UEFI firmware vulnerability static detection method and device based on taint analysis

Abstract

The invention discloses a UEFI (Unified Extensible Firmware Interface) firmware vulnerability static detection method and device based on taint analysis, relates to the field of UEFI firmware static analysis, and aims at solving the problem that effective and automatic static analysis is not carried out on UEFI firmware vulnerability detection at present by utilizing technologies such as UEFI firmware mode matching and customized data flow analysis. By analyzing UEFI security standard specifications, UEFI firmware implementation examples and actual commercial equipment firmware, extracting UEFI firmware, recovering semantic information of the UEFI firmware, combining with code performance characteristics of vulnerabilities, tracking a propagation process of taint data with the vulnerabilities by adopting methods such as data stream tracking and mode matching, large-scale UEFI firmware vulnerability static scanning and detection are realized, and the vulnerability detection efficiency is improved. And identifying, positioning and discovering potential security vulnerability threat risks.

Description

technical field [0001] The invention relates to the field of static analysis of UEFI firmware, in particular to a method and device for static detection of UEFI firmware vulnerabilities based on stain analysis. Background technique [0002] UEFI firmware is software on Internet devices that implements access control to the underlying hardware. UEFI firmware is mainly responsible for running the hardware and driver initialization and verifying the integrity of the firmware during the power-on boot stage, and realizing the safe access control of the operating system to the hardware. Its functions mainly include: providing security protection measures such as processor overheat protection, power management , SPI Flash and other hardware resource access control and microcode update. In recent years, UEFI firmware vulnerabilities have emerged one after another, such as Thinkpwn and Aptio vulnerabilities. Attackers can use these vulnerabilities to implement access control of the ...

AI Technical Summary

Problems solved by technology

There are the following problems in large-scale UEFI firmware analysis using the current target program extraction and information recovery technology: (1) UEFI firmware is an unsigned binary program, and its implementation does not depend on standard C function libraries and standard system calls

UEFI firmware is customized and developed by IBV or OEM according to different product characteristics. Different IBV or OEM implement interfaces for different series of products in different ways. Analyzing UEFI Firmware Vulnerabilities Presents a Great Barrier

(3) UEFI firmware has an independent data flow cross-process and cross-file transmission mechanism. Traditional cross-process analysis techniques and methods cannot be directly applied to the static analysis of UEFI firmware. It is necessary to customize related cross-process, The cross-file data stream transmission mechanism can ensure the accurate and efficient implementation of taint analysis

However, since the data and logic transmission of UEFI firmware does not depend on traditional system call functions and standard library functions, it is impossible to obtain accurate program control flow graphs, and thus cannot accurately perform cross-process and cross-file taint analysis, and cannot obtain Valid Vulnerability Information

[0007] Static analysis of programs can realize large-scale analysis of UEFI firmware. However, due to problems such as unsigned, non-open source, no documentation, and heterogeneous program frameworks of UEFI firmware, traditional program extraction and semantic information recovery techniques cannot be directly applied to UEFI firmware. in the vulnerability detection analysis of

Images