authorChristian Urban <>
Tue, 16 Oct 2012 14:42:43 +0100 (2012-10-16)
changeset 49 1d37142ea1ea
parent 48 e1a5d057db96
child 50 33b26c8efa03
Binary file slides04.pdf has changed
--- a/slides04.tex	Tue Oct 16 14:20:20 2012 +0100
+++ b/slides04.tex	Tue Oct 16 14:42:43 2012 +0100
@@ -109,7 +109,7 @@
 \frametitle{Unix-Style Access Control}
-\item Q: ``I am using Windows. Why should I care?'' \\ A: In Windows you have similar groups:
+\item Q: ``I am using Windows. Why should I care?'' \\ A: In Windows you have similar AC:
@@ -125,7 +125,7 @@
 \item Modern versions of Windows have more fine-grained AC than Unix; they do not have a setuid bit, but
 have \texttt{runas} (asks for a password).\pause
-\item OS provided access control can \alert{add} to your
+\item OS-provided access control can \alert{\bf add} to your
@@ -316,7 +316,7 @@
-\frametitle{\begin{tabular}{@ {}c@ {}}Example: Firewall\end{tabular}}
+\frametitle{\begin{tabular}{@ {}c@ {}}Example: Firewalls\end{tabular}}
@@ -330,7 +330,7 @@
-\frametitle{\begin{tabular}{@ {}c@ {}}Example: Firewall\end{tabular}}
+\frametitle{\begin{tabular}{@ {}c@ {}}Example: Firewalls\end{tabular}}
 \item<1->What assets are you trying to protect?\\
@@ -397,7 +397,7 @@
 still possible.\end{tabular}}
 \item<4->What other risks does the security solution cause?
 \only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright Your mobile phone or credit card/pin might 
-be stolen. SIM card become valuable.\end{tabular}}
+be stolen. SIM card becomes more valuable.\end{tabular}}
 \item<5->What costs and trade-offs does the security solution impose?
 Banks need to establish an infrastructure. For you it might be inconvenient.\end{tabular}}
@@ -489,7 +489,7 @@
 \item<5->What costs and trade-offs does the security solution impose?
 The ``hardware'' is cheap, but indirect costs can be quite high.\end{tabular}}
-\item<7>[]{\bf\large No!} {\textcolor{gray}{Though in some areas they work: airport, swimming pool}}
+\item<7>[]{\bf\large No!} {\textcolor{gray}{Though in some areas they work: airports, swimming pools, \ldots}}
@@ -499,23 +499,23 @@
-\frametitle{\begin{tabular}{@ {}c@ {}}Ex: Security by Obscurity\end{tabular}}
+\frametitle{\begin{tabular}{@ {}c@ {}}Ex: Security-by-Obscurity\end{tabular}}
 You might think it is a good idea to keep a security relevant algorithm or 
 software secret.
 \item<1->What assets are you trying to protect?\\
-\only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}source code, an algorithm\end{tabular}}
+\only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}Source code, an algorithm and things that depend on it\end{tabular}}
 \item<2->What are the risks to these assets?\\
 Can be pretty high (Oystercards).\end{tabular}}
 \item<3->How well does the security solution mitigate those risks?\\
-Not really. The source code can be reverse engineered, stolen\ldots{}\end{tabular}}
+Not really. The source code can be reverse engineered, stolen, coerced \ldots{}\end{tabular}}
 \item<4->What other risks does the security solution cause?
 \only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright You prevent
-scrutiny and independent advice. You also more likely than not
+scrutiny and independent advice. You also more likely than not to
 get it wrong.\end{tabular}}
 \item<5>[]{\bf\large No!}
@@ -549,8 +549,8 @@
-\item The outcome matches with the voter intend.
-\item There might be gigantic sums at stake.
+\item The outcome matches with the voters' intend.
+\item There might be gigantic sums at stake and need to be defended against.
@@ -602,7 +602,7 @@
-\item Only authorised voters should be able to vote up to the permitted number of votes.
+\item Authorised voters should have the opportunity to vote.
@@ -627,23 +627,6 @@
-\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered] 
-\item Only authorised voters should be able to vote up to the permitted number of votes.
@@ -693,7 +676,7 @@
 \item The Netherlands between 1997 - 2006 had electronic voting machines\\
-\textcolor{gray}{(hacktivists had found that they could be hacked and emitted radio signals revealing how you voted)}
+\textcolor{gray}{(hacktivists had found: they can be hacked and also emitted radio signals revealing how you voted)}
 \item Germany had used them in pilot studies\\ 
 \textcolor{gray}{(in 2007 a law suit has reached the highest court and it rejected electronic voting
@@ -711,10 +694,11 @@
-\item US used mechanical machines since the 50s, later punch cards, now DREs and 
+\item US used mechanical machines since the 30s, later punch cards, now DREs and 
 optical scan voting machines \textcolor{gray}{(fantastic ``ecosystem'' for study)}
-\item Estonia used in 2007 the world's first Internet vote in national elections (there are earlier pilot studies)
+\item Estonia used in 2007 the Internet for national elections 
+\textcolor{gray}{(there were earlier pilot studies in other countries)}
 \item India uses e-voting devices  since at least 2003\\
 \textcolor{gray}{(``keep-it-simple'' machines produced by a government owned company)}
@@ -744,7 +728,7 @@
 \item French Revolution and the US Constitution got things ``started'' with 
-paper ballots (you first had to bring your own, or later were pre-printed by the parties)
+paper ballots (you first had to bring your own; later they were pre-printed by parties)
@@ -757,9 +741,9 @@
 Security policies involved with paper ballots:
-\item you need to check that the ballot box is empty at the start of the poll / no false bottom (ballot stuffing)
-\item you need guard the ballot box during the poll
-\item tallied by a team at the end of the poll (you can have observers) 
+\item you need to check that the ballot box is empty at the start of the poll / no false bottom (to prevent ballot stuffing)
+\item you need to guard the ballot box during the poll until counting
+\item tallied by a team at the end of the poll (independent observers) 
@@ -963,8 +947,8 @@
 \frametitle{\begin{tabular}{@ {}c@ {}}Lessons to be Learned\end{tabular}}
-\item keep a paper trail and try to keep this secure
-\item make the software open source
+\item keep a paper trail and design your system to keep this secure\medskip
+\item make the software open source (avoid security-by-obscurity))\medskip
 \item have a simple design in order to minimise the attack surface