Symbolic execution for BIOS security
作者: Vincent Zimmer , Lee Rosenbaum , John Loucaides , Oleksandr Bazhaniuk , Mark R. Tuttle
DOI:
关键词:
摘要: We are building a tool that uses symbolic execution to search for BIOS security vulnerabilities including dangerous memory references (call outs) by SMM interrupt handlers in UEFI-compliant implementations of BIOS. Our currently applies only variables. Given snapshot SMRAM, the base address and variable handler S2E run KLEE engine concrete examples call causes read outside SMRAM. This is work progress. discuss our approach, current status, plans tool, obstacles we face.
参考文章(17)
Ricardo Corin, Felipe Andrés Manzano, Taint analysis of security code in the KLEE symbolic execution engine international conference on information and communication security. pp. 264- 275 ,(2012) , 10.1007/978-3-642-34129-8_23
Vitaly Chipounov, George Candea, Enabling Sophisticated Analysis of x86 Binaries with RevGen hot topics in system dependability. ,(2011)
David Brumley, Thanassis Avgerinos, Sang Kil Cha, Brent Lim Tze Hao, AEG: Automatic Exploit Generation network and distributed system security symposium. ,(2011) , 10.1184/R1/6468296.V1
Fabrice Bellard, QEMU, a fast and portable dynamic translator usenix annual technical conference. pp. 41- 41 ,(2005)
Thomas Ristenpart, Somesh Jha, Drew Davidson, Benjamin Moench, FIE on firmware: finding vulnerabilities in embedded systems using symbolic execution usenix security symposium. pp. 463- 478 ,(2013)
Cristian Cadar, Daniel Dunbar, Dawson Engler, KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs operating systems design and implementation. pp. 209- 224 ,(2008) , 10.5555/1855741.1855756
Koushik Sen, Darko Marinov, Gul Agha, CUTE: a concolic unit testing engine for C foundations of software engineering. ,vol. 30, pp. 263- 272 ,(2005) , 10.1145/1081706.1081750
Jonas Zaddach, Luca Bruno, Aurélien Francillon, Davide Balzarotti, AVATAR: A framework to support dynamic security analysis of embedded systems' firmwares network and distributed system security symposium. ,(2014) , 10.14722/NDSS.2014.23229
Prateek Saxena, Devdatta Akhawe, Steve Hanna, Feng Mao, Stephen McCamant, Dawn Song, A Symbolic Execution Framework for JavaScript ieee symposium on security and privacy. pp. 513- 528 ,(2010) , 10.1109/SP.2010.38
Patrice Godefroid, Nils Klarlund, Koushik Sen, DART: directed automated random testing programming language design and implementation. ,vol. 40, pp. 213- 223 ,(2005) , 10.1145/1064978.1065036