BootKeeper:验证引导固件映像上的软件完整性属性

Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy Pub Date : 2019-03-13 DOI:10.1145/3292006.3300026

Ronny Chevalier, S. Cristalli, Christophe Hauser, Yan Shoshitaishvili, Ruoyu Wang, Christopher Krügel, G. Vigna, D. Bruschi, A. Lanzi

{"title":"BootKeeper:验证引导固件映像上的软件完整性属性","authors":"Ronny Chevalier, S. Cristalli, Christophe Hauser, Yan Shoshitaishvili, Ruoyu Wang, Christopher Krügel, G. Vigna, D. Bruschi, A. Lanzi","doi":"10.1145/3292006.3300026","DOIUrl":null,"url":null,"abstract":"Boot firmware, like UEFI-compliant firmware, has been the target of numerous attacks, giving the attacker control over the entire system while being undetected. The measured boot mechanism of a computer platform ensures its integrity by using cryptographic measurements to detect such attacks. This is typically performed by relying on a Trusted Platform Module (TPM). Recent work, however, shows that vendors do not respect the specifications that have been devised to ensure the integrity of the firmware's loading process. As a result, attackers may bypass such measurement mechanisms and successfully load a modified firmware image while remaining unnoticed. In this paper we introduce BootKeeper, a static analysis approach verifying a set of key security properties on boot firmware images before deployment, to ensure the integrity of the measured boot process. We evaluate BootKeeper against several attacks on common boot firmware implementations and demonstrate its applicability.","PeriodicalId":246233,"journal":{"name":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"BootKeeper: Validating Software Integrity Properties on Boot Firmware Images\",\"authors\":\"Ronny Chevalier, S. Cristalli, Christophe Hauser, Yan Shoshitaishvili, Ruoyu Wang, Christopher Krügel, G. Vigna, D. Bruschi, A. Lanzi\",\"doi\":\"10.1145/3292006.3300026\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Boot firmware, like UEFI-compliant firmware, has been the target of numerous attacks, giving the attacker control over the entire system while being undetected. The measured boot mechanism of a computer platform ensures its integrity by using cryptographic measurements to detect such attacks. This is typically performed by relying on a Trusted Platform Module (TPM). Recent work, however, shows that vendors do not respect the specifications that have been devised to ensure the integrity of the firmware's loading process. As a result, attackers may bypass such measurement mechanisms and successfully load a modified firmware image while remaining unnoticed. In this paper we introduce BootKeeper, a static analysis approach verifying a set of key security properties on boot firmware images before deployment, to ensure the integrity of the measured boot process. We evaluate BootKeeper against several attacks on common boot firmware implementations and demonstrate its applicability.\",\"PeriodicalId\":246233,\"journal\":{\"name\":\"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-03-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3292006.3300026\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3292006.3300026","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

与uefi兼容的固件一样，引导固件一直是许多攻击的目标，攻击者可以在不被发现的情况下控制整个系统。计算机平台的可测量启动机制通过使用加密测量来检测此类攻击，从而保证了平台的完整性。这通常通过依赖可信平台模块(Trusted Platform Module, TPM)来执行。然而，最近的工作表明，供应商不尊重为确保固件加载过程的完整性而设计的规范。因此，攻击者可以绕过这些测量机制，成功加载修改后的固件映像，而不被发现。在本文中，我们介绍了BootKeeper，这是一种静态分析方法，在部署之前验证引导固件映像上的一组关键安全属性，以确保测量的引导过程的完整性。我们评估了BootKeeper对常见引导固件实现的几种攻击，并展示了它的适用性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

BootKeeper: Validating Software Integrity Properties on Boot Firmware Images

Boot firmware, like UEFI-compliant firmware, has been the target of numerous attacks, giving the attacker control over the entire system while being undetected. The measured boot mechanism of a computer platform ensures its integrity by using cryptographic measurements to detect such attacks. This is typically performed by relying on a Trusted Platform Module (TPM). Recent work, however, shows that vendors do not respect the specifications that have been devised to ensure the integrity of the firmware's loading process. As a result, attackers may bypass such measurement mechanisms and successfully load a modified firmware image while remaining unnoticed. In this paper we introduce BootKeeper, a static analysis approach verifying a set of key security properties on boot firmware images before deployment, to ensure the integrity of the measured boot process. We evaluate BootKeeper against several attacks on common boot firmware implementations and demonstrate its applicability.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy

自引率

0.00%

发文量