Bootkeeper: Validating software integrity properties on boot firmware images

Ronny Chevalier; Stefano Cristalli; Christophe Hauser; Yan Shoshitaishvili; Ruoyu Wang; Christopher Kruegel; Giovanni Vigna; Danilo Bruschi; Andrea Lanzi

doi:10.1145/3292006.3300026

Bootkeeper: Validating software integrity properties on boot firmware images

Ronny Chevalier, Stefano Cristalli, Christophe Hauser, Yan Shoshitaishvili, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna, Danilo Bruschi, Andrea Lanzi

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Scopus citations

Abstract

Boot firmware, like UEFI-compliant firmware, has been the target of numerous attacks, giving the attacker control over the entire system while being undetected. The measured boot mechanism of a computer platform ensures its integrity by using cryptographic measurements to detect such attacks. This is typically performed by relying on a Trusted Platform Module (TPM). Recent work, however, shows that vendors do not respect the specifications that have been devised to ensure the integrity of the firmware’s loading process. As a result, attackers may bypass such measurement mechanisms and successfully load a modified firmware image while remaining unnoticed. In this paper we introduce BootKeeper, a static analysis approach verifying a set of key security properties on boot firmware images before deployment, to ensure the integrity of the measured boot process. We evaluate BootKeeper against several attacks on common boot firmware implementations and demonstrate its applicability.

Original language	English (US)
Title of host publication	CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy
Publisher	Association for Computing Machinery, Inc
Pages	315-325
Number of pages	11
ISBN (Electronic)	9781450360999
DOIs	https://doi.org/10.1145/3292006.3300026
State	Published - Mar 13 2019
Event	9th ACM Conference on Data and Application Security and Privacy, CODASPY 2019 - Richardson, United States Duration: Mar 25 2019 → Mar 27 2019

Publication series

Name	CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy

Conference

Conference	9th ACM Conference on Data and Application Security and Privacy, CODASPY 2019
Country/Territory	United States
City	Richardson
Period	3/25/19 → 3/27/19

Keywords

Binary analysis
Firmware
SCRTM
TPM

ASJC Scopus subject areas

Information Systems
Computer Science Applications
Software

Access to Document

10.1145/3292006.3300026

Cite this

Chevalier, R., Cristalli, S., Hauser, C., Shoshitaishvili, Y., Wang, R., Kruegel, C., Vigna, G., Bruschi, D., & Lanzi, A. (2019). Bootkeeper: Validating software integrity properties on boot firmware images. In CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy (pp. 315-325). (CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy). Association for Computing Machinery, Inc. https://doi.org/10.1145/3292006.3300026

Bootkeeper: Validating software integrity properties on boot firmware images. / Chevalier, Ronny; Cristalli, Stefano; Hauser, Christophe et al.
CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, 2019. p. 315-325 (CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Chevalier, R, Cristalli, S, Hauser, C, Shoshitaishvili, Y, Wang, R, Kruegel, C, Vigna, G, Bruschi, D & Lanzi, A 2019, Bootkeeper: Validating software integrity properties on boot firmware images. in CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy. CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy, Association for Computing Machinery, Inc, pp. 315-325, 9th ACM Conference on Data and Application Security and Privacy, CODASPY 2019, Richardson, United States, 3/25/19. https://doi.org/10.1145/3292006.3300026

Chevalier R, Cristalli S, Hauser C, Shoshitaishvili Y, Wang R, Kruegel C et al. Bootkeeper: Validating software integrity properties on boot firmware images. In CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc. 2019. p. 315-325. (CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy). doi: 10.1145/3292006.3300026

Chevalier, Ronny ; Cristalli, Stefano ; Hauser, Christophe et al. / Bootkeeper : Validating software integrity properties on boot firmware images. CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, 2019. pp. 315-325 (CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy).

@inproceedings{fc3a9db6fb974be0be949892af974533,

title = "Bootkeeper: Validating software integrity properties on boot firmware images",

abstract = "Boot firmware, like UEFI-compliant firmware, has been the target of numerous attacks, giving the attacker control over the entire system while being undetected. The measured boot mechanism of a computer platform ensures its integrity by using cryptographic measurements to detect such attacks. This is typically performed by relying on a Trusted Platform Module (TPM). Recent work, however, shows that vendors do not respect the specifications that have been devised to ensure the integrity of the firmware{\textquoteright}s loading process. As a result, attackers may bypass such measurement mechanisms and successfully load a modified firmware image while remaining unnoticed. In this paper we introduce BootKeeper, a static analysis approach verifying a set of key security properties on boot firmware images before deployment, to ensure the integrity of the measured boot process. We evaluate BootKeeper against several attacks on common boot firmware implementations and demonstrate its applicability.",

keywords = "Binary analysis, Firmware, SCRTM, TPM",

author = "Ronny Chevalier and Stefano Cristalli and Christophe Hauser and Yan Shoshitaishvili and Ruoyu Wang and Christopher Kruegel and Giovanni Vigna and Danilo Bruschi and Andrea Lanzi",

note = "Publisher Copyright: {\textcopyright} 2019 Association for Computing Machinery.; 9th ACM Conference on Data and Application Security and Privacy, CODASPY 2019 ; Conference date: 25-03-2019 Through 27-03-2019",

year = "2019",

month = mar,

day = "13",

doi = "10.1145/3292006.3300026",

language = "English (US)",

series = "CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy",

publisher = "Association for Computing Machinery, Inc",

pages = "315--325",

booktitle = "CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy",

}

TY - GEN

T1 - Bootkeeper

T2 - 9th ACM Conference on Data and Application Security and Privacy, CODASPY 2019

AU - Chevalier, Ronny

AU - Cristalli, Stefano

AU - Hauser, Christophe

AU - Shoshitaishvili, Yan

AU - Wang, Ruoyu

AU - Kruegel, Christopher

AU - Vigna, Giovanni

AU - Bruschi, Danilo

AU - Lanzi, Andrea

PY - 2019/3/13

Y1 - 2019/3/13

N2 - Boot firmware, like UEFI-compliant firmware, has been the target of numerous attacks, giving the attacker control over the entire system while being undetected. The measured boot mechanism of a computer platform ensures its integrity by using cryptographic measurements to detect such attacks. This is typically performed by relying on a Trusted Platform Module (TPM). Recent work, however, shows that vendors do not respect the specifications that have been devised to ensure the integrity of the firmware’s loading process. As a result, attackers may bypass such measurement mechanisms and successfully load a modified firmware image while remaining unnoticed. In this paper we introduce BootKeeper, a static analysis approach verifying a set of key security properties on boot firmware images before deployment, to ensure the integrity of the measured boot process. We evaluate BootKeeper against several attacks on common boot firmware implementations and demonstrate its applicability.

AB - Boot firmware, like UEFI-compliant firmware, has been the target of numerous attacks, giving the attacker control over the entire system while being undetected. The measured boot mechanism of a computer platform ensures its integrity by using cryptographic measurements to detect such attacks. This is typically performed by relying on a Trusted Platform Module (TPM). Recent work, however, shows that vendors do not respect the specifications that have been devised to ensure the integrity of the firmware’s loading process. As a result, attackers may bypass such measurement mechanisms and successfully load a modified firmware image while remaining unnoticed. In this paper we introduce BootKeeper, a static analysis approach verifying a set of key security properties on boot firmware images before deployment, to ensure the integrity of the measured boot process. We evaluate BootKeeper against several attacks on common boot firmware implementations and demonstrate its applicability.

KW - Binary analysis

KW - Firmware

KW - SCRTM

KW - TPM

UR - http://www.scopus.com/inward/record.url?scp=85063864029&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85063864029&partnerID=8YFLogxK

U2 - 10.1145/3292006.3300026

DO - 10.1145/3292006.3300026

M3 - Conference contribution

AN - SCOPUS:85063864029

T3 - CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy

SP - 315

EP - 325

BT - CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy

PB - Association for Computing Machinery, Inc

Y2 - 25 March 2019 through 27 March 2019

ER -

Bootkeeper: Validating software integrity properties on boot firmware images

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this