References

Books and Papers

[Cohen] Best Kept Secrets of Peer Code Review, Jason Cohen, Smart Bear Inc., 2006, ISBN: 978-1599160672

[Freedman] Handbook of Walkthroughs, Inspections, and Technical Reviews: Evaluating Programs, Projects, and Products, Daniel P. Freedman and Gerald M. Weinberg, Dorset House, 1990, ISBN: 978-0932633194

[Gilb] Software Inspection, Tom Gilb and Dorothy Graham, Addison-Wesley Professional, 1994, ISBN: 978-0201631814

[Howard] Howard, M. (2006, July–August). “A Process for Performing Security Code Reviews.” IEEE Security & Privacy, pp. 74–79, https://www.researchgate.net/publication/3437819_A_process_for_performing_security_code_reviews?ev=auth_pub

[Ransome] Core Software Security: Security at the Source, James Ransome and Anmol Misra, CRC Press, 2014, ISBN: 978-1466560956.

[Wiegers] Peer Reviews in Software: A Practical Guide, Karl Wiegers, Addison-Wesley Professional, 2001, ISBN: 978-0201734850

Web

[CodeProject] Code review guidelines, https://www.codeproject.com/articles/524235/codeplusreviewplusguidelines

[Howard2] Howard, M. (2004, November). “Attack Surface: Mitigate Security Risks by Minimizing the Code You Expose to Untrusted Users.”, http://download.microsoft.com/download/3/a/7/3a7fa450-1f33-41f7-9e6d-3aa95b5a6aea/MSDNMagazineNovember2004en-us.chm

[Howard3] Howard, M. (2003, November). “Review It: Expert Tips for Finding Security Defects in Your Code”, http://download.microsoft.com/download/3/a/7/3a7fa450-1f33-41f7-9e6d-3aa95b5a6aea/MSDNMagazineNovember2003en-us.chm

[Meier] Meier, J., et al. (2005, October). “How To: Perform a Security Code Review for Managed Code (.NET Framework 2.0)”. https://docs.microsoft.com/en-us/previous-versions/msp-n-p/ff649315(v%3dpandp.10)

[OWASP] OWASP Code Review Guide, https://www.owasp.org/images/2/2e/OWASP_Code_Review_Guide-V1_1.pdf

Research & Real World Examples

[Wojtczuk BH 2009] Attack Intel BIOS,https://www.blackhat.com/presentations/bh-usa-09/WOJTCZUK/BHUSA09-Wojtczuk-AtkIntelBios-SLIDES.pdf

[Rutkowska BH DC 2009] Attack Intel TXT,https://www.blackhat.com/presentations/bh-dc-09/Wojtczuk_Rutkowska/BlackHat-DC-09-Rutkowska-Attacking-Intel-TXT-slides.pdf

[Bazhaniuk CSW 2015] A New Class of Vulnerability in SMI handlers, http://www.c7zero.info/stuff/ANewClassOfVulnInSMIHandlers_csw2015.pdf

[ThinkPwn 2016] Exploring Lenovo,http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html

[Wojtczuk 2011] Attacking Intel TXT via SINIT Hijacking, https://invisiblethingslab.com/resources/2011/Attacking_Intel_TXT_via_SINIT_hijacking.pdf

[Kallenberg 2014] Extreme Privilege Escalation on Windows 8 UEFI System, https://www.mitre.org/sites/default/files/publications/14-2221-extreme-escalation-presentation.pdf

[Kallenberg CSW 2014] All your boot are belong to us, https://cansecwest.com/slides/2014/AllYourBoot_csw14-mitre-final.pdf

[Wojtczuk CSW 2015] Attacks on UEFI Security, https://cansecwest.com/slides/2015/AttacksOnUEFI_Rafal.pptx

[Evdokimov BH 2017] Intel AMT Stealth Breakthrough,https://www.blackhat.com/docs/us-17/thursday/us-17-Evdokimov-Intel-AMT-Stealth-Breakthrough.pdf

[SpeedRacer 2014] Speed Racer, https://fahrplan.events.ccc.de/congress/2014/Fahrplan/system/attachments/2565/original/speed_racer_whitepaper.pdf

[Rutkowska BH 2008] Preventing and Detecting Xen Hypervisor Subversions, https://invisiblethingslab.com/resources/bh08/part2-full.pdf

[Tereshkin BH 2009] A Ring -3 Rootkits,https://invisiblethingslab.com/resources/bh09usa/Ring%20-3%20Rootkits.pdf

[Bulygin RC 2017] Baring the system, http://www.c7zero.info/stuff/REConBrussels2017_BARing_the_system.pdf

[Wojtczuk 2009] Another TXT Attack, https://invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf

[Duflot CSW 2009] SMM Reloaded,https://cansecwest.com/csw09/csw09-duflot.pdf

[Sevinsky BH 2013] Funderbolt – Adventures in thunderbolt DMA attacks,https://media.blackhat.com/us-13/US-13-Sevinsky-Funderbolt-Adventures-in-Thunderbolt-DMA-Attacks-Slides.pdf

[Pcileech 2017] Attacking UEFI and Linux, http://blog.frizk.net/2017/01/attacking-uefi-and-linux.html

[Facedancer 2012] Facedancer, http://goodfet.sourceforge.net/hardware/facedancer21/

[Schumilo BH 2014] Don’t trust your USB,https://www.blackhat.com/docs/eu-14/materials/eu-14-Schumilo-Dont-Trust-Your-USB-How-To-Find-Bugs-In-USB-Device-Drivers.pdf

[Boone CSW 2018] TPM Genie, https://github.com/nccgroup/TPMGenie/blob/master/docs/CanSecWest2018-TPM_Genie-_Jeremy_Boone.pdf

[Brossard DC 2008] Bypassing Pre-boot Authentication Passwords, https://www.defcon.org/images/defcon-16/dc16-presentations/brossard/defcon-16-brossard-wp.pdf

[Miller BH 2011] Battery Firmware Hacking, https://media.blackhat.com/bh-us-11/Miller/BH_US_11_Miller_Battery_Firmware_Public_Slides.pdf

[Duflot 2006] Using CPU System Management Mode to Circumvent Operating System Security Function, https://www.researchgate.net/publication/241643659_Using_CPU_System_Management_Mode_to_Circumvent_Operating_System_Security_Functions

[CIH 1998] CIH, https://en.wikipedia.org/wiki/CIH_(computer_virus))

[Sun 2007] BIOS Boot Hijacking, http://powerofcommunity.net/poc2007/sunbing.pdf

[Ermolov 2016] Safeguarding Rootkits: Intel Boot Guard, https://github.com/flothrone/bootguard/blob/master/Intel%20BootGuard%20final.pdf

[Ermolov DC 2017] Safeguarding Rootkits: Intel Boot Guard (part2),https://github.com/flothrone/bootguard/blob/master/Intel%20BG%20part2.pdf

[Matrosov BH 2017] Betraying the BIOS, https://www.blackhat.com/docs/us-17/wednesday/us-17-Matrosov-Betraying-The-BIOS-Where-The-Guardians-Of-The-BIOS-Are-Failing.pdf

[Matrosov BH 2019] Modern Secure Boot Attacks,http://i.blackhat.com/asia-19/Fri-March-29/bh-asia-Matrosov-Modern-Secure-Boot-Attacks.pdf

[Han BH 2018] I don’t want to sleep tonight – Subverting Intel TXT with S3 Sleep, https://i.blackhat.com/briefings/asia/2018/asia-18-Seunghun-I_Dont_Want_to_Sleep_Tonight_Subverting_Intel_TXT_with_S3_Sleep.pdf

[Han BH 2019] Finally I can sleep tonight – catching sleep mode vulnerabilities of the TPM with the napper, http://i.blackhat.com/asia-19/Thu-March-28/bh-asia-Seunghun-Finally-I-Can-Sleep-Tonight-Catching-Sleep-Mode-Vulnerabilities-of-the-TPM-with-the-Napper.pdf

[Chen BH 2009] Reversing and exploiting an Apple firmware update, https://www.blackhat.com/presentations/bh-usa-09/CHEN/BHUSA09-Chen-RevAppleFirm-SLIDES.pdf

[Weinmann 2010] The hidden nemesis,https://media.ccc.de/v/27c3-4174-en-the_hidden_nemesis/related

[Cui BH 2011] Print me if you dare,https://academiccommons.columbia.edu/doi/10.7916/D8QJ7RG3

[Domas BH 2018] God Mode Unlocked Hardware Backdoors in X86 CPUs, http://i.blackhat.com/us-18/Thu-August-9/us-18-Domas-God-Mode-Unlocked-Hardware-Backdoors-In-x86-CPUs.pdf

Authors

Jiewen Yao (jiewen.yao@intel.com) is a Principal Engineer with Intel Architecture, Graphic and Software Group at Intel Corporation. He is security architect in EDK II BIOS. Jiewen is member of UEFI Security Sub-team and PI Security Sub-team in the UEFI Forum.

Chris Wu (chris.wu@intel.com) is a validation leader with Intel Architecture, Graphic and Software Group at Intel Corporation.

Vincent J. Zimmer (vincent.zimmer@intel.com) is a Senior Principal Engineer with Intel Architecture, Graphic and Software Group at Intel Corporation. Vincent chairs the UEFI Security and Network Sub-teams in the UEFI Forum.