English subtitles

← 07-25 Security

Get Embed Code
3 Languages

Edit Subtitles
Download

Showing Revision 1 created 06/29/2012 by Amara Bot.

  1. Title:
    07-25 Security
  2. Description:

    Other units in this course below:
    Unit 1:http://www.youtube.com/playlist?list=PL3FEF9299137945CC
    Unit 2:http://www.youtube.com/playlist?list=PLBF6FC32358457242
    Unit 3:http://www.youtube.com/playlist?list=PL30EF9EB86B4D2E54
    Unit 4:http://www.youtube.com/playlist?list=PL6881C8D2E9D63242
    Unit 5:http://www.youtube.com/playlist?list=PL62AF1F6D3B654E14
    Unit 6:http://www.youtube.com/playlist?list=PL8FCC9D9C45A6640E
    Unit 7:http://www.youtube.com/playlist?list=PL9533BCB71FD88E38

    Q&A: http://www.youtube.com/playlist?list=PLE0EB375FA373A866

    To gain access to interactive quizzes, homework, programming assignments and a helpful community, join the class at http://www.udacity.com

  3. 0 0:00 - 0:04
    Let's take a break and talk a bit about computer security--
  4. 4000 0:04 - 0:07
    a topic we really haven't touched on much in this unit so far.
  5. 7000 0:07 - 0:11
    Security can sometimes be defined as computing in the presence of an adversary--
  6. 11000 0:11 - 0:15
    someone else using a computer or a network or resources
  7. 15000 0:15 - 0:18
    who means you hard or hopes to exploit or take advantage of resources
  8. 18000 0:18 - 0:20
    resources that you've put out there.
  9. 20000 0:20 - 0:24
    It just so happens--you'll be surprised to discover I am breaking this news--
  10. 24000 0:24 - 0:26
    that the internet is not secure.
  11. 26000 0:26 - 0:32
    Malicious agents or adversaries can write malicious webpages or JavaScript fragments.
  12. 32000 0:32 - 0:37
    The simplest way to do this would be to write a JavaScript fragment that loops forever--
  13. 37000 0:37 - 0:40
    some sort of version of Fibonacci that has no stopping condition
  14. 40000 0:40 - 0:42
    that just keeps going and going and going.
  15. 42000 0:42 - 0:46
    Then as soon as you've directed your browser to that page, it would stall,
  16. 46000 0:46 - 0:49
    and you'd be denied some server. You wouldn't be able to use your computer.
  17. 49000 0:49 - 0:54
    In practice, browsers often put some sort of timeout on script execution.
  18. 54000 0:54 - 0:59
    I'll run your script for 3 or 4 seconds, and after that if it hasn't finished, I'd better stop.
  19. 59000 0:59 - 1:03
    that's one of the reasons why optimization is so important, but it also has this security angle.
  20. 63000 1:03 - 1:07
    If we make any mistakes when we're designing our web browser,
  21. 67000 1:07 - 1:12
    then outside agents might break in to our computers and gain access
  22. 72000 1:12 - 1:15
    to sensitive documents--our tax returns, our personal email, or whatnot.
  23. 75000 1:15 - 1:17
    We want to make sure that that doesn't happen.
  24. 77000 1:17 - 1:21
    Let's listen to someone who knows quite a bit more about security than I do
  25. 81000 1:21 - 1:24
    talk about how this plays out in the real world with web browsers.
  26. 84000 1:24 - 1:27
    The web can be a great place but it can also be a dangerous place.
  27. 87000 1:27 - 1:32
    Nothing stops users from posting malicious code or websites
  28. 92000 1:32 - 1:37
    or writing scripts that will trying to take advantage of your computer or your browser.
  29. 97000 1:37 - 1:41
    There might be security holes or exploits, they're sometimes called, that allow this.
  30. 101000 1:41 - 1:45
    I was wondering if you might talk a bit about security at the language or implementation level
  31. 105000 1:45 - 1:47
    from the perspective of Mozilla.
  32. 107000 1:47 - 1:52
    Absolutely. Security is a prevalent concern at Mozilla.
  33. 112000 1:52 - 1:56
    When I was growing up, the idea of getting a piece of software was that you actually
  34. 116000 1:56 - 2:01
    drove to a store and you looked at a shelf and you pulled a box off the shelf
  35. 121000 2:01 - 2:04
    and you paid somebody and you took it home and that piece of software was sold to you
  36. 124000 2:04 - 2:08
    by a company that you trusted, by a third party that you trusted,
  37. 128000 2:08 - 2:12
    so you had some sense of this piece of software that I'm about to put on my computer
  38. 132000 2:12 - 2:16
    is something that I can believe is going to do something on behalf,
  39. 136000 2:16 - 2:18
    not something against me.
  40. 138000 2:18 - 2:20
    The web doesn't work like that way at all.
  41. 140000 2:20 - 2:24
    The way web applications work is you can go to any website anywhere in the world,
  42. 144000 2:24 - 2:29
    and somebody you've never met and never seen and that nobody can vouch for you
  43. 149000 2:29 - 2:34
    is going to run some of their code that they wrote on your computer.
  44. 154000 2:34 - 2:36
    So that changes the game.
  45. 156000 2:36 - 2:43
    That means that in order to build a serious platform where programs can do important things
  46. 163000 2:43 - 2:49
    on your behalf, we need to make sure that they can't also do important things against you.
  47. 169000 2:49 - 2:53
    The more people put valuable parts of their lives onto the web like their bank account,
  48. 173000 2:53 - 2:58
    for example, the more we have important assets to defend.
  49. 178000 2:58 - 3:04
    One of the concepts people talk about a lot in security is the notion of the trust computing base.
  50. 184000 3:04 - 3:08
    When you download some code from some third party that you don't know,
  51. 188000 3:08 - 3:13
    if we're being kind of maximally pessimistic we say, well, I don't trust this code completely.
  52. 193000 3:13 - 3:18
    I'd like it to do something for me but I don't know for sure that it's not malicious.
  53. 198000 3:18 - 3:21
    However, that code is running inside of a web browser like Firefox,
  54. 201000 3:21 - 3:28
    and I do trust the code that was written by Mozilla. I do trust Firefox.
  55. 208000 3:28 - 3:33
    In order to be able to say as much as we can about the security of a system,
  56. 213000 3:33 - 3:37
    we'd like for the parts of the system that we need to trust the most
  57. 217000 3:37 - 3:41
    to be as small as possible, so we talk about shrinking the trusted computing base,
  58. 221000 3:41 - 3:48
    as being a goal of having the smallest possible amount of software where if it goes wrong
  59. 228000 3:48 - 3:53
    disaster can ensue--like somebody can steal or credit card information or your bank account.
  60. 233000 3:53 - 3:56
    All modern web browsers are implemented in C++.
  61. 236000 3:56 - 4:00
    Now, C++ is a very powerful language. There are a lot of things that you can do with it.
  62. 240000 4:00 - 4:02
    But it's also not a particularly safe language.
  63. 242000 4:02 - 4:07
    It's a language where if you make one wrong move, if you make one little programming mistake,
  64. 247000 4:07 - 4:13
    you can actually leave parts of your system open to malicious programs.
  65. 253000 4:13 - 4:21
    For example, if you write a program in C++ and you have an array of data
  66. 261000 4:21 - 4:26
    and you forget to make sure that the program doesn't go beyond the end of that array,
  67. 266000 4:26 - 4:29
    in most programming languages you'll get a runtime error that says,
  68. 269000 4:29 - 4:32
    "Oops. You tried to access beyond the end of the array."
  69. 272000 4:32 - 4:34
    C++ doesn't give you that protection.
  70. 274000 4:34 - 4:37
    What C++ does is it just keeps reading what ever happens to be in memory
  71. 277000 4:37 - 4:39
    at the end of that array.
  72. 279000 4:39 - 4:44
    Well, whatever happens to be in memory could actually be some part of the browser
  73. 284000 4:44 - 4:47
    that has internal information like a password.
  74. 287000 4:47 - 4:50
    It could also be some other program running on the system,
  75. 290000 4:50 - 4:55
    and there are a lot of people out there who work on finding ways to exploit
  76. 295000 4:55 - 5:02
    these kinds of bugs to use them to take control of your computer or to get access to your private data.
  77. 302000 5:02 - 5:05
    The project of building a web browser that people can trust
  78. 305000 5:05 - 5:08
    and building a web browser that operates on user's behalf
  79. 308000 5:08 - 5:11
    is also one of building software that they can trust.
  80. 311000 5:11 - 5:13
    In order to build software that they can trust,
  81. 313000 5:13 - 5:16
    it needs to be built on top of programming technologies
  82. 316000 5:16 - 5:22
    that we know we can work with effectively to build software that's not unsafe.
  83. 322000 5:22 - 5:28
    We've been discussing malicious code like JavaScript written by evildoers
  84. 328000 5:28 - 5:32
    that we would run in our interpreter. Running evil code seems really bad.
  85. 332000 5:32 - 5:36
    Can't I just look at the source code and tell if it's bad before I run it
  86. 336000 5:36 - 5:40
    and then not run the bad code? Why doesn't Mozilla do something like that.
  87. 340000 5:40 - 5:44
    Unfortunately, it turns out that there's a lot of good theoretical computer science
  88. 344000 5:44 - 5:49
    that shows us that that is a provably impossible problem.
  89. 349000 5:49 - 5:54
    I don't know if you've discussed the halting program. >>We may have.
  90. 354000 5:54 - 6:00
    It turns out that if I were able to prove that any particular piece of code was not malicious
  91. 360000 6:00 - 6:02
    I would also be able to solve the halting problem,
  92. 362000 6:02 - 6:06
    and we already know that that's an unsolvable problem in computer science.
  93. 366000 6:06 - 6:09
    Looking at this maybe from a more positive side,
  94. 369000 6:09 - 6:11
    that means that I'll always have a job.
  95. 371000 6:11 -
    The law of compiler writer employability. >>Exactly.