Ilja van Sprundel

Presentation Title: Unix Kernel Auditing
Presentation Details:

This paper will deal with finding security flaws in unix kernels. Today kernel related security bugs are more important then ever, This is because the average administrator is paying attention to security these days. He/she will usually narrow down everything that can be ran as another user (network daemons, cron scripts, suid and sgid binairies, webapplications, …).

These are in most cases all programs that run in userspace and are usually fairly easy to narrow down. Things are not that easy when it comes to kernels. Most people see kernels as as blackboxes and will stay away from them except for some compile configurations. This is where the problem lies. besides the fact that it is very hard to minimize your kernel they are also a perfect target for attack. Unlike some network applications and suid/sgid binaries kernels have a lot (+1000) of inputs that a user initially controls. Given that no sofware is flawless, and the most unix kernels have more then 1000 inputs it’s safe to say that all unix kernels have severe security bugs that have yet to be discovered.

This paper will describe some common steps into looking for specific security flaws and will try to stipulate where to look for them.

About Ilja:

Ilja van Sprundel is a employee of Suresec Ltd. and has a passion for somewhat offensive computer security. Among other things he has previously implemented a secure credit card transaction solution. Ilja also attended the RWTH-Aachen summerschool of applied I.T security where he learned a great deal about offensive and defensive security mechanisms. He is also the winner of the 21c3 stacksmashing contest and a member of the Netric security research group.

Posted by Administrator @ 2005-03-17 10:17 am

Event Organizers


E-Security Gulf Group  


Hack In The Box (M) Sdn. Bhd.  



Sponsors


Microsoft Corporation  


Argus Systems Group 


Bahrain International Circuit 


Gulf Air 


Kingdom University, Bahrain 


Instec Digital Systems 


Oracle Corporation 


SIAG 


Duroob Technology 


Qatar Airways 



Supporting Organizations


Bellua Asia Pacific  


X-Focus China  


Bahrain Information Technology Society 

Hack In The Box (M) Sdn. Bhd.