updates

content/CSE4303/CSE4303_L15.md

@@ -59,6 +59,14 @@
 
 ### Post-Quantum (PQ) crypto
 
+- Fundamentally different computation paradigm than "classical" von Neumann or dataflow models
+- Relies on properties of quantum physics to solve problems efficiently
+  - Superposition: state of quantum bit ("qubit") expressed by probability model over continuous range of values (vs. classic bit: 0 or 1 only)
+    - Like being able to operate on all possible bit combos of a register simultaneously, instead of operating on only one among all possibilities
+  - Entanglement: operating on one qubit affects others
+
+
+
 ### Zero-Knowledge (ZK) proofs
 
 ### Homomorphic encryption

content/CSE4303/CSE4303_L16.md

@@ -38,10 +38,14 @@ Context: computing stack
   - 2. Complete mediation (reference monitor)
   - 3. Correct
 
-Isolating User Processes from Each Other
+Isolating OS from Untrusted User Code
+
+- How do we meet the first requirement of a TCB (e.g., isolation or tamper-proofness)?
+  - Hardware support for memory protection
+  - Processor execution modes (system AND user modes, execution rings)
+  - Privileged instructions which can only be executed in system mode
+  - System calls used to transfer control between user and system code
 
-- How do we meet the user/user isolation and separation?
-  - OS uses hardware support for memory protection to ensure this.
 
 System Calls: Going from User to OS Code
 
@@ -50,16 +54,107 @@ System Calls: Going from User to OS Code
     - The processor execution mode or privilege ring changes when call and return happen.
   - x86 `sysenter` / `sysexit` instructions
 
-## Isolating OS from Untrusted User Code
+Isolating User Processes from Each Other
 
-- How do we meet the first requirement of a TCB (e.g., isolation or tamper-proofness)?
-  - Hardware support for memory protection
-  - Processor execution modes (system AND user modes, execution rings)
-  - Privileged instructions which can only be executed in system mode
-  - System calls used to transfer control between user and system code
+- How do we meet the user/user isolation and separation?
+  - OS uses hardware support for memory protection to ensure this.
+
+Virtualization
+
+- OS is large and complex, even different operating systems may be desired by different customers
+- Compromise of an OS impacts all applications
+
+Complete Mediation: The TCB
+
+- Make sure that no protected resource (e.g., memory page or file) could be accessed without going through the TCB
+- TCB acts as a reference monitor that cannot be bypassed
+- Privileged instructions
+
+Limiting the Damage oa a Hacked OS
+
+Use: Hypervisor, virtual machines, guest OS and applications
+
+Compromise of OS in VM1 only impacts applications running on VM1
 
 ### Secure boot and Root of Trust (RoT)
 
+Goal: create chain of trust back to hardware-stored cryptographic keys
+
+#### Secure enclave: overview (Intel SGX)
+
+![Intel SGX](https://notenextra.com/CSE4303/Intel_SGX.png)
+
+Goal: keep sensitive data within hardware-isolated encrypted environment
+
 ### Access control
 
+Controlling Accesses to Resources
+
+- TCB (reference monitor) sees a request for a resource, how does it decide whether it should be granted?
+  - Example: Should John's process making a request to read a certain file be allowed to do so?
+
+- Authentication establishes the source of a request (e.g., John's UID)
+- Authorization (or access control) answers the question if a certain source of a request (User ID) is allowed to read the file
+- Subject who owns a resource (creates it) should be able to control access to it (sometimes this is not true)
+
+- Access control
+  - Basically, it is about who is allowed to access what.
+  - Two parts
+    - Part I - Policy: decide who should have access to certain resources (access control policy)
+    - Part II - Enforcement: only accesses defined by the access control policy are granted.
+  - Complete mediation is essential for successful enforcement
+
+Discretionary Access Control
+
+- In discretionary access control (DAC), owner of a resource decides how it can be shared
+  - Owner can choose to give read or write access to other users
+- Two problems with DAC:
+  - You cannot control if someone you share a file with will not further share the data contained in it
+    - Cannot control "information flow"
+  - In many organizations, a user does not get to decide how certain type of data can be shared
+    - Typically the employer may mandate how to share various types of sensitive data
+  - Mandatory Access Control (MAC) helps address these problems
+
+Mandatory Access Control (MAC) Models
+
+- User works in a company and the company decides how data should be shared
+  - Hospital owns patient records and limits their sharing
+    - Regulatory requirements may limit sharing
+    - HIPAA for health information
+
+#### Example: Linux system controls
+
+Unix file access control list
+
+- Each file has owner and group
+- Permissions set by owner
+  - Read, write, execute
+  - Owner, group, other
+  - Represented by vector of four octal values
+- Only owner, root can change permissions
+  - This privilege cannot be delegated or shared
+- Setid bits -- Discuss in a few slides
+
+Process effective user id (EUID)
+
+- Each process has three IDs (+ more under Linux)
+  - Real user ID (RUID)
+    - Same as the user ID of parent (unless changed)
+    - Used to determine which user started the process
+  - Effective user ID (EUID)
+    - From set user ID bit on the file being executed, or sys call
+    - Determines the permissions for process
+      - File access and port binding
+  - Saved user ID (SUID)
+    - So previous EUID can be restored
+- Real group ID, effective group ID used similarly
+
+#### Weaknesses in Unix isolation, privileges
+
+- Shared resources
+  - Since any process can create files in `/tmp` directory, an untrusted process may create files that are used by arbitrary system processes
+- Time-of-Check-to-Time-of-Use (TOCTTOU), i.e. race conditions
+  - Typically, a root process uses system call to determine if initiating user has permission to a particular file, e.g. `/tmp/X`.
+  - After access is authorized and before the file open, user may change the file `/tmp/X` to a symbolic link to a target file `/etc/shadow`.
+
 ### Hazard: race conditions

content/Math4202/Math4202_L23.md

@@ -29,6 +29,8 @@ $f|_{B^2}$ is a continuous map from $B^2\to \mathbb{R}^2-\{0\}$.
 
 $f|_{S^1=\partial B^2}:S^1\to \mathbb{R}-\{0\}$ **is nulhomotopic**.
 
+> Recall that: Any map $g:S^1\to Y$ is nulhomotopic whenever it extends to a continuous map $G:B^2\to Y$.
+
 Construct a homotopy between $f|_{S^1}$ and $g$
 
 $$
@@ -57,7 +59,7 @@ Therefore $f$ must have a root in $B^2$.
 <details>
 <summary>Proof: part 2</summary>
 
-If \|a_{n-1}\|+\|a_{n-2}\|+\cdots+\|a_0\|< R$ has a root in the disk $B^2_R$. (and $R\geq 1$, otherwise follows part 1)
+If $\|a_{n-1}\|+\|a_{n-2}\|+\cdots+\|a_0\|< R$ has a root in the disk $B^2_R$. (and $R\geq 1$, otherwise follows part 1)
 
 Consider $\tilde{f}(x)=f(Rx)$.