Mercurial Mercurial > hg > sen-material / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | gz | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
added
authorChristian Urban <christian dot urban at kcl dot ac dot uk>
Tue, 01 Oct 2013 13:15:26 +0100
changeset 108 c3b8432718ed
parent 107 a399727e1600
child 109 b71ce151aba8
added
slides/slides01.pdf file | annotate | diff | comparison | revisions
slides/slides02.pdf file | annotate | diff | comparison | revisions
slides/slides02.tex file | annotate | diff | comparison | revisions 
Binary file slides/slides01.pdf has changed
Binary file slides/slides02.pdf has changed
--- a/slides/slides02.tex	Tue Oct 01 12:59:31 2013 +0100
+++ b/slides/slides02.tex	Tue Oct 01 13:15:26 2013 +0100
@@ -776,6 +776,164 @@
 
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{Unix-Style Access Control}
+
+How to do access control? In Unix you have
+
+\begin{itemize}
+\item you have users and you have groups/roles:
+
+\item some special roles: root
+\end{itemize}
+
+  
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{Unix-Style Access Control}
+
+\begin{itemize}
+\item Q: ``I am using Windows. Why should I care?'' \\ A: In Windows you have similar AC:
+
+\begin{center}
+\begin{tabular}{l}
+administrators group\\ 
+\hspace{5mm}(has complete control over the machine)\\
+authenticated users\\
+server operators\\
+power users\\
+network configuration operators\\
+\end{tabular}
+\end{center}\medskip
+
+\item Modern versions of Windows have more fine-grained AC than Unix; they do not have a setuid bit, but
+have \texttt{runas} (asks for a password).\pause
+
+\item OS-provided access control can \alert{\bf add} to your
+security.
+\end{itemize}
+
+  
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\begin{tabular}{c}Network Applications:\\[-1mm] Privilege Separation\end{tabular}}
+
+
+\begin{center}
+  \begin{tikzpicture}[scale=1]
+  
+  \draw[line width=1mm] (-.3, 0) rectangle (1.5,2);
+  \draw (4.7,1) node {Internet};
+  \draw (-2.7,1.7) node {\footnotesize Application};
+  \draw (0.6,1.7) node {\footnotesize Interface};
+  \draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}};
+  \draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}};
+  
+  \draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2);
+
+  \draw[white] (1.7,1) node (X) {};
+  \draw[white] (3.7,1) node (Y) {};
+  \draw[red, <->, line width = 2mm] (X) -- (Y);
+ 
+  \draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1);
+  \end{tikzpicture}
+\end{center}
+
+\begin{itemize}
+\item the idea is make the attack surface smaller and 
+mitigate the consequences of an attack
+\end{itemize}
+
+
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{Lessons from Access Control}
+
+Not just restricted to Unix:
+
+\begin{itemize}
+\item if you have too many roles (i.e.~too finegrained AC), then 
+	hierarchy is too complex\\
+	\textcolor{gray}{you invite situations like\ldots let's be root}\bigskip
+
+\item you can still abuse the system\ldots
+
+\end{itemize}
+
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\begin{tabular}{@ {}c@ {}}A ``Cron''-Attack\end{tabular}}
+
+The idea is to trick a privileged person to do something on your behalf:
+
+\begin{itemize}
+\item root:\\\texttt{rm /tmp/*/*}\bigskip\bigskip\pause
+
+\footnotesize
+\begin{minipage}{1.1\textwidth}
+\textcolor{gray}{the shell behind the scenes:}\\
+\textcolor{gray}{\texttt{rm /tmp/dir$_1$/file$_1$ /tmp/dir$_1$/file$_2$ /tmp/dir$_2$/file$_1$ \ldots}}\bigskip\\
+
+\textcolor{gray}{this takes time}
+\end{minipage}
+\end{itemize}
+
+
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\begin{tabular}{@ {}c@ {}}A ``Cron''-Attack\end{tabular}}
+
+\begin{enumerate}
+\item attacker \textcolor{gray}{(creates a fake passwd file)}\\ 
+\texttt{mkdir /tmp/a; cat > /tmp/a/passwd}\medskip
+\item root \textcolor{gray}{(does the daily cleaning)}\\
+\texttt{rm /tmp/*/*}\medskip\\
+\hspace{2cm}\textcolor{gray}{\small records that \texttt{/tmp/a/passwd}}\\ 
+\hspace{2cm}\textcolor{gray}{\small should be deleted, but does not do it yet}\medskip\\
+
+\item attacker \textcolor{gray}{(meanwhile deletes the fake passwd file, and establishes a link to 
+the real passwd file)}\\
+\texttt{rm /tmp/a/passwd; rmdir /tmp/a;}\\\texttt{ln -s /etc /tmp/a}\\
+\item root now deletes  the real passwd file
+\end{enumerate}
+
+\only<2>{
+\begin{textblock}{11}(2,5)
+\begin{tikzpicture}
+\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 
+{\normalsize\color{darkgray}
+\begin{minipage}{9cm}\raggedright
+To prevent this kind of attack, you need additional
+policies (don't do such operations as root).
+\end{minipage}};
+\end{tikzpicture}
+\end{textblock}}
+
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
 
 
 \end{document}
sen-material