# HG changeset patch # User Christian Urban # Date 1350385835 -3600 # Node ID 24d08d7c582f8d74b6d18511ec24ece53df9e261 # Parent 1dcd758265f1173bc80021b3cc4958474d3d0ce4 added diff -r 1dcd758265f1 -r 24d08d7c582f slides04.pdf Binary file slides04.pdf has changed diff -r 1dcd758265f1 -r 24d08d7c582f slides04.tex --- a/slides04.tex Tue Oct 16 08:52:23 2012 +0100 +++ b/slides04.tex Tue Oct 16 12:10:35 2012 +0100 @@ -109,7 +109,7 @@ \frametitle{Unix-Style Access Control} \begin{itemize} -\item Q: ``I am using Windows. Why should I care?'' \\ A: In Windows you have: +\item Q: ``I am using Windows. Why should I care?'' \\ A: In Windows you have similar groups: \begin{center} \begin{tabular}{l} @@ -122,7 +122,7 @@ \end{tabular} \end{center}\medskip -\item Modern versions of Windows have more fine-grained AC; they do not have a setuid bit, but +\item Modern versions of Windows have more fine-grained AC than Unix; they do not have a setuid bit, but have \texttt{runas} (asks for a password).\pause \item OS provided access control can \alert{add} to your @@ -144,6 +144,7 @@ \draw[line width=1mm] (-.3, 0) rectangle (1.5,2); \draw (4.7,1) node {Internet}; + \draw (-2.7,1.7) node {\footnotesize Application}; \draw (0.6,1.7) node {\footnotesize Interface}; \draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}}; \draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}}; @@ -179,10 +180,10 @@ \begin{textblock}{11}(10.5,10.5) \small To take an action you\\[-1mm] -need either: +need at least either: \begin{itemize} \item 1 CEO\\[-5mm] -\item 2 MDs\\[-5mm] +\item 2 MDs, or\\[-5mm] \item 3 Ds \end{itemize} \end{textblock} @@ -195,6 +196,8 @@ \begin{frame}[c] \frametitle{Lessons from Access Control} +Not just restricted to Unix: + \begin{itemize} \item if you have too many roles (i.e.~too finegrained AC), then hierarchy is too complex\\ @@ -256,7 +259,7 @@ {\normalsize\color{darkgray} \begin{minipage}{9cm}\raggedright To prevent this kind of attack, you need additional -policies. +policies (don't do such operations as root). \end{minipage}}; \end{tikzpicture} \end{textblock}} @@ -270,6 +273,8 @@ \begin{frame}[c] \frametitle{\begin{tabular}{@ {}c@ {}}Schneier Analysis\end{tabular}} +\textcolor{gray}{There is no absolutely secure system and security almost never comes for free.} + \begin{itemize} \item What assets are you trying to protect? \item What are the risks to these assets? @@ -278,7 +283,6 @@ \item What costs and trade-offs does the security solution impose? \end{itemize} -\textcolor{gray}{There is no absolutely secure system and security almost never comes for free.} \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -428,10 +432,10 @@ \frametitle{\begin{tabular}{@ {}c@ {}}Security Seals (2)\end{tabular}} \begin{itemize} -\item at the Argonne National Laboratory they tested 244 different security seals (including 19\% -that were used for safeguard of nuclear material) +\item at the Argonne National Laboratory they tested 244 different security seals \begin{itemize} -\item mean time to break the seals for a trained person: 100 s +\item meantime to break the seals for a trained person: 100 s +\item including 19\% that were used for safeguard of nuclear material \end{itemize}\bigskip \item Andrew Appel defeated all security seals which were supposed to keep @@ -470,7 +474,7 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{ \begin{frame}[t] -\frametitle{\begin{tabular}{@ {}c@ {}}Ex: Security Seals\end{tabular}} +\frametitle{\begin{tabular}{@ {}c@ {}}Example: Security Seals\end{tabular}} \begin{itemize} \item<1->What assets are you trying to protect?\\ @@ -511,7 +515,7 @@ Not really. The source code can be reverse engineered, stolen\ldots{}\end{tabular}} \item<4->What other risks does the security solution cause? \only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright You prevent -scrutiny and independent advice. You also more likely than not, +scrutiny and independent advice. You also more likely than not get it wrong.\end{tabular}} \item<5>[]{\bf\large No!} \end{itemize} @@ -643,7 +647,6 @@ \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{ \begin{frame}[t] @@ -689,14 +692,14 @@ \begin{itemize} -\item The Netherlands, between 1997 - 2006 had electronic voting machines\\ -\textcolor{gray}{(it has been found that they could be hacked and emitted radio signals)} +\item The Netherlands between 1997 - 2006 had electronic voting machines\\ +\textcolor{gray}{(hacktivists had found that they could be hacked and emitted radio signals revealing how you voted)} -\item Germany, had been used in pilot studies\\ +\item Germany had used them in pilot studies\\ \textcolor{gray}{(in 2007 a law suit has reached the highest court and it rejected electronic voting on the grounds of not being understandable by the general public)} -\item UK, used optical scan voting systems in a few polls +\item UK used optical scan voting systems in a few polls \end{itemize} \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -708,16 +711,16 @@ \mbox{}\\[-12mm] \begin{itemize} -\item US, used mechanical machines since the 50s, later punch cards, DREs and -optical scan voting machines \textcolor{gray}{(fantastic ``ecosystem'' for research)} +\item US used mechanical machines since the 50s, later punch cards, now DREs and +optical scan voting machines \textcolor{gray}{(fantastic ``ecosystem'' for study)} \item Estonia used in 2007 the world's first Internet vote in national elections (there are earlier pilot studies) -\item India, the biggest democracy uses e-voting devices since at least 2003\\ -\textcolor{gray}{(keep-it-simple machines produced by a government owned company)} +\item India uses e-voting devices since at least 2003\\ +\textcolor{gray}{(``keep-it-simple'' machines produced by a government owned company)} -\item South Africa used software for its tallying in the 1993 elections (Nelson Mandela) -\textcolor{gray}{(they found the software was rigged, but they were able to manually tally)} +\item South Africa used software for its tallying in the 1993 elections (when Nelson Mandela was elected) +\textcolor{gray}{(they found the tallying software was rigged, but they were able to tally manually)} \end{itemize} \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -734,9 +737,12 @@ \item show of hands \item ballots on pieces of pottery \item different colours of stones -\item ``facebook''-like autorisation +\item ``facebook''-like authorisation \end{itemize}\bigskip +\textcolor{gray}{problems with vote buying / no ballot privacy}\bigskip + + \item French Revolution and the US Constitution got things ``started'' with paper ballots (you first had to bring your own, or later were pre-printed by the parties) \end{itemize} @@ -746,6 +752,27 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{ \begin{frame}[t] +\frametitle{\begin{tabular}{@ {}c@ {}}Ballot Boxes\end{tabular}} + +Security policies involved with paper ballots: + +\begin{enumerate} +\item you need to check that the ballot box is empty at the start of the poll / no false bottom (ballot stuffing) +\item you need guard the ballot box during the poll +\item tallied by a team at the end of the poll (you can have observers) +\end{enumerate} + +\begin{center} +\includegraphics[scale=1.5]{pics/ballotbox.jpg} +\end{center} + + +\end{frame}} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\mode{ +\begin{frame}[t] \frametitle{\begin{tabular}{@ {}c@ {}}Paper Ballots\end{tabular}} What can go wrong with paper ballots? @@ -798,6 +825,8 @@ } \end{itemize} + + \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -814,6 +843,80 @@ \end{tabular} \end{center} +\only<1->{ +\begin{textblock}{5.5}(1,4) +DREs +\end{textblock}} +\only<1->{ +\begin{textblock}{5.5}(1,11) +Optical Scan +\end{textblock}} + +\only<2>{ +\begin{textblock}{5.5}(0.5,14.5) +all are computers +\end{textblock}} + +\end{frame}} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\mode{ +\begin{frame}[c] +\frametitle{\begin{tabular}{@ {}c@ {}}DREs\end{tabular}} + +Direct-recording electronic voting machines\\ +(votes are recorded for example memory cards) + +typically touchscreen machines + +usually no papertrail (hard to add: ballot secrecy) + +\begin{center} +\includegraphics[scale=0.56]{pics/dre1.jpg} +\end{center} + + +\end{frame}} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\mode{ +\begin{frame}[c] +\frametitle{\begin{tabular}{@ {}c@ {}}Diebold Machines\end{tabular}} + +The work by J.~Alex Halderman: + +\begin{itemize} +\item acquired a machine from an anonymous source\medskip +\item the source code running the machine was tried to keep secret\medskip\pause + +\item first reversed-engineered the machine (extremely tedious) +\item could completely reboot the machine and even install a virus that infects other Diebold machines +\item obtained also the source code for other machines +\end{itemize} + + +\end{frame}} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\mode{ +\begin{frame}[c] +\frametitle{\begin{tabular}{@ {}c@ {}}Diebold Machines\end{tabular}} + +The work by J.~Alex Halderman: + +\begin{itemize} +\item acquired a machine from an anonymous source\medskip +\item the source code running the machine was tried to keep secret\medskip\pause + +\item first reversed-engineered the machine (extremely tedious) +\item could completely reboot the machine and even install a virus that infects other Diebold machines +\item obtained also the source code for other machines +\end{itemize} + + \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%