# HG changeset patch # User Christian Urban # Date 1476833558 -3600 # Node ID a7a7d6b0150bd7ea55d55712bbf5257eca13e17c # Parent ab31912a3b65eabf6972eac9a5a2c8935615ddb4 updated diff -r ab31912a3b65 -r a7a7d6b0150b slides/slides04.pdf Binary file slides/slides04.pdf has changed diff -r ab31912a3b65 -r a7a7d6b0150b slides/slides04.tex --- a/slides/slides04.tex Mon Oct 17 13:40:45 2016 +0100 +++ b/slides/slides04.tex Wed Oct 19 00:32:38 2016 +0100 @@ -45,8 +45,10 @@ \end{center} \begin{itemize} -\item no ``cheating'' needed for format string attacks -\item the main point: no cheating to start with +%\item no ``cheating'' needed for format string attacks +\item required some cheating on modern OS +\item the main point: no cheating in practice\pause +\item one class of attacks not mentioned last week \end{itemize} \end{frame} @@ -54,19 +56,35 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] +\frametitle{Format String Vulnerability} + +\small +\texttt{string} is nowhere used:\bigskip + +{\footnotesize\lstinputlisting[language=C]{../progs/C4.c}}\bigskip + +this vulnerability can be used to read out the stack and even +modify it + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] \frametitle{Case-In-Point: Android} \begin{itemize} \item a list of common Android vulnerabilities -(5 BOAs out of 35 vulnerabilities; all from 2013 and later) +(5 BOAs out of 35 vulnerabilities; all from 2013 and later): \begin{center} \url{http://androidvulnerabilities.org/} \end{center}\bigskip -\item a paper that attempts measures security of Android phones +\item a paper that attempts to measure the security of Android phones: -\begin{quote}\small\rm ``We find that on average 87.7\% of Android +\begin{quote}\small\it ``We find that on average 87.7\% of Android devices are exposed to at least one of 11 known critical vulnerabilities\ldots'' \end{quote} @@ -82,29 +100,27 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] - -A student asked: +%\begin{frame}[c] +% +%A student asked: +% +%\begin{bubble}[10cm]\small How do we implement BOAs? On a +%webpage login, for example Facebook, we can't do this. +%I am sure the script will stop us even before we reach the +%server. The +%script will not let us enter hexadecimal numbers where email +%or username is required and plus it will have a max length, +%like 32 characters only. In this case, what can we do, since +%the method you showed us wouldn't work? +%\end{bubble}\bigskip\bigskip\pause -\begin{bubble}[10cm]\small How do we implement BOAs? On a -webpage login, for example Facebook, we can't do this. -I am sure the script will stop us even before we reach the -server. The -script will not let us enter hexadecimal numbers where email -or username is required and plus it will have a max length, -like 32 characters only. In this case, what can we do, since -the method you showed us wouldn't work? -\end{bubble}\bigskip\bigskip\pause - -\begin{itemize} -\item Facebook no -\item printers, routers, cars, IoT etc likely\pause -\item I do not want to teach you hacking, rather defending -\end{itemize} - - - -\end{frame} +%\begin{itemize} +%\item Facebook no +%\item printers, routers, cars, IoT etc likely\pause +%\item I do not want to teach you hacking, rather defending +%\end{itemize} +% +%\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -115,22 +131,22 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] - -\begin{center} -\includegraphics[scale=0.45]{../pics/trainwreck.jpg}\\ -last week: buffer overflow attacks -\end{center} - -\end{frame} +%\begin{frame}[c] +% +%\begin{center} +%\includegraphics[scale=0.45]{../pics/trainwreck.jpg}\\ +%last week: buffer overflow attacks +%\end{center} +% +%\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] -\frametitle{\begin{tabular}{c}Two General Counter\\[-1mm] - Measures against BOAs etc\end{tabular}} +\frametitle{\begin{tabular}{c}\LARGE Two General Counter\\[-1mm] + \LARGE Measures against BOAs etc\end{tabular}} -Both try to reduce the attack surface:\bigskip +Both try to reduce the attack surface (trusted computing base):\bigskip \begin{itemize} \item \alert{\bf unikernels} -- the idea is to not have @@ -346,8 +362,8 @@ \begin{tikzpicture} \draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] {\begin{minipage}{8cm} -Only failure makes us experts. - -- Theo de Raadt (OpenBSD, OpenSSH) +Only failure makes us experts.\\ +\hfill\small-- Theo de Raadt (OpenBSD, OpenSSH) \end{minipage}}; \end{tikzpicture} \end{textblock}} @@ -831,9 +847,9 @@ \begin{itemize} \item good example of a bad protocol\\ (security by obscurity)\bigskip - \item<3-> ``Breaching security on Oyster cards should not + \item<3-> {\it``Breaching security on Oyster cards should not allow unauthorised use for more than a day, as TfL promises to turn - off any cloned cards within 24 hours\ldots'' + off any cloned cards within 24 hours\ldots''} \end{itemize} \only<2>{ diff -r ab31912a3b65 -r a7a7d6b0150b slides/survey-16.pdf Binary file slides/survey-16.pdf has changed diff -r ab31912a3b65 -r a7a7d6b0150b slides/survey-16.tex --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/slides/survey-16.tex Wed Oct 19 00:32:38 2016 +0100 @@ -0,0 +1,82 @@ +\documentclass[dvipsnames,14pt,t]{beamer} +\usepackage{../slides} + +% beamer stuff +\renewcommand{\slidecaption}{SEN 14, King's College London} +\newcommand{\bl}[1]{\textcolor{blue}{#1}} + +\begin{document} + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{Survey: Thanks! (1)} +\small + +\begin{center} +\begin{tabular}{@{}cc@{}} +\includegraphics[scale=0.24]{../pics/survey01.pdf}& +\includegraphics[scale=0.24]{../pics/survey02.pdf} +\end{tabular} +\end{center} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{Survey: Thanks! (2)} +\small + +\begin{center} +\begin{tabular}{@{}cc@{}} +\includegraphics[scale=0.24]{../pics/survey03.pdf}& +\includegraphics[scale=0.24]{../pics/survey05.pdf} +\end{tabular} +\end{center} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{Survey: Thanks! (3)} +\small + +\begin{center} +\begin{tabular}{@{}cc@{}} +\includegraphics[scale=0.24]{../pics/survey06.pdf}& +\includegraphics[scale=0.24]{../pics/survey08.pdf} +\end{tabular} +\end{center} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{Survey: Thanks Also!} +\small + +\begin{itemize} +\item {\bf Code} ``I can't get the code part'' +\item {\bf Hard} ``A little bit hard for me to understand all.'' +\item {\bf Homework} ``You should give more clear solutions to the submitted + homework'' +\item {\bf Q} Has made the objectives of the module clear?\\ + {\bf A} ``I would like to know'' +\item {\bf Voice} ``The lecturer speaks too slow'' +\item {\bf KEATS} ``Not able to access KEATS. Only for this module.'' +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + +\end{document} + + +%%% Local Variables: +%%% mode: latex +%%% TeX-master: t +%%% End: +