Symbolic Execution for BIOS Security
نویسندگان
چکیده
We are building a tool that uses symbolic execution to search for BIOS security vulnerabilities including dangerous memory references (call outs) by SMM interrupt handlers in UEFI-compliant implementations of BIOS. Our tool currently applies only to interrupt handlers for SMM variables. Given a snapshot of SMRAM, the base address of SMRAM, and the address of the variable interrupt handler in SMRAM, the tool uses SE to run the KLEE symbolic execution engine to search for concrete examples of a call to the interrupt handler that causes the handler to read memory outside of SMRAM. This is a work in progress. We discuss our approach, our current status, our plans for the tool, and the obstacles we face.
منابع مشابه
SecureSwitch: BIOS-Assisted Isolation and Switch between Trusted and Untrusted Commodity OSes
Protecting commodity desktop systems that run commercial operating systems (OS) without adversely impacting performance or usability remains an open problem. To make matters worse, the overall system security depends on desktop applications with complex code-bases that performmultiple and inter-dependent tasks often dictated by Internet-borne code. Recent research has indicated the need for con...
متن کاملAn Execution Infrastructure for TCB Minimization
We present Flicker, an infrastructure for executing security-sensitive code in complete isolation while trusting as few as 250 lines of additional code. Flicker can also provide meaningful, fine-grained attestation of the code executed (as well as its inputs and outputs) to a remote party. Flicker guarantees these properties even if the BIOS, OS and DMA-enabled devices are all malicious. Flicke...
متن کاملTesting C Programs for Vulnerability Using Trace-Based Symbolic Execution and Satisfiability Analysis
Security testing has gained significant attention recently due to the huge number of attacks against software systems. This paper presents a novel security testing method using trace-based symbolic execution and satisfiability analysis. It reuses test cases generated from traditional functional testing to produce execution traces. An execution trace is a sequence of program statements exercised...
متن کاملInformation security underlying transparent computing: Impacts, visions and challenges
The rapid development of computer network technologies and social informationalization has brought many new opportunities and challenges in information security. With improved information and service sharing enjoyed by more and more people, how to strengthen the information security has become an increasingly critical issue. In this paper, we propose a new network security mechanism based on a ...
متن کاملSymbolic Execution and Software Testing
We review different flavors of symbolic execution, ranging from generalized symbolic execution to dynamic symbolic execution or concolic testing. We also identify challenges to symbolic execution, such as dealing with: looping constructs, multi-threading, recursive data structures, and complex mathematical constraints, as well as scalability challenges due to the path explosion problem. We disc...
متن کامل