TY - GEN
T1 - A Stealth Security Hardening Method Based on SSD Firmware Function Extension
AU - Yu, Xiao
AU - Li, Zhao
AU - Qiao, Xu
AU - Tan, Yuan
AU - Li, Yuanzhang
AU - Zhang, Li
N1 - Publisher Copyright:
© 2024, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
PY - 2024
Y1 - 2024
N2 - In recent years, issues related to information security have received increasing attention. Expanding the security-related functionality of SSD firmware can provide an additional method for implementing security features in the host system while taking advantage of the excellent performance of the SSD controller. This paper proposes a stealth security hardening method based on SSD Firmware Function Extension. By reverse engineering the firmware program and inserting jump instructions at specific locations, the firmware program can jump to and execute the extension program inserted into the original unused space of the firmware. This can be done without affecting the normal use of the SSD, realizing the functional expansion of the firmware, which mainly includes executing remote code sent by the host, invoking timers, direct read and write flash memory, and self-destruction under specific circumstances. The availability of extended functions and the change in read and write performance after the expansion were experimentally tested.
AB - In recent years, issues related to information security have received increasing attention. Expanding the security-related functionality of SSD firmware can provide an additional method for implementing security features in the host system while taking advantage of the excellent performance of the SSD controller. This paper proposes a stealth security hardening method based on SSD Firmware Function Extension. By reverse engineering the firmware program and inserting jump instructions at specific locations, the firmware program can jump to and execute the extension program inserted into the original unused space of the firmware. This can be done without affecting the normal use of the SSD, realizing the functional expansion of the firmware, which mainly includes executing remote code sent by the host, invoking timers, direct read and write flash memory, and self-destruction under specific circumstances. The availability of extended functions and the change in read and write performance after the expansion were experimentally tested.
KW - Functional extension
KW - SSD firmware
KW - Security hardening
UR - http://www.scopus.com/inward/record.url?scp=85178644807&partnerID=8YFLogxK
U2 - 10.1007/978-981-99-8138-0_29
DO - 10.1007/978-981-99-8138-0_29
M3 - Conference contribution
AN - SCOPUS:85178644807
SN - 9789819981373
T3 - Communications in Computer and Information Science
SP - 362
EP - 375
BT - Neural Information Processing - 30th International Conference, ICONIP 2023, Proceedings
A2 - Luo, Biao
A2 - Cheng, Long
A2 - Wu, Zheng-Guang
A2 - Li, Hongyi
A2 - Li, Chaojie
PB - Springer Science and Business Media Deutschland GmbH
T2 - 30th International Conference on Neural Information Processing, ICONIP 2023
Y2 - 20 November 2023 through 23 November 2023
ER -