diff options
| author | Guillermo Ramos | 2013-05-27 00:07:01 +0200 |
|---|---|---|
| committer | Guillermo Ramos | 2013-05-27 00:07:01 +0200 |
| commit | 45ec0c7e1bfd251e13f4d3ade89785e98df31ba9 (patch) | |
| tree | 1f9b534ed4ea650517c39799f5e2aed0885ce87d /c_seguridad/present | |
| download | acm-master.tar.gz | |
Diffstat (limited to 'c_seguridad/present')
21 files changed, 348 insertions, 0 deletions
diff --git a/c_seguridad/present/acm.png b/c_seguridad/present/acm.png Binary files differnew file mode 100644 index 0000000..f083d8c --- /dev/null +++ b/c_seguridad/present/acm.png diff --git a/c_seguridad/present/beamerthemeACM.sty b/c_seguridad/present/beamerthemeACM.sty new file mode 100644 index 0000000..0d0e790 --- /dev/null +++ b/c_seguridad/present/beamerthemeACM.sty @@ -0,0 +1,68 @@ +\usetheme{Rochester} + +\RequirePackage{pgf} + +\pgfdeclareimage[width=1.0\paperwidth]{cabecera}{cabecera} + +\setbeamertemplate{blocks}[rounded][shadow=true] +\setbeamercovered{transparent} + +\beamer@headheight=0.14\paperwidth + +\definecolor{oxygenorange}{HTML}{F7800A} +\definecolor{oxygengray}{HTML}{686868} +\definecolor{oxygenlightgray}{HTML}{EEEEEE} +\definecolor{oxygenblue}{HTML}{236EAF} +\setbeamercolor*{Title bar}{fg=white} +\setbeamercolor*{Location bar}{fg=oxygenorange,bg=oxygenlightgray} +\setbeamercolor*{frametitle}{parent=Title bar} +\setbeamercolor*{block title}{bg=oxygenblue,fg=white} +\setbeamercolor*{block body}{bg=oxygenlightgray,fg=oxygengray} +\setbeamercolor*{normal text}{bg=white,fg=oxygengray} +\setbeamercolor*{section in head/foot}{bg=oxygenblue,fg=white} + +\usecolortheme[named=oxygenorange]{structure} + +\setbeamerfont{section in head/foot}{size=\tiny,series=\normalfont} +\setbeamerfont{frametitle}{size=\Large} + +%\setbeamertemplate{headline} +\setbeamertemplate{frametitle} +{ + \vskip-0.25\beamer@headheight + \vskip-\baselineskip + \vskip-0.2cm + \hskip0.7cm\usebeamerfont*{frametitle}\insertframetitle + \vskip-0.10em + \hskip0.7cm\usebeamerfont*{framesubtitle}\insertframesubtitle +} + +\setbeamertemplate{headline} +{ + \pgfuseimage{cabecera} + \vskip -1.95cm + \linethickness{0.0pt} + + \framelatex{ + \begin{beamercolorbox}[wd=\paperwidth,ht=0.3\beamer@headheight]{Title bar} + \usebeamerfont{section in head/foot}% + %\insertsectionnavigationhorizontal{0pt}{\hskip0.22cm}{}% + \end{beamercolorbox}} + + \framelatex{ + \begin{beamercolorbox}[wd=\paperwidth,ht=0.7\beamer@headheight]{Title bar} + \end{beamercolorbox}} +} + +\setbeamertemplate{footline} +{ + \linethickness{0.25pt} + \framelatex{ + \begin{beamercolorbox}[leftskip=.3cm,wd=\paperwidth,ht=0.3\beamer@headheight,sep=0.1cm]{Location bar} + \usebeamerfont{section in head/foot}% + \insertshortauthor~|~\insertshorttitle + \hfill + \insertframenumber/\inserttotalframenumber + \end{beamercolorbox}} +} + diff --git a/c_seguridad/present/cabecera.png b/c_seguridad/present/cabecera.png Binary files differnew file mode 100644 index 0000000..5c2f81c --- /dev/null +++ b/c_seguridad/present/cabecera.png diff --git a/c_seguridad/present/img/Nuclear-Explosion.jpg b/c_seguridad/present/img/Nuclear-Explosion.jpg Binary files differnew file mode 100644 index 0000000..f68597c --- /dev/null +++ b/c_seguridad/present/img/Nuclear-Explosion.jpg diff --git a/c_seguridad/present/img/bof1.png b/c_seguridad/present/img/bof1.png Binary files differnew file mode 100644 index 0000000..3b25c5e --- /dev/null +++ b/c_seguridad/present/img/bof1.png diff --git a/c_seguridad/present/img/bof2.png b/c_seguridad/present/img/bof2.png Binary files differnew file mode 100644 index 0000000..390d2a4 --- /dev/null +++ b/c_seguridad/present/img/bof2.png diff --git a/c_seguridad/present/img/dudas.jpg b/c_seguridad/present/img/dudas.jpg Binary files differnew file mode 100644 index 0000000..3a5599c --- /dev/null +++ b/c_seguridad/present/img/dudas.jpg diff --git a/c_seguridad/present/img/dudewtf.png b/c_seguridad/present/img/dudewtf.png Binary files differnew file mode 100644 index 0000000..7f1b30c --- /dev/null +++ b/c_seguridad/present/img/dudewtf.png diff --git a/c_seguridad/present/img/hacker.jpg b/c_seguridad/present/img/hacker.jpg Binary files differnew file mode 100644 index 0000000..986d05a --- /dev/null +++ b/c_seguridad/present/img/hacker.jpg diff --git a/c_seguridad/present/img/memoria_virtual.png b/c_seguridad/present/img/memoria_virtual.png Binary files differnew file mode 100644 index 0000000..97f14f9 --- /dev/null +++ b/c_seguridad/present/img/memoria_virtual.png diff --git a/c_seguridad/present/img/memory_org.png b/c_seguridad/present/img/memory_org.png Binary files differnew file mode 100644 index 0000000..17a9f0a --- /dev/null +++ b/c_seguridad/present/img/memory_org.png diff --git a/c_seguridad/present/img/nuclear_explosion.png b/c_seguridad/present/img/nuclear_explosion.png Binary files differnew file mode 100644 index 0000000..098dccc --- /dev/null +++ b/c_seguridad/present/img/nuclear_explosion.png diff --git a/c_seguridad/present/img/ordenadorbob.jpg b/c_seguridad/present/img/ordenadorbob.jpg Binary files differnew file mode 100644 index 0000000..479521c --- /dev/null +++ b/c_seguridad/present/img/ordenadorbob.jpg diff --git a/c_seguridad/present/img/showmethecode.png b/c_seguridad/present/img/showmethecode.png Binary files differnew file mode 100644 index 0000000..5ffd815 --- /dev/null +++ b/c_seguridad/present/img/showmethecode.png diff --git a/c_seguridad/present/img/smith.png b/c_seguridad/present/img/smith.png Binary files differnew file mode 100644 index 0000000..ee7b3fe --- /dev/null +++ b/c_seguridad/present/img/smith.png diff --git a/c_seguridad/present/img/stack_call_struct.png b/c_seguridad/present/img/stack_call_struct.png Binary files differnew file mode 100644 index 0000000..7d61f4c --- /dev/null +++ b/c_seguridad/present/img/stack_call_struct.png diff --git a/c_seguridad/present/img/stack_frame_struct.png b/c_seguridad/present/img/stack_frame_struct.png Binary files differnew file mode 100644 index 0000000..adf21d3 --- /dev/null +++ b/c_seguridad/present/img/stack_frame_struct.png diff --git a/c_seguridad/present/img/stack_overflow.png b/c_seguridad/present/img/stack_overflow.png Binary files differnew file mode 100644 index 0000000..1f33d35 --- /dev/null +++ b/c_seguridad/present/img/stack_overflow.png diff --git a/c_seguridad/present/img/stack_overflow_1.png b/c_seguridad/present/img/stack_overflow_1.png Binary files differnew file mode 100644 index 0000000..25f5415 --- /dev/null +++ b/c_seguridad/present/img/stack_overflow_1.png diff --git a/c_seguridad/present/img/stack_overflow_2.png b/c_seguridad/present/img/stack_overflow_2.png Binary files differnew file mode 100644 index 0000000..0963203 --- /dev/null +++ b/c_seguridad/present/img/stack_overflow_2.png diff --git a/c_seguridad/present/seguridad.tex b/c_seguridad/present/seguridad.tex new file mode 100644 index 0000000..1a422fa --- /dev/null +++ b/c_seguridad/present/seguridad.tex @@ -0,0 +1,280 @@ +% vim : tabstop 4 +%%%%%%%%%%%%%%%%%%%% +% seguridad.tex - Transparencias de la sección de Seguridad del Curso de C +% Guillermo Ramos Gutiérrez <wille@acm.asoc.fi.upm.es> +%%%%%%%%%%%%%%%%%%%%% + +\documentclass{beamer} + +\mode<presentation> +{ + \usetheme{ACM} + \setbeamercovered{transparent} +} + +\usepackage[spanish]{babel} +\usepackage[utf8]{inputenc} +\usepackage{times} +\usepackage{color} + +\title[Curso de C: Seguridad] +{Curso de C: Seguridad} + +\author[Guillermo Ramos] +{ +Guillermo Ramos \\ +\texttt{wille@acm.asoc.fi.upm.es} +} + +\institute[ACM FI - UPM] +{ +ACM Facultad de Informática \\ +Universidad Politécnica de Madrid +} + +\date{24 de marzo de 2011} + +\pgfdeclareimage[height=0.7cm]{acm-logo}{acm} +\logo{\pgfuseimage{acm-logo}} + +\AtBeginSection[] +{ + \begin{frame}<beamer> + \frametitle{Contenido} + \tableofcontents[currentsection] + \end{frame} +} + +\begin{document} + + \begin{frame} + \titlepage + \end{frame} + + \begin{frame}{Contenido} + \tableofcontents + \end{frame} + + \section{¿De qué va todo esto?} + \begin{frame}{} + \begin{center} + \textbf{\huge 01010000} + \end{center} + \end{frame} + + \begin{frame}{} + \begin{center} + \textbf{\huge 01010001} \\ + \vspace{1cm} + \uncover<1>{¿0x50?} \\ + \uncover<2>{¿push eax?} \\ + \uncover<3>{¿true?} + \end{center} + \end{frame} + + \begin{frame}{} + \begin{center} + \textbf{\huge 01010000} \\ + \vspace{1cm} + $\surd$ 0x50 \\ + $\surd$ push eax \\ + $\surd$ true + \end{center} + \end{frame} + + \begin{frame}{} + \begin{center} + \includegraphics[width=3cm]{img/dudewtf.png} + \end{center} + \end{frame} + + \begin{frame}{En resumen} + \begin{itemize} + \item Problema: \textbf{distinguir datos de código} + \item La información no tiene más significado que el que le da un proceso. + \item Esto se suele aprovechar para controlar los fallos de software y modificar el flujo de ejecución. + \end{itemize} + \end{frame} + + + \section{Memoria} + \subsection{Memoria Virtual} + \begin{frame}{Memoria Virtual} + \begin{center} + \includegraphics[width=6cm]{img/memoria_virtual.png} + \end{center} + \end{frame} + + \subsection{Organización de memoria} + \begin{frame}{Organización de memoria} + \begin{center} + \includegraphics[width=6cm]{img/memory_org.png} + \end{center} + \end{frame} + + \begin{frame}{Ejemplo} + \begin{center} + \begin{block}{ejemplounopuntocé.c} + char global; \\ + float pi = 3.14; \\[3mm] + int main() \{ \\ + \hspace{1cm}int local; \\ + \hspace{1cm}char* buffer = (char*)malloc(20); \\ + \hspace{1cm}return 0; \\ + \} + \end{block} + \end{center} + \end{frame} + + \begin{frame}{Ejemplo} + \begin{center} + \begin{block}{ejemplounopuntocé.c} + char global; \textcolor{red}{// bss} \\ + float pi = 3.14; \textcolor{red}{// data} \\[3mm] + int main() \{ \textcolor{red}{// code} \\ + \hspace{1cm}int local; \textcolor{red}{// stack} \\ + \hspace{1cm}char* buffer = (char*)malloc(20); \textcolor{red}{// heap (*buffer)} \\ + \hspace{1cm}return 0; \\ + \} + \end{block} + \end{center} + \end{frame} + + \subsection{La pila} + \begin{frame}{La pila} + Guarda el estado de las funciones en \textbf{marcos de pila} \\ + Cada marco de pila almacena: + \begin{itemize} + \item Parámetros + \item Variables locales + \item Dirección de retorno de la función + \end{itemize} + \end{frame} + + \begin{frame}{El marco de pila} + \begin{center} + \includegraphics[width=6cm]{img/stack_frame_struct.png} + \end{center} + \end{frame} + + \begin{frame}{La pila} + \begin{center} + \includegraphics[width=6cm]{img/stack_call_struct.png} + \end{center} + \end{frame} + + \begin{frame}{Ejemplos} + \begin{center} + \includegraphics[width=6cm]{img/showmethecode.png} + \end{center} + \end{frame} + + + \section{Buffer Overflows} + \begin{frame}{Introducción} + \begin{center} + \textit{At first I was like...} \\[3mm] + \includegraphics[width=8cm]{img/bof1.png} + \end{center} + \end{frame} + + \begin{frame}{Introducción} + \begin{center} + \textit{... but then I was like...} \\[3mm] + \includegraphics[width=7cm]{img/nuclear_explosion.png} + \end{center} + \end{frame} + + \begin{frame}{Introducción} + \begin{center} + Un buffer overflow ocurre cuando no se controla la cantidad de datos que se pueden + copiar en un buffer y se sigue escribiendo tras haberlo rellenado, provocando + la sobreescritura de la memoria adyacente a él. \\[3mm] + \includegraphics[width=6cm]{img/bof2.png} + \end{center} + \end{frame} + + \begin{frame}{Introducción} + \begin{center} + \includegraphics[width=8cm]{img/stack_overflow_1.png} + \end{center} + \end{frame} + + \begin{frame}{Introducción} + \begin{center} + \includegraphics[width=8cm]{img/stack_overflow_2.png} + \end{center} + \end{frame} + + \begin{frame}{Introducción} + \begin{center} + \includegraphics[width=8cm]{img/stack_overflow.png} + \end{center} + \end{frame} + + \begin{frame}{Ejemplos} + \begin{center} + \includegraphics[width=6cm]{img/showmethecode.png} + \end{center} + \end{frame} + + + \section{Format Strings} + \begin{frame}{Introducción} + \begin{center} + \begin{block}{ejemplodospuntocé.c} + int main(int argc, char** argv) \{ \\ + \hspace{1cm}if (argc $>$ 1) \\ + \hspace{2cm}printf(argv[1]); \\ + \hspace{1cm}return 0; \\ + \} + \end{block} + \begin{block}{ejemplotrespuntocé.c} + int main(int argc, char** argv) \{ \\ + \hspace{1cm}if (argc $>$ 1) \\ + \hspace{2cm}printf("\%s", argv[1]); \\ + \hspace{1cm}return 0; \\ + \} + \end{block} + \end{center} + \end{frame} + + \begin{frame}{\%x\%x\%x\%x\%x\%x\%x\%x\%x\%x\%x\%x\%x\%x\%x\%x\%x} + \begin{center} + Un ataque de format strings es una inyección de caracteres que hace que printf() o cualquier + derivado interprete que debe insertar parámetros en la salida. Al no haberlos, usa memoria + de la pila. + \end{center} + \end{frame} + + \begin{frame}{Ejemplos} + \begin{center} + \includegraphics[width=6cm]{img/showmethecode.png} + \end{center} + \end{frame} + + + \section{} + \begin{frame}{} + \begin{center} + ¿Dudas, preguntas? \\ + \includegraphics[width=5cm]{img/dudas.jpg} + \end{center} + \end{frame} + + \begin{frame}{} + \textbf{Bibliografía recomendada:} + \begin{thebibliography}{99} + \bibitem{} \htmladdnormallink{Erickson, J. (2008). \textit{The Art of Exploitation, 2nd Edition}}{http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/} + \bibitem{} \htmladdnormallink{Anley, C., Heasman, J., Lindner, F., Richarte, G. (2007). \textit{The Shellcoder's + Handbook: Discovering and Exploiting Security Holes}}{http://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security/dp/047008023X/} + \end{thebibliography} + \end{frame} + + \begin{frame}{} + \begin{center} + \textbf{¡Gracias por venir!} + \end{center} + \end{frame} + +\end{document} |
