Your search keyword '"uefi firmware"' showing total 2 results

1. UEFI-based Research on the Inner Operation Mechanism and Characteristics of Firmware Vulnerabilities in Key Devices of Electric Power Monitoring Systems

Author

Chen Mingliang, Yu Yingting, Xie Guoqiang, Zeng Chuanhan, and Xu Zaide

Subjects

uefi firmware, fuzzy testing method, simulated annealing algorithm, power monitoring system, vulnerability detection, 74m05, Mathematics, QA1-939

Abstract

With the large number of computer technology and modern communication technology used in power monitoring systems, its security protection is constantly facing new challenges. The UEFI firmware is used to construct the physical connection structure of key devices in the power monitoring system in this paper. Using fuzzy testing methods to mine the vulnerabilities existing in the power monitoring system by generating a large number of variant test cases as the monitoring object, based on the collection of information of the basic blocks covered during the test run of the vulnerability seed to determine the target point to which the seed belongs. The coverage weight of the seed is determined with the help of the simulated annealing algorithm in order to accomplish task division of the target point. The fuzzy test method is used to analyze the operation mechanism and characteristics of the vulnerabilities in the power monitoring system, and the firmware attack mechanism of different HOOKs under UEFI is explored to summarize the characteristics of the scenarios in which the vulnerabilities appear in the power system as well as their impacts. The results show that the impact caused by vulnerabilities in the power monitoring system on the generation side and transmission side is mainly to damage the integrity and availability of information, the integrity and availability of the vulnerabilities in the generation side of the production side of the device with a risk rating of 63.74, 71.73, respectively, and the vulnerabilities in the transmission side of the SCADA with a risk rating of 79.04, 69.36, respectively. The vulnerabilities detected 608 security vulnerabilities were implanted in the UEF module, and 653 possible security problems were reported by the detection, of which the statistical underreporting rate was 1.48% and the false alarm rate was 9.05%.

Published

2024

2. Delving Deep into Reverse Engineering of UEFI Firmwares via Human Interface Infrastructure.

Author

Chen, Siyi, Tan, Yu-An, Qiu, Kefan, Zhang, Zheng, Li, Yuanzhang, and Zhang, Quanxin

Subjects

REVERSE engineering, HUMAN beings

Abstract

The Unified Extensible Firmware Interface (UEFI) provides a specification of the software interface between an OS and its underlying platform firmware. UEFI UI is an interactive interface that allows users to configure and manage UEFI settings, which is closely related to HII (Human Interface Infrastructure). In practice, HII provides a mechanism that allows developers to create UI elements with HII-related protocols. In this paper, we provide a comprehensive analysis of the UEFI combined with a case study. We proposed a protocol-centered static analysis method to obtain UEFI's password policy, using HII-related protocols to find password implementation. Existing static analyses are ineffective in detecting such password policy in stripped UEFI firmware images. By reverse-engineering the IFR (Internal Forms Representation) in HII, we located where much sensitive information is stored. Lastly, we studied hardware port configurations, using Secure Boot as a case in point. We analyzed how UEFI uses the HII protocol to set relevant information in the UEFI UI. This paper is the first to offer a reverse-engineering systematic analysis of exploring UEFI via HII, providing valuable insights into its structure and potential enhancements for firmware security. [ABSTRACT FROM AUTHOR]

Published

2023