updated
authorChristian Urban <christian dot urban at kcl dot ac dot uk>
Tue, 14 Oct 2014 12:21:10 +0100 (2014-10-14)
changeset 243 dd94cbf9eba7
parent 242 ced8b6208e36
child 244 9fc6ec22ad82
updated
slides/slides04.pdf
slides/slides04.tex
slides/slides05.tex
Binary file slides/slides04.pdf has changed
--- a/slides/slides04.tex	Tue Oct 14 06:21:07 2014 +0100
+++ b/slides/slides04.tex	Tue Oct 14 12:21:10 2014 +0100
@@ -39,6 +39,28 @@
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
+\frametitle{Survey: Thanks!}
+\small
+
+\begin{itemize}
+\item ``Would be good, if you provide more detailed explanations. I feel 
+your slides are not as structured as they could be.''
+\item Please consider reference book chapters to cover core subject
+areas.''\pause
+\item ``The homework questions don't come directly from the 
+slides. So must go look things up.''
+\item ``Could you please put the homework answers online, perhaps
+just before the exam. That's late enough where we should have done
+it and if not, we're screwed already then.''
+\item ``Could you provide a brief basic answers to sheets for reference
+and not to be relied on.''
+\end{itemize}
+  
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
 
 \begin{center}
 \includegraphics[scale=0.45]{../pics/trainwreck.jpg}\\
@@ -56,7 +78,7 @@
 As a proof-of-concept, the following URL allows 
 attackers to control the return value saved on 
 the stack (the vulnerability is triggered when
-executing "/usr/sbin/widget"):
+executing \pcode{"/usr/sbin/widget"}):
 
 \begin{center}\footnotesize 
 \pcode{curl http://<target ip>/post_login.xml?hash=AAA...AAABBBB}
@@ -71,10 +93,10 @@
 \begin{tabular}{@{}ll}
 Discovery date: & 06/03/2013\\
 Release date:   & 02/08/2013
-\end{tabular}
+\end{tabular}\bigskip
 
 
-
+\footnotesize
 \hfill\url{http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt} 
 \end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
@@ -93,7 +115,7 @@
 
 You will laugh: it is 
 
-\begin{center}
+\begin{center}\large
 \pcode{xmlset_roodkcableoj28840ybtide}
 \end{center}
 \end{quote}\bigskip\bigskip
@@ -119,7 +141,7 @@
 \begin{itemize}
 \item Put an executable file named \pcode{update} with non-root owner in /tmp (not
 mounted noexec, obviously)
-\item Run chkrootkit (as uid 0)
+\item Run chkrootkit (as uid \pcode{0})
 \end{itemize}
 
 Result: The file \pcode{/tmp/update} will be executed as root, thus effectively
@@ -142,13 +164,16 @@
 
 \begin{itemize}
 \item access control provided by the OS
-\item authenticate principals (login)
-\item mediate access to files, ports, processes according to \alert{roles} (user ids)\\
-\item roles get attached with privileges\bigskip\\%
+\item authenticate principals
+\item mediate access to files, ports, processes etc according to
+  \alert{roles} (user ids)\\
+\item roles get attached with privileges\bigskip\\
+
 \hspace{8mm}
 \begin{bubble}[8cm]
 \alert{principle of least privilege:}\\
-users and programs should only have as much privilege as they need 
+users and programs should only have as much privilege as they need to
+accomplish a task
 \end{bubble}
 \end{itemize}
 
@@ -194,7 +219,7 @@
 
 \item non-root users are not allowed to change the UID --- would break 
 access control
-\item but needed for example for \texttt{passwd}
+\item but needed for example for accessing \texttt{passwd}
 \end{itemize}
 
 \end{frame}
@@ -205,11 +230,11 @@
 \frametitle{Setuid and Setgid}
 
 The solution is that Unix file permissions are 9 + \underline{2 Bits}:
-\alert{Setuid} and \alert{Setgid} Bits
+\alert{Setuid} and \alert{Setgid} bits
 
 \begin{itemize}
 \item When a file with setuid is executed, the resulting process will
-  assume the UID given to the owner of the file.
+  assume the UID given to the \underline{owner} of the file.
 \item This enables users to create processes as root (or another
   user).\bigskip
 
@@ -225,19 +250,17 @@
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
-\frametitle{Access Control}
+\frametitle{\Large Discretionary Access Control}
 
 \begin{itemize}
-\item \bl{Discretionary Access Control:}\mbox{}\medskip\\
+\item Access to objects (files, directories, devices, etc.) is
+permitted based on user identity. Each object is owned by a
+user. Owners can specify freely (at their discretion) how they want to
+share their objects with other users, by specifying which other users
+can have which form of access to their objects.\medskip
 
-\small Access to objects (files, directories, devices, etc.) is permitted 
-based on user identity. Each object is owned by a user. Owners can 
-specify freely (at their discretion) how they want to share their objects 
-with other users, by specifying which other users can have which 
-form of access to their objects.\medskip
-
-Discretionary access control is implemented on any multi-user OS 
-(Unix, Windows NT, etc.).
+\item Discretionary access control is implemented on any modern multi-user
+OS (Unix, Windows NT, etc.).
 \end{itemize}
 
 \end{frame}
@@ -245,20 +268,19 @@
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
-\frametitle{Access Control}
+\frametitle{\Large Mandatory Access Control}
 
 \begin{itemize}
-\item \bl{Mandatory Access Control:}\mbox{}\medskip\\
+\item Access to objects is controlled by a system-wide policy, for
+  example to prevent certain flows of information. In some forms, the
+  system maintains security labels for both objects and subjects
+  (processes, users) based on which access is granted or
+  denied. Labels can change as the result of an access. Security
+  policies are enforced without the cooperation of users or
+  programs.\medskip
 
-\small Access to objects is controlled by a system-wide policy, for example 
-to prevent certain flows of information. In some forms, the system maintains 
-security labels for both objects and subjects (processes, users), based on 
-which access is granted or denied. Labels can change as the result of an 
-access. Security policies are enforced without the cooperation of users or 
-application programs.\medskip
-
-This is implemented today in special military operating system versions
-(SELinux).
+\item This is implemented in banking or military operating system 
+  versions (SELinux).
 \end{itemize}
 
 \end{frame}
@@ -268,15 +290,15 @@
 \begin{frame}[c]
 \frametitle{\Large Discretionary Access Control}
 
-In its most generic form usually given by an Access Control Matrix 
-of the form
+In its most generic form usually given by an \alert{Access Control
+  Matrix} of the form
 
 \begin{center}
 \begin{tabular}{r|c|c|c}
-                 & /mail/jane & edit.exe & sendmail \\\hline
+                 & /mail/jane & edit.exe & postfix \\\hline
 jane          & r, w & r, x & r, x\\\hline
 john          & $\varnothing$ & r, w, x&  r, x\\\hline
-sendmail  & a & $\varnothing$ &  r, x\\
+postfix  & a & $\varnothing$ &  r, x\\
 \end{tabular}
 \end{center}
 
@@ -288,13 +310,13 @@
 \begin{frame}[c]
 \small
 
-\lstinputlisting[numbers=none,xleftmargin=-6mm]{lst}
+\lstinputlisting[language={},numbers=none,xleftmargin=-6mm]{lst}
 
 
 \begin{center}
-\begin{tabular}{ll}
-Members of group staff: & ping, bob, emma\\ 
-Members of group students: & emma\\
+\begin{tabular}{@{\hspace{-24mm}}ll}
+members of group staff: & ping, bob, emma\\ 
+members of group students: & emma\\
 \end{tabular}
 \end{center}
 
@@ -321,11 +343,11 @@
   by system policies.
 
 \item Mandatory access control mechanisms are aimed in particular at
-  preventing policy violations by untrusted application software,
-  which typically have at least the same access privileges as the
-  invoking user.\medskip
+  preventing policy violations by untrusted programs, which typically
+  have at least the same access privileges as the invoking
+  user.\medskip\pause
 
-Simple example: Air Gap Security. Uses completely separate network
+Simple example: Air Gap Security. Uses a completely separate network
 and computer hardware for different application classes.
 \end{itemize}
 
@@ -335,7 +357,8 @@
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
-\frametitle{The Bell/LaPadula Model}
+\frametitle{The Bell-LaPadula Model}
+\small
 
 \begin{itemize}
 \item Formal policy model for mandatory access control in a military
@@ -617,6 +640,25 @@
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{\Large Cryptographic Protocol Failures}
+
+Ross Anderson and Roger Needham wrote:\bigskip
+
+\begin{quote}\rm
+A lot of the recorded frauds were the result of this kind of blunder,
+or from management negligence pure and simple. \alert{However, there
+  have been a significant number of cases where the designers
+  protected the right things, used cryptographic algorithms which were
+  not broken, and yet found that their systems were still successfully
+  attacked.}
+\end{quote}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%  
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
 \frametitle{Authentication Protocols}
--- a/slides/slides05.tex	Tue Oct 14 06:21:07 2014 +0100
+++ b/slides/slides05.tex	Tue Oct 14 12:21:10 2014 +0100
@@ -1343,74 +1343,6 @@
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
 
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Schneier: Step 1\end{tabular}}
-
-{\bf What assets are you trying to protect?}\bigskip
-
-This question might seem basic, but a surprising number of people never ask it. The question involves understanding the scope of the problem. For example, securing an airplane, an airport, commercial aviation, the transportation system, and a nation against terrorism are all different security problems, and require different solutions.
-
-\only<2>{
-\begin{tikzpicture}
-\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 
-{\begin{minipage}{10cm}
-\small You like to prevent: ``It would be terrible if this sort of attack ever happens; we need to do everything in our power to prevent it.''
-\end{minipage}};
-\end{tikzpicture}}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Schneier: Step 2\end{tabular}}
-
-{\bf What are the risks to these assets?}\bigskip
-
-Here we consider the need for security. Answering it involves understanding what is being defended, what the consequences are if it is successfully attacked, who wants to attack it, how they might attack it, and why.
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Schneier: Step 3\end{tabular}}
-
-{\bf How well does the security solution mitigate those risks?}\bigskip
-
-Another seemingly obvious question, but one that is frequently ignored. If the security solution doesn't solve the problem, it's no good. This is not as simple as looking at the security solution and seeing how well it works. It involves looking at how the security solution interacts with everything around it, evaluating both its operation and its failures.
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Schneier: Step 4\end{tabular}}
-
-{\bf What other risks does the security solution cause?}\bigskip
-
-This question addresses what might be called the problem of unintended consequences. Security solutions have ripple effects, and most cause new security problems. The trick is to understand the new problems and make sure they are smaller than the old ones.
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Schneier: Step 5\end{tabular}}
-
-{\bf What costs and trade-offs does the security solution impose?}\bigskip
-
-Every security system has costs and requires trade-offs. Most security costs money, sometimes substantial amounts; but other trade-offs may be more important, ranging from matters of convenience and comfort to issues involving basic freedoms like privacy. Understanding these trade-offs is essential.
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
-
-
 \end{document}
 
 %%% Local Variables: