Attacking Intel UEFI by Using Cache Poisoning

Artigo Acesso aberto Revisado por pares

Attacking Intel UEFI by Using Cache Poisoning

2019; IOP Publishing; Volume: 1187; Issue: 4 Linguagem: Inglês

10.1088/1742-6596/1187/4/042072

ISSN

1742-6596

Autores

Dong Wang, Wei Dong,

Tópico(s)

Advanced Malware Detection Techniques

Resumo

The Unified Extensible Firmware Interface (UEFI) is a software interface between an operating system and platform firmware designed to replace a traditional BIOS. In this paper, we evaluated the security mechanisms used to protected SPI Flash, and then analyzed the attack surface presented by those security mechanisms. Intel provides several registers in its chipset relevant to locking down the SPI Flash chip that contains the UEFI in order to prevent arbitrary writes. Since these registers implement their functions through the system management mode, the main attack surface is concentrated in the system management mode. In this paper, we propose an attack vector for the system management mode, which uses the method of cache poisoning to attack the system management mode and destroy the protection mechanism of SPI Flash. This method can overcome the limitations for the traditional attacks. Experimental results proved that this kind of attack can arbitrarily write to the UEFI.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

Attacking Intel UEFI by Using Cache Poisoning