The authors of this book address a very specific and (until now) marginally covered topic in the area of software security: essentially, the writing of exploits that target the operating system (OS) itself.
OSs are written and developed in much the same way as software is built; consequently, OSs are prone to bugs. Some of these bugs can be exploited--that is, user input can include machine-executable code (shellcode), thus an attacker can execute the attack code at the most secure and sensitive security level (ring 0), which is the kernel space. The consequences are severe: the core system can be compromised, and no user land tool can detect or mitigate this type of attack.
Writing a kernel-level exploit requires a mixture of art, science, and, ultimately, luck. Though no book will ever show how to trigger luck, a class of highly motivated and technically skilled readers can learn the first two elements--the art and the science--from this book. Perla and Oldani show how readers can write kernel-level exploits for today’s relevant OSs.
The book starts with an introduction to software vulnerabilities and lays down the principles of stack smashing--that is, the rewriting of stored program counters. Next, it introduces the generic architectures required for understanding how virtual memory is implemented. These details are essential to understanding the follow-up reading material on multistage exploits.
In the second part, the authors address the three dominant OSs (Linux, Mac OS, and Windows), considering in separate follow-up chapters the specific exploitation techniques for each system. I greatly appreciated the chapter on Mac OS X (chapter 5) since the exploitation of Mac OS-level kernel code still remains largely unknown to many.
Part 3 covers a concrete use case (for Linux) and advanced remote kernel exploits.
The book is a must-read for security researchers dealing with the audit or exploitation of kernel-level vulnerabilities. Graduate students taking a class on OSs will benefit from its extensive technical background and system-related material. The book works as both a unified description of the three main OSs as well as a technical introduction to the art and science of kernel exploits.
Since this book assumes a certain familiarity with programming and system architecture, advanced readers form the target audience. For this class of reader, the book is an essential and state-of-the-art reference guide.