# HG changeset patch # User Christian Urban # Date 1414021521 -3600 # Node ID 8cf5450bb2aadec152c8920fdb202f716eb96c1c # Parent 9bc912fcedb61f604cdc2d0bf94e77901a208b38 added plot diff -r 9bc912fcedb6 -r 8cf5450bb2aa graphics.sty --- a/graphics.sty Wed Oct 22 23:38:02 2014 +0100 +++ b/graphics.sty Thu Oct 23 00:45:21 2014 +0100 @@ -3,6 +3,7 @@ \usetikzlibrary{positioning} \usetikzlibrary{calc} \usepackage{graphicx} +\usepackage{pgfplots} \newenvironment{bubble}[1][]{% \begin{tikzpicture}% diff -r 9bc912fcedb6 -r 8cf5450bb2aa handouts/ho02.pdf Binary file handouts/ho02.pdf has changed diff -r 9bc912fcedb6 -r 8cf5450bb2aa handouts/ho03.pdf Binary file handouts/ho03.pdf has changed diff -r 9bc912fcedb6 -r 8cf5450bb2aa handouts/ho03.tex --- a/handouts/ho03.tex Wed Oct 22 23:38:02 2014 +0100 +++ b/handouts/ho03.tex Thu Oct 23 00:45:21 2014 +0100 @@ -1,35 +1,14 @@ \documentclass{article} \usepackage{../style} \usepackage{../langs} +\usepackage{../graphics} +\usepackage{../data} \usetikzlibrary{patterns,decorations.pathreplacing} \begin{document} \section*{Handout 3 (Buffer Overflow Attacks)} -\begin{center} -\begin{tikzpicture} -\begin{axis}[xlabel={\pcode{a}s},ylabel={time in secs}, - enlargelimits=false, - xtick={0,5,...,30}, - xmax=30, - ymax=35, - ytick={0,5,...,30}, - scaled ticks=false, - axis lines=left, - width=5cm, - height=5cm, - legend entries={Python,Ruby}, - legend pos=north west, - legend cell align=left] -\addplot[blue,mark=*, mark options={fill=white}] - table {re-python.data}; -\addplot[brown,mark=pentagon*, mark options={fill=white}] - table {re-ruby.data}; -\end{axis} -\end{tikzpicture} -\end{center} - By far the most popular attack method on computers are buffer overflow attacks or variations thereof. The first Internet worm (Morris) exploited exactly such an attack. The popularity @@ -37,7 +16,32 @@ prevent them effectively. But these kind of attacks are still very relevant even today since there are many legacy systems out there and also many modern embedded systems often do not -take any precautions to prevent such attacks. +take any precautions to prevent such attacks. The plot below shows +the percentage of buffer overflow attacks w.r.t.~all attacks. +The data is taken from the US National Vulnerability Database. + +\begin{center} +\begin{tikzpicture} +\begin{axis}[ + xlabel={year}, + ylabel={\% of total attacks}, + enlargelimits=false, + xtick={1997,1999,...,2014}, + xmax=2015, + ymax=20, + ytick={0,2,...,20}, + scaled ticks=false, + axis lines=left, + width=9cm, + height=5cm, + ybar, + x tick label style={font=\footnotesize}] +\addplot + table [x=Year,y=Percentage] {bufferoverflows.data}; +\end{axis} +\end{tikzpicture} +\end{center} + To understand how buffer overflow attacks work, we have to have a look at how computers work ``under the hood'' (on the