Computing Reviews, the leading online review service for computing literature.

Search

A guide to kernel exploitation : attacking the core
Perla E., Oldani M., Syngress Publishing, Boston, MA, 2010. 442 pp. Type: Book (978-1-597494-86-1)

Date Reviewed: Jun 8 2011

The authors of this book address a very specific and (until now) marginally covered topic in the area of software security: essentially, the writing of exploits that target the operating system (OS) itself. OSs are written and developed in much the same way as software is built; consequently, OSs are prone to bugs. Some of these bugs can be exploited--that is, user input can include machine-executable code (shellcode), thus an attacker can execute the attack code at the most secure and sensitive security level (ring 0), which is the kernel space. The consequences are severe: the core system can be compromised, and no user land tool can detect or mitigate this type of attack. Writing a kernel-level exploit requires a mixture of art, science, and, ultimately, luck. Though no book will ever show how to trigger luck, a class of highly motivated and technically skilled readers can learn the first two elements--the art and the science--from this book. Perla and Oldani show how readers can write kernel-level exploits for today’s relevant OSs. The book starts with an introduction to software vulnerabilities and lays down the principles of stack smashing--that is, the rewriting of stored program counters. Next, it introduces the generic architectures required for understanding how virtual memory is implemented. These details are essential to understanding the follow-up reading material on multistage exploits. In the second part, the authors address the three dominant OSs (Linux, Mac OS, and Windows), considering in separate follow-up chapters the specific exploitation techniques for each system. I greatly appreciated the chapter on Mac OS X (chapter 5) since the exploitation of Mac OS-level kernel code still remains largely unknown to many. Part 3 covers a concrete use case (for Linux) and advanced remote kernel exploits. The book is a must-read for security researchers dealing with the audit or exploitation of kernel-level vulnerabilities. Graduate students taking a class on OSs will benefit from its extensive technical background and system-related material. The book works as both a unified description of the three main OSs as well as a technical introduction to the art and science of kernel exploits. Since this book assumes a certain familiarity with programming and system architecture, advanced readers form the target audience. For this class of reader, the book is an essential and state-of-the-art reference guide.

Reviewer: Radu State	Review #: CR139115 (1201-0022)

Security Kernels (D.4.6 ... )

Unix (D.4.0 ... )

Windows (D.2.2 ... )

General (D.4.0 )

Would you recommend this review?

yes

Other reviews under "Security Kernels":	Date

A new security testing method and its application to the Secure Xenix Kernel Gligor V., Chandersekaran C., Jiang W., Johri A., Luckenbaugh G., Reich L. IEEE Transactions on Software Engineering SE-13(2): 169-183, 1987. Type: Article	Oct 1 1987

On the Identification of Covert Storage Channels in Secure Systems Tsai C., Gligor V., Shandersekaran C. IEEE Transactions on Software Engineering 16(6): 569-580, 1990. Type: Article	Sep 1 1991

Reproduction in whole or in part without permission is prohibited. Copyright 1999-2024 ThinkLoud^®
Terms of Use | Privacy Policy