Publication | Closed Access
Malicious code detection for open firmware
30
Citations
20
References
2003
Year
Unknown Venue
EngineeringEvasion TechniqueInformation SecurityVerificationMalicious Boot FirmwareInformation ForensicsSignificant Security RiskSoftware AnalysisFormal VerificationMalware AnalysisFirmware DetectionSystems EngineeringMalicious Code DetectionTrusted Execution EnvironmentHardware Security SolutionOperating System SecurityComputer EngineeringComputer ScienceDevice DriverData SecurityOperating SystemsProgram AnalysisSoftware TestingFirmware SecurityBoot FirmwareSystem Software
Malicious boot firmware poses a significant but largely unrecognized security risk, as it runs before the operating system and can bypass OS‑based defenses, and is often supplied by third‑party manufacturers of unknown origin. The authors propose load‑time verification of onboard device drivers against a standard security policy to limit access to system resources. They are building a prototype of this verification technique for open firmware boot platforms.
Malicious boot firmware is a largely unrecognized but significant security risk to our global information infrastructure. Since boot firmware executes before the operating system is loaded, it can easily circumvent any operating system-based security mechanism. Boot firmware programs are typically written by third-party device manufacturers and may come from various suppliers of unknown origin. We describe an approach to this problem based on load-time verification of onboard device drivers against a standard security policy designed to limit access to system resources. We also describe our ongoing effort to construct a prototype of this technique for open firmware boot platforms.
| Year | Citations | |
|---|---|---|
Page 1
Page 1