BIOS chronomancy

Butterworth, John; Kallenberg, Corey; Kovah, Xeno; Herzog, Amy L.

doi:10.1145/2508859.2516714

Cited by 21 publications

(3 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, malware could infiltrate the BIOS (Basic Input/Output System) or UEFI (Unified Extensible Firmware Interface), the firmware that initializes the system before running any software. This level of infection poses a grave threat, as malware can survive system reboots and even persist following OS reinstalls, thereby attaining low-level system access to potentially compromise the system further [18].…”

Section: A Secure Boot: Secure Architecturesmentioning

confidence: 99%

Toward Hardware-Assisted Malware Detection Utilizing Explainable Machine Learning: A Survey

Nasser,

Nassar

2023

IEEE Access

View full text Add to dashboard Cite

Hardware joined the battle against malware by introducing secure boot architectures, malware-aware processors, and trusted platform modules. Hardware performance indicators, power profiles, and side channel information can be leveraged at run-time via machine learning for continuous monitoring and protection. The explainability of these machine learning algorithms may play a crucial role in interpreting their results and avoiding false positives. In this paper, we present an eagle eye on the state of the art of these components: we examine secure architectures and malware-aware processors such as those implemented in the RISC-V Instruction Set Architecture and Reduced Instruction Set Computer (RISC). We categorize hardware-assisted solutions increased by machine learning for classification. We survey recently proposed software-assisted and hardware-assisted explainability algorithms in our context. In the discussion, we suggest that (1) safe architectures that guarantee secure device boot are a must, (2) Sidechannel approaches are challenging to integrate into embedded systems, yet they show promise in terms of efficiency, (3) malware-aware processors provide valuable features for malware detection software, and (4) Without explainability, malware detection software is error-prone and can be easily bypassed.

show abstract

Section: A Secure Boot: Secure Architecturesmentioning

confidence: 99%

Toward Hardware-Assisted Malware Detection Utilizing Explainable Machine Learning: A Survey

Nasser,

Nassar

2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…As an example, Kauer [2007] modify the BIOS by showing that by rebooting the system the Core Root of Trust for Measurement (CRTM) of the TPM can be changed without being noticed. [Butterworth et al 2013] also present a vulnerability that allows an attacker to take control of the BIOS update process and re-flash it with an arbitrary image despite the presence of signed enforcement. This class of rootkits has been called "Ring -2 rootkits" (level -1 being hypervisor rootkits).…”

Section: Existing Attacksmentioning

confidence: 99%

Evolution of Attacks, Threat Models, and Solutions for Virtualized Systems

Sgandurra

Lupu

2016

ACM Comput. Surv.

View full text Add to dashboard Cite

Virtualization technology enables Cloud providers to efficiently use their computing services and resources. Even if the benefits in terms of performance, maintenance, and cost are evident, virtualization has also been exploited by attackers to devise new ways to compromise a system. To address these problems, research security solutions have considerably evolved over the years to cope with new attacks and threat models. In this work we review the protection strategies proposed in the literature and show how some of the solutions have been invalidated by new attacks, or threat models, that were previously not considered. The goal is to show the evolution of the threats, and of the related security and trust assumptions, in virtualized systems which have given rise to complex threat models and the corresponding sophistication of protection strategies to deal with such attacks. We also categorize threat models, security and trust assumptions, and attacks against a virtualized system at the different layers, in particular hardware, virtualization, OS, application.

show abstract

“…The UEFI operating system runs on top of the UEFI firmware and can usually be viewed as a tandem of a UEFI application, serving as an operating system bootloader and a UEFIcompatible kernel, which is aware of the features brought by the UEFI firmware via the UEFI specification. Alongside UEFI, alternative open-source projects such as coreboot [4], libreboot [5], linuxboot [6], and u-boot [6] offer different approaches and philosophies to firmware initialization, focusing on modularity, security, and the freedom to customize the boot process to specific needs and hardware configurations. HII (Human Interface Infrastructure) [7,8] is a part of the UEFI specification, which provides a standard framework for managing user interfaces based on UEFI systems.…”

Section: Introductionmentioning

confidence: 99%

Delving Deep into Reverse Engineering of UEFI Firmwares via Human Interface Infrastructure

Chen,

Tan,

Qiu

et al. 2023

Electronics

View full text Add to dashboard Cite

The Unified Extensible Firmware Interface (UEFI) provides a specification of the software interface between an OS and its underlying platform firmware. UEFI UI is an interactive interface that allows users to configure and manage UEFI settings, which is closely related to HII (Human Interface Infrastructure). In practice, HII provides a mechanism that allows developers to create UI elements with HII-related protocols. In this paper, we provide a comprehensive analysis of the UEFI combined with a case study. We proposed a protocol-centered static analysis method to obtain UEFI’s password policy, using HII-related protocols to find password implementation. Existing static analyses are ineffective in detecting such password policy in stripped UEFI firmware images. By reverse-engineering the IFR (Internal Forms Representation) in HII, we located where much sensitive information is stored. Lastly, we studied hardware port configurations, using Secure Boot as a case in point. We analyzed how UEFI uses the HII protocol to set relevant information in the UEFI UI. This paper is the first to offer a reverse-engineering systematic analysis of exploring UEFI via HII, providing valuable insights into its structure and potential enhancements for firmware security.

show abstract

BIOS chronomancy

Cited by 21 publications

References 11 publications

Toward Hardware-Assisted Malware Detection Utilizing Explainable Machine Learning: A Survey

Toward Hardware-Assisted Malware Detection Utilizing Explainable Machine Learning: A Survey

Evolution of Attacks, Threat Models, and Solutions for Virtualized Systems

Delving Deep into Reverse Engineering of UEFI Firmwares via Human Interface Infrastructure

Contact Info

Product

Resources

About