Boot firmware, like UEFI-compliant firmware, has been the target of numerous attacks, giving the attacker control over the entire system while being undetected. The measured boot mechanism of a computer platform ensures its integrity by using cryptographic measurements to detect such attacks. This is typically performed by relying on a Trusted Platform Module (TPM). Recent work, however, shows that vendors do not respect the specifications that have been devised to ensure the integrity of the firmware’s loading process. As a result, attackers may bypass such measurement mechanisms and successfully load a modified firmware image while remaining unnoticed. In this paper we introduce BootKeeper, a static analysis approach verifying a set of key security properties on boot firmware images before deployment, to ensure the integrity of the measured boot process. We evaluate BootKeeper against several attacks on common boot firmware implementations and demonstrate its applicability.

Bootkeeper: Validating software integrity properties on boot firmware images / R. Chevalier, S. Cristalli, C. Hauser, Y. Shoshitaishvili, R. Wang, C. Kruegel, G. Vigna, D. Bruschi, A. Lanzi - In: CODASPY '19 : Proceedings[s.l] : ACM, 2019 Mar. - ISBN 9781450360999. - pp. 315-325 (( Intervento presentato al 9. convegno CODASPY tenutosi a Richardson nel 2019 [10.1145/3292006.3300026].

Bootkeeper: Validating software integrity properties on boot firmware images

S. Cristalli;D. Bruschi;A. Lanzi
2019

Abstract

Boot firmware, like UEFI-compliant firmware, has been the target of numerous attacks, giving the attacker control over the entire system while being undetected. The measured boot mechanism of a computer platform ensures its integrity by using cryptographic measurements to detect such attacks. This is typically performed by relying on a Trusted Platform Module (TPM). Recent work, however, shows that vendors do not respect the specifications that have been devised to ensure the integrity of the firmware’s loading process. As a result, attackers may bypass such measurement mechanisms and successfully load a modified firmware image while remaining unnoticed. In this paper we introduce BootKeeper, a static analysis approach verifying a set of key security properties on boot firmware images before deployment, to ensure the integrity of the measured boot process. We evaluate BootKeeper against several attacks on common boot firmware implementations and demonstrate its applicability.
firmware; TPM; SCRTM; binary analysis
Settore INF/01 - Informatica
ACM SIGSAC
Book Part (author)
File in questo prodotto:
File Dimensione Formato  
p315-chevalier.pdf

accesso riservato

Tipologia: Publisher's version/PDF
Dimensione 1.1 MB
Formato Adobe PDF
1.1 MB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/656709
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? 1
social impact