摘要
UEFI(uniform extensible firmware interface,统一可扩展固件接口)标准近年来已被广泛应用于计算机系统。针对UEFI固件的动态分析方法严重受限于运行环境的扩展性的问题,提出了一种高效的UEFI固件模拟执行方法DxeEmulator。该方法可以自动解析固件文件系统,完善DXE驱动运行所需的数据依赖和代码依赖,并按照驱动之间的依赖关系调度驱动。在6个品牌生产商的665个固件上测试了DxeEmulator的效果,相比现有工作基本块覆盖数量有大幅提升。基于DxeEmulator构造了一个漏洞挖掘模块,在数据集中共发现了12个缓冲区溢出漏洞,其中包含9个0-day漏洞。
UEFI(uniform extensible firmware interface)specifications have found extensive deployment in computer systems.The poor scalability of the running environment severely limits dynamic analysis methods on UEFI firmware.To solve this challenge,we introduce DxeEmulator,a high-efficiency UEFI emulator.DxeEmulator is capable parsing the firmware file sys⁃tem,identifying the data dependencies and code dependencies,and automatically dispatching drivers.We conducted an evaluated DxeEmulator using a real-world dataset of 665 firmware images across 6 vendors.The results demonstrate that DxeEmulator achieves a notably improved coverage compared to existing work.Additionally,we implemented a vulnerability detection module based on DxeEmulator,uncovering 12 buffer overflow vulnerabilities,including 90-day vulnerabilities.
作者
操方涛
傅建明
李子川
CAO Fangtao;FU Jianming;LI Zichuan(Key Laboratory of Aerospace Information Security and Trusted Computing,Ministry of Education,School of Cyber Science and Engineering,Wuhan University,Wuhan 430072,Hubei,China)
出处
《武汉大学学报(理学版)》
CAS
CSCD
北大核心
2023年第6期690-698,共9页
Journal of Wuhan University:Natural Science Edition
基金
国家自然科学基金(61972297,62172308,62172144)。
关键词
UEFI模拟执行
UNICORN
UEFI固件解析
协议依赖
驱动调度
漏洞检测
UEFI(uniform extensible firmware interface)emulation
Unicorn
UEFI firmware parsing
protocol dependency
driver scheduling
vulnerabilities detection
