TY - GEN
T1 - Bootkeeper
T2 - 9th ACM Conference on Data and Application Security and Privacy, CODASPY 2019
AU - Chevalier, Ronny
AU - Cristalli, Stefano
AU - Hauser, Christophe
AU - Shoshitaishvili, Yan
AU - Wang, Ruoyu
AU - Kruegel, Christopher
AU - Vigna, Giovanni
AU - Bruschi, Danilo
AU - Lanzi, Andrea
N1 - Publisher Copyright:
© 2019 Association for Computing Machinery.
PY - 2019/3/13
Y1 - 2019/3/13
N2 - Boot firmware, like UEFI-compliant firmware, has been the target of numerous attacks, giving the attacker control over the entire system while being undetected. The measured boot mechanism of a computer platform ensures its integrity by using cryptographic measurements to detect such attacks. This is typically performed by relying on a Trusted Platform Module (TPM). Recent work, however, shows that vendors do not respect the specifications that have been devised to ensure the integrity of the firmware’s loading process. As a result, attackers may bypass such measurement mechanisms and successfully load a modified firmware image while remaining unnoticed. In this paper we introduce BootKeeper, a static analysis approach verifying a set of key security properties on boot firmware images before deployment, to ensure the integrity of the measured boot process. We evaluate BootKeeper against several attacks on common boot firmware implementations and demonstrate its applicability.
AB - Boot firmware, like UEFI-compliant firmware, has been the target of numerous attacks, giving the attacker control over the entire system while being undetected. The measured boot mechanism of a computer platform ensures its integrity by using cryptographic measurements to detect such attacks. This is typically performed by relying on a Trusted Platform Module (TPM). Recent work, however, shows that vendors do not respect the specifications that have been devised to ensure the integrity of the firmware’s loading process. As a result, attackers may bypass such measurement mechanisms and successfully load a modified firmware image while remaining unnoticed. In this paper we introduce BootKeeper, a static analysis approach verifying a set of key security properties on boot firmware images before deployment, to ensure the integrity of the measured boot process. We evaluate BootKeeper against several attacks on common boot firmware implementations and demonstrate its applicability.
KW - Binary analysis
KW - Firmware
KW - SCRTM
KW - TPM
UR - http://www.scopus.com/inward/record.url?scp=85063864029&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85063864029&partnerID=8YFLogxK
U2 - 10.1145/3292006.3300026
DO - 10.1145/3292006.3300026
M3 - Conference contribution
AN - SCOPUS:85063864029
T3 - CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy
SP - 315
EP - 325
BT - CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy
PB - Association for Computing Machinery, Inc
Y2 - 25 March 2019 through 27 March 2019
ER -