buffer Overflow Attacks\end{tabular}} - -US National Vulnerability Database\\ -\small(636 out of 6675 in 2014) - -\begin{center} -\begin{tikzpicture} -\begin{axis}[ - xlabel={year}, - ylabel={\% of total attacks}, - ylabel style={yshift=0em}, - enlargelimits=false, - xtick={1997,1999,...,2015}, - xmin=1996.5, - xmax=2016, - ymax=21, - ytick={0,5,...,20}, - scaled ticks=false, - axis lines=left, - width=11cm, - height=5cm, - ybar, - nodes near coords= - {\footnotesize - $\pgfmathprintnumber[fixed,fixed zerofill,precision=1,use comma]{\pgfkeysvalueof{/data point/y}}$}, - x tick label style={font=\scriptsize,/pgf/number format/1000 sep={}}] -\addplot - table [x=Year,y=Percentage] {../handouts/bufferoverflows.data}; -\end{axis} -\end{tikzpicture} -\end{center} - -\scriptsize -\url{http://web.nvd.nist.gov/view/vuln/statistics} -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[t] -\frametitle{\begin{tabular}{c}4th Lecture:\\ Unix Access Control\end{tabular}} - -\begin{itemize} -\item privileges are specified by file access permissions (``everything is a file'') -\end{itemize}\medskip - -\begin{center} - \begin{tikzpicture}[scale=1] - - \draw[line width=1mm] (-.3, 0) rectangle (1.5,2); - \draw (4.7,1) node {Internet}; - \draw (-2.7,1.7) node {\footnotesize Application}; - \draw (0.6,1.7) node {\footnotesize Interface}; - \draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}}; - \draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}}; - - \draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2); - - \draw[white] (1.7,1) node (X) {}; - \draw[white] (3.7,1) node (Y) {}; - \draw[red, <->, line width = 2mm] (X) -- (Y); - - \draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1); - \end{tikzpicture} -\end{center} - -\begin{itemize} -\item the idea is to make the attack surface smaller and -mitigate the consequences of an attack -\end{itemize} - -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[fragile,t] -\frametitle{\begin{tabular}{c}4th Lecture:\\ Unix Access Control\end{tabular}} - -\begin{itemize} -\item when a file with setuid is executed, the resulting process will assume the -UID given to the owner of the file -\end{itemize} - -\footnotesize\tt -\begin{center} -\begin{verbatim} -$ ls -ld . * */* -drwxr-xr-x 1 ping staff 32768 Apr 2 2010 . --rw----r-- 1 ping students 31359 Jul 24 2011 manual.txt --r--rw--w- 1 bob students 4359 Jul 24 2011 report.txt --rwsr--r-x 1 bob students 141359 Jun 1 2013 microedit -dr--r-xr-x 1 bob staff 32768 Jul 23 2011 src --rw-r--r-- 1 bob staff 81359 Feb 28 2012 src/code.c --r--rw---- 1 emma students 959 Jan 23 2012 src/code.h -\end{verbatim} -\end{center} - - -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[t] -\frametitle{\begin{tabular}{c}4th Lecture:\\ Unix Access Control\end{tabular}} - -\begin{itemize} -\item Alice wants to have her files readable, -\alert{except} for her office mates.\bigskip - -\item make sure you understand the setuid and setgid bits; - why are they necessary for login and passwd -\end{itemize} - - -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \end{document}