# HG changeset patch # User Christian Urban # Date 1417521176 0 # Node ID f652d17db871b2c1bb3d37a02d3c8fb83ba41280 # Parent 54ec490a30423adc35598bed781bd824ece89666 update diff -r 54ec490a3042 -r f652d17db871 slides/slides10.pdf Binary file slides/slides10.pdf has changed diff -r 54ec490a3042 -r f652d17db871 slides/slides10.tex --- a/slides/slides10.tex Tue Dec 02 11:47:22 2014 +0000 +++ b/slides/slides10.tex Tue Dec 02 11:52:56 2014 +0000 @@ -2,6 +2,8 @@ \usepackage{../slides} \usepackage{../langs} \usepackage{../graphics} +\usepackage{../data} +\usepackage{../grammar} % beamer stuff \renewcommand{\slidecaption}{APP 10, King's College London} @@ -10,8 +12,7 @@ \begin{document} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}<1>[t] +\begin{frame}[t] \frametitle{% \begin{tabular}{@ {}c@ {}} \\ @@ -19,11 +20,7 @@ \LARGE Privacy Policies (10)\\[-6mm] \end{tabular}}\bigskip\bigskip\bigskip - %\begin{center} - %\includegraphics[scale=1.3]{pics/barrier.jpg} - %\end{center} - -\normalsize + \normalsize \begin{center} \begin{tabular}{ll} Email: & christian.urban at kcl.ac.uk\\ @@ -32,62 +29,164 @@ \end{tabular} \end{center} -\end{frame}} - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ \begin{frame}[c] -\frametitle{\mbox{}\\[20mm]\huge Revision} +\frametitle{\mbox{}\\[20mm]\Huge Revision} -\end{frame}} +\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{Security Engineering} + + \begin{center} + \begin{tabular}{cc} + \raisebox{-0.8mm}{\includegraphics[scale=0.28]{../pics/flight.jpg}} & + \includegraphics[scale=0.31]{../pics/airbus.jpg}\\ + \small Wright brothers, 1901 & \small Airbus, 2005 \\ + \end{tabular} + \end{center} + + \end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ \begin{frame}[c] \frametitle{1st Lecture} \begin{itemize} -\item hashes and salts to guaranty data integrity\bigskip -\item storing passwords (brute force attacks and dictionary attacks) +\item chip-and-pin, banks vs.~customers +\begin{quote}\small\rm + the one who can improve security should also be + liable for the losses +\end{quote}\pause\bigskip + +\item hashes and salts to guarantee data integrity\medskip +\item storing passwords (you should know the difference between +brute force attacks and dictionary attacks; how do salts help?) \end{itemize} +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\end{frame}} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{1st Lecture: Cookies} + +\begin{itemize} +\item good uses of cookies?\medskip + +\item bad uses of cookies: snooping, tracking, profiling\ldots + the ``disadvantage'' is that the user is in + \alert{control}, because you can delete them + + \begin{center} ``Please track me using cookies.'' + \end{center}\bigskip\pause + +\item fingerprinting beyond browser cookies + \begin{quote}\small\rm + Pixel Perfect: Fingerprinting Canvas in HTML5\\ + (a research paper from 2012)\\ + \footnotesize + \url{http://cseweb.ucsd.edu/~hovav/papers/ms12.html} + \end{quote} +\end{itemize} + +\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[fragile,t] -\frametitle{\begin{tabular}{c}2nd Lecture:\\ E-Voting\end{tabular}} +\begin{frame}[c] +\frametitle{1st Lecture: Cookies} + +\begin{itemize} +\item a bit of JavaScript and HTML5 + canvas\medskip +\begin{center} +\begin{tabular}{cc} +Firefox & Safari\\ +\includegraphics[scale=0.31]{../pics/firefox1.png} & +\includegraphics[scale=0.31]{../pics/safari1.png} \\ +\tiny +\pcode{55b2257ad0f20ecbf927fb66a15c61981f7ed8fc} & +\tiny +\pcode{17bc79f8111e345f572a4f87d6cd780b445625d3} +\end{tabular} +\end{center}\bigskip + +\item\small no actual drawing needed\pause +\item\small in May 2014 a crawl of 100,000 popular +webpages revealed 5.5\% already use canvas +fingerprinting\smallskip +\begin{center}\scriptsize +\url{https://securehomes.esat.kuleuven.be/~gacar/persistent/the_web_never_forgets.pdf} +\end{center} +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{1st Lecture: Cookies} + +Remember the small web-app I showed where a cookie +protected a counter\bigskip + +\begin{itemize} +\item NYT, the cookie looks the ``resource'' - harm\medskip +\item imaginary discount unlocked by cookie - no harm +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[t] +\frametitle{2nd Lecture: E-Voting} + +Where are paper ballots better than voice voting?\bigskip \begin{itemize} \item Integrity -\item Ballot Secrecy +\item \alert{Ballot Secrecy} \item Voter Authentication \item Enfranchisement \item Availability \end{itemize} - - \end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[fragile,t] -\frametitle{\begin{tabular}{c}2nd Lecture:\\ E-Voting\end{tabular}} - -Online Banking vs.~E-Voting +\begin{frame}[t] +\frametitle{2nd Lecture: E-Voting} \begin{itemize} -\item online banking: if fraud occurred you try to identify who did what (somebody's account got zero)\bigskip -\item e-voting: some parts can be done electronically, but not the actual voting (final year project: online voting) +\item (two weeks ago) an Australian parliamentary committee +found: e-voting is highly vulnerable to hacking and Australia +will not use it any time soon\bigskip\pause +\item Alex Halderman, Washington D.C.~hack +\begin{center} +\scriptsize +\url{https://jhalderm.com/pub/papers/dcvoting-fc12.pdf} +\end{center}\medskip + +\item PDF-ballot tampering at the wireless router (the modification +is nearly undetectable and leaves no traces; MITM attack with firmware +updating) +\begin{center} +\scriptsize +\url{http://galois.com/wp-content/uploads/2014/11/technical-hack-a-pdf.pdf} +\end{center} + \end{itemize} - - \end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -97,7 +196,6 @@ \alt<#1>{\pgfkeysalso{#2}}{\pgfkeysalso{#3}} % \pgfkeysalso doesn't change the path }} -\mode{ \begin{frame}[t] \frametitle{\begin{tabular}{c}3rd Lecture:\\ Buffer Overflow Attacks\end{tabular}} @@ -133,27 +231,27 @@ \draw[line width=1mm] (7,3.5) -- (7,0.5) -- (8.5,0.5) -- (8.5,3.5); \onslide<3,4,7,8>{ -\node at (7.75, 0.8) {ret}; +\node at (7.75, 1.4) {ret}; \draw[line width=1mm] (7,1.1) -- (8.5,1.1); +\node at (7.75, 2.0) {sp}; +\draw[line width=1mm] (7,2.3) -- (8.5,2.3); } -\onslide<3>{ -\node at (7.75, 1.4) {4}; +\onslide<3,4>{ +\node at (7.75, 0.8) {4}; \draw[line width=1mm] (7,1.7) -- (8.5,1.7); } -\onslide<7>{ -\node at (7.75, 1.4) {3}; +\onslide<7,8>{ +\node at (7.75, 0.8) {3}; \draw[line width=1mm] (7,1.7) -- (8.5,1.7); } - - \end{tikzpicture} \end{center} -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ +\end{frame} + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[t] \begin{center} @@ -180,13 +278,14 @@ \onslide<8->{\draw[<-, line width=1mm,red] (1,-2) to (3,1);} \node at (7.75,3.9) {\small\begin{tabular}{l}stack\end{tabular}}; -\draw[line width=1mm] (7,3.5) -- (7,0.5) -- (8.5,0.5) -- (8.5,3.5); +\draw[line width=1mm] (7,3.5) -- (7,-0.1) -- (8.5,-0.1) -- (8.5,3.5); \onslide<3->{ +\node at (7.75, 0.2) {4}; \draw[line width=1mm,alt=<6->{fill=red}{fill=white}] (7,0.5) rectangle (8.5,1.1); \node at (7.75, 0.8) {\alt<6->{@a\#}{ret}}; \draw[line width=1mm,alt=<6->{fill=red}{fill=white}] (7,1.1) rectangle (8.5,1.7); -\node at (7.75, 1.4) {\alt<6->{!?w;}4}; +\node at (7.75, 1.4) {\alt<6->{!?w;}sp}; } \onslide<4->{ @@ -197,13 +296,54 @@ \end{tikzpicture} \end{center} -\end{frame}} +\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ \begin{frame}[t] -\frametitle{\begin{tabular}{c}3rd Lecture:\\ Unix Access Control\end{tabular}} +\frametitle{\begin{tabular}{c}3rd Lecture:\\[-3mm] +Buffer Overflow Attacks\end{tabular}} + +US National Vulnerability Database\\ +\small(636 out of 6675 in 2014) + +\begin{center} +\begin{tikzpicture} +\begin{axis}[ + xlabel={year}, + ylabel={\% of total attacks}, + ylabel style={yshift=0em}, + enlargelimits=false, + xtick={1997,1998,2000,...,2014}, + xmin=1996.5, + xmax=2015, + ymax=21, + ytick={0,5,...,20}, + scaled ticks=false, + axis lines=left, + width=11cm, + height=5cm, + ybar, + nodes near coords= + {\footnotesize + $\pgfmathprintnumber[fixed,fixed zerofill,precision=1,use comma]{\pgfkeysvalueof{/data point/y}}$}, + x tick label style={font=\scriptsize,/pgf/number format/1000 sep={}}] +\addplot + table [x=Year,y=Percentage] {bufferoverflows.data}; +\end{axis} +\end{tikzpicture} +\end{center} + +\scriptsize +\url{http://web.nvd.nist.gov/view/vuln/statistics} +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[t] +\frametitle{\begin{tabular}{c}4rd Lecture:\\ Unix Access Control\end{tabular}} \begin{itemize} \item privileges are specified by file access permissions (``everything is a file'') @@ -230,32 +370,32 @@ \end{center} \begin{itemize} -\item the idea is make the attack surface smaller and +\item the idea is to make the attack surface smaller and mitigate the consequences of an attack \end{itemize} -\end{frame}} +\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[fragile,t] -\frametitle{\begin{tabular}{c}3rd Lecture:\\ Unix Access Control\end{tabular}} +\frametitle{\begin{tabular}{c}4rd Lecture:\\ Unix Access Control\end{tabular}} \begin{itemize} \item when a file with setuid is executed, the resulting process will assume the UID given to the owner of the file \end{itemize} -\small\tt +\footnotesize\tt \begin{center} \begin{verbatim} $ ls -ld . * */* drwxr-xr-x 1 ping staff 32768 Apr 2 2010 . -rw----r-- 1 ping students 31359 Jul 24 2011 manual.txt --r--rw--w- 1 bob students 4359 Jul 24 2011 report.txt --rwsr--r-x 1 bob students 141359 Jun 1 2013 microedit -dr--r-xr-x 1 bob staff 32768 Jul 23 2011 src --rw-r--r-- 1 bob staff 81359 Feb 28 2012 src/code.c +-r--rw--w- 1 bob students 4359 Jul 24 2011 report.txt +-rwsr--r-x 1 bob students 141359 Jun 1 2013 microedit +dr--r-xr-x 1 bob staff 32768 Jul 23 2011 src +-rw-r--r-- 1 bob staff 81359 Feb 28 2012 src/code.c -r--rw---- 1 emma students 959 Jan 23 2012 src/code.h \end{verbatim} \end{center} @@ -265,12 +405,186 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[c] -\frametitle{\begin{tabular}{c}8th Lecture: Privacy\end{tabular}} +\begin{frame}[t] +\frametitle{\begin{tabular}{c}4rd Lecture:\\ Unix Access Control\end{tabular}} \begin{itemize} -\item differential privacy for annonymizing research data +\item Alice wants to have her files readable, +\alert{except} for her office mates. +\end{itemize} + + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{5rd Lecture: Protocols} + +Simple Challenge Response\\ +(solving the replay problem): + +\begin{center} +\begin{tabular}{lll} +\bl{$A \rightarrow B:$} & \bl{Hi I am A}\\ +\bl{$B \rightarrow A:$} & \bl{$N$} & (challenge)\\ +\bl{$A \rightarrow B:$} & \bl{$\{N\}_{K_{AB}}$}\\ +\end{tabular} +\end{center}\pause + +Mutual Challenge Response: + +\begin{center} +\begin{tabular}{ll} +\bl{$A \rightarrow B:$} & \bl{$N_A$}\\ +\bl{$B \rightarrow A:$} & \bl{$\{N_A, N_B\}_{K_{AB}}$}\\ +\bl{$A \rightarrow B:$} & \bl{$N_B$}\\ +\end{tabular} +\end{center} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{5rd Lecture: Protocols} + +A car-transponder protocol: + +\begin{enumerate} +\item \bl{$C$} generates a random number \bl{$N$} +\item \bl{$C$} calculates \bl{$(F,G) = \{N\}_K$} +\item \bl{$C \to T$}: \bl{$N, F$} +\item \bl{$T$} calculates \bl{$(F',G') = \{N\}_K$} +\item \bl{$T$} checks that \bl{$F = F'$} +\item \bl{$T \to C$}: \bl{$N, G'$} +\item \bl{$C$} checks that \bl{$G = G'$} +\end{enumerate} + +Authentication: \bl{$T \to C$}, \bl{$C \to T$}? +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{5rd Lecture: Protocols} + +The interlock protocol (``best bet'' against MITM): + +\begin{center} +\begin{tabular}{ll@{\hspace{2mm}}l} +1. & \bl{$A \to B :$} & \bl{$K^{pub}_A$}\\ +2. & \bl{$B \to A :$} & \bl{$K^{pub}_B$}\\ +3. & & \bl{$\{A,m\}_{K^{pub}_B} \;\mapsto\; H_1,H_2$}\\ + & & \bl{$\{B,m'\}_{K^{pub}_A} \;\mapsto\; M_1,M_2$}\\ +4. & \bl{$A \to B :$} & \bl{$H_1$}\\ +5. & \bl{$B \to A :$} & \bl{$\{H_1, M_1\}_{K^{pub}_A}$}\\ +6. & \bl{$A \to B :$} & \bl{$\{H_2, M_1\}_{K^{pub}_B}$}\\ +7. & \bl{$B \to A :$} & \bl{$M_2$} +\end{tabular} +\end{center}\pause + +\footnotesize +\bl{$m$} = How is your grandmother? \bl{$m'$} = How is the +weather today in London? + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{Access Control Logic} + +Ross Anderson about the use of Logic:\bigskip + +\begin{quote}\rm +``Formal methods can be an excellent way of finding +bugs in security protocol designs as they force the designer +to make everything explicit and thus confront difficult design +choices that might otherwise be fudged.'' +\end{quote} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + \begin{frame}[t] + \frametitle{Access Control Logic} + + \begin{center} + \begin{tabular}[t]{rcl@ {\hspace{10mm}}l} + \bl{$F$} & \bl{$::=$} & \bl{$\textit{true}$}\\ + & \bl{$|$} & \bl{$\textit{false}$}\\ + & \bl{$|$} & \bl{$a(t_1,\ldots,t_n)$}\\ + & \bl{$|$} & \bl{$F_1 \wedge F_2$}\\ + & \bl{$|$} & \bl{$F_1 \vee F_2$}\\ + & \bl{$|$} & \bl{$F_1 \Rightarrow F_2$}\\ + & \bl{$|$} & \alert{$P\;\textit{says}\; F$}\\ + \end{tabular} + \end{center} + + where \bl{$P = Alice, Bob, Christian$} + + \begin{itemize} + \item \bl{$HoD\;\textit{says}\;\textit{is\_staff}(Christian)$} + \end{itemize} + \end{frame} + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + \begin{frame}[t] + \frametitle{Access Control Logic} + +\ldots can be used for answering the following questions: \begin{itemize} \item To what conclusions does this protocol come? \item What assumptions are needed for this protocol? \item Does the protocol uses unnecessary actions, which can be left out? +\item Does the protocol encrypt anything which could be sent in plain, without weakening the security? +\end{itemize} + +\end{frame} + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{5th Lecture: Protocols} + +An article in The Guardian from 2013 reveals how GCHQ and the +NSA at a G20 Summit in 2009 sniffed emails from Internet +cafes, monitored phone calls from delegates and attempted to +listen on phone calls which were made by Russians and which +were transmitted via satellite links: + +\begin{center} +\small +\url{http://www.theguardian.com/uk/2013/jun/16/gchq-intercepted-communications-g20-summits} +\end{center} + +\end{frame} + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[fragile,c] +\frametitle{6th Lecture:\\[-2mm] Zero-Knowledge Proofs} + +\begin{center} +%\addtolength{\fboxsep}{4mm} +%\fbox{\includegraphics[scale=0.3] +%{../pics/Dismantling_Megamos_Crypto.png}} +\end{center} + +\end{frame} + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{7th Lecture: Privacy} + + +\begin{itemize} +\item de-anonymisation attacks\\ (Netflix, DNA databases, \ldots) +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{7th Lecture: Privacy} + +\begin{itemize} +\item differential privacy for anonymising research data \begin{center} User\;\;\;\; @@ -289,30 +603,107 @@ \item The intuition: whatever is learned from the dataset would be learned regardless of whether \bl{$x_i$} participates\bigskip\pause -\item Tor webservice \end{itemize} +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\end{frame}} + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{8th Lecture: Bitcoins} + + +\begin{itemize} +\item conclusion: not anonymous, not free from (potential) government + interference\bigskip\bigskip + +\item The department has large labs full + of computers that are pretty much idle over night. Why + is it a bad idea to let them mine for Bitcoins?\bigskip\pause + +\item other cryptocurrencies (Litecoins,\ldots) +\begin{center}\small +\url{http://en.wikipedia.org/wiki/Cryptocurrency} +\end{center} +\end{itemize} + +\end{frame} + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{9th Lecture: Static Analysis} + +\begin{itemize} +\item more principled way of writing software +\item testing can show the presence of bugs, but not their +absence\bigskip + +\item ``A good attack is one that the engineers never even thought +about.'' ---Bruce Schneier +\end{itemize} + +\begin{center} + \includegraphics[scale=1]{../pics/barrier.jpg} +\end{center} + +\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ \begin{frame}[c] -\frametitle{\begin{tabular}{c}9th Lecture:\\ Privacy\end{tabular}} +\frametitle{9th Lecture} + +\begin{itemize} +\item model checking\medskip +\item program logics (Hoare logics, separation logic)\medskip +\item specifications / correctness proofs +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{Further Reading} \begin{itemize} -\item zero-knowledge proofs -\item requires NP problems, for example graph isomorphisms\bigskip\pause -\item random number generators +\item Risks mailing list +\begin{center}\small +\url{http://catless.ncl.ac.uk/Risks} +\end{center} +\item Crypto-Gram +\begin{center}\small +\url{https://www.schneier.com/crypto-gram.html} +\end{center} +\item Light blue touchpaper +\begin{center}\small +\url{https://www.lightbluetouchpaper.org} +\end{center} + \end{itemize} - -\end{frame}} +\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] + +\begin{itemize} +\item you can still send me your hws\bigskip +\item projects +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + + + \end{document} + %%% Local Variables: %%% mode: latex %%% TeX-master: t