BootKeeper: Validating Software Integrity Properties on Boot Firmware Images release_wf2oorppubdt7n5s46retn62pm

by Ronny Chevalier , Yan Shoshitaishvili , Giovanni Vigna, Danilo Bruschi, Andrea Lanzi

Released as a article .

2019  

Abstract

Boot firmware, like UEFI-compliant firmware, has been the target of numerous attacks, giving the attacker control over the entire system while being undetected. The measured boot mechanism of a computer platform ensures its integrity by using cryptographic measurements to detect such attacks. This is typically performed by relying on a Trusted Platform Module (TPM). Recent work, however, shows that vendors do not respect the specifications that have been devised to ensure the integrity of the firmware's loading process. As a result, attackers may bypass such measurement mechanisms and successfully load a modified firmware image while remaining unnoticed. In this paper we introduce BootKeeper, a static analysis approach verifying a set of key security properties on boot firmware images before deployment, to ensure the integrity of the measured boot process. We evaluate BootKeeper against several attacks on common boot firmware implementations and demonstrate its applicability.
In text/plain format

Archived Files and Locations

application/pdf  637.3 kB
file_xjpstpr5pfgvzk6lr6myuwesiy
arxiv.org (repository)
web.archive.org (webarchive)
Read Archived PDF
Preserved and Accessible
Type  article
Stage   submitted
Date   2019-03-29
Version   v1
Language   en ?
arXiv  1903.12505v1
Work Entity
access all versions, variants, and formats of this works (eg, pre-prints)
Catalog Record
Revision: 553e7864-78a2-4b32-8df9-3f7504fd12fa
API URL: JSON