TY - JOUR
T1 - An automated framework for detecting and mitigating memory safety vulnerabilities in UEFI firmware
AU - Lu, Zheng
AU - Tan, Yu an
AU - Cheng, Xiaochun
AU - Zheng, Zhihan
AU - Shi, Ning
AU - Li, Yuanzhang
N1 - Publisher Copyright:
© 2024
PY - 2025/3
Y1 - 2025/3
N2 - The Unified Extensible Firmware Interface (UEFI) firmware has seen a rapid escalation in program size and complexity, including complex functional modules, diverse driver loading schemes, and innovative interface configurations, all of which expand the potential attack surface. In the field of computer security, there is a strong emphasis on quickly detecting both new and existing vulnerabilities. However, the subsequent critical steps, prioritizing and remedying these vulnerabilities, sometimes do not receive as much attention. We have detected a significant number of memory safety vulnerabilities in existing firmware images, which are reported but still remain in the latest firmware versions. In this paper, we introduce a novel framework, efiMemGuard, detecting and mitigating memory safety vulnerabilities in UEFI firmware. Our innovation with efiMemGuard is characterized by the synergistic integration of detection and mitigation mechanisms. It automatically implements mitigation based on the detection results, which including the majority of common memory security vulnerabilities found in UEFI firmware. Utilizing static analysis, we systematically locate memory safety vulnerabilities across UEFI firmware images from major vendors and deploy targeted repairs to mitigate these vulnerabilities efficiently. Our detection methodology primarily targets published Common Vulnerabilities and Exposures(CVEs) and potential vulnerabilities similar to published CVEs. Our analysis contains 851 firmware samples, identifying memory safety vulnerabilities in 194 instances. We have discovered that a significant number of known vulnerabilities remain unfixed, even in the latest versions of these vendors’ firmware. The experimental results show that efiMemGuard achieved an average precision of 85% and a recall of 78% in identifying memory safety vulnerabilities. Besides this, the mitigation module of efiMemGuard resulted in only a 12.5% average increase in execution time, which is more efficient than the traditional stack canary approach that led to an average increase of 71.6%.
AB - The Unified Extensible Firmware Interface (UEFI) firmware has seen a rapid escalation in program size and complexity, including complex functional modules, diverse driver loading schemes, and innovative interface configurations, all of which expand the potential attack surface. In the field of computer security, there is a strong emphasis on quickly detecting both new and existing vulnerabilities. However, the subsequent critical steps, prioritizing and remedying these vulnerabilities, sometimes do not receive as much attention. We have detected a significant number of memory safety vulnerabilities in existing firmware images, which are reported but still remain in the latest firmware versions. In this paper, we introduce a novel framework, efiMemGuard, detecting and mitigating memory safety vulnerabilities in UEFI firmware. Our innovation with efiMemGuard is characterized by the synergistic integration of detection and mitigation mechanisms. It automatically implements mitigation based on the detection results, which including the majority of common memory security vulnerabilities found in UEFI firmware. Utilizing static analysis, we systematically locate memory safety vulnerabilities across UEFI firmware images from major vendors and deploy targeted repairs to mitigate these vulnerabilities efficiently. Our detection methodology primarily targets published Common Vulnerabilities and Exposures(CVEs) and potential vulnerabilities similar to published CVEs. Our analysis contains 851 firmware samples, identifying memory safety vulnerabilities in 194 instances. We have discovered that a significant number of known vulnerabilities remain unfixed, even in the latest versions of these vendors’ firmware. The experimental results show that efiMemGuard achieved an average precision of 85% and a recall of 78% in identifying memory safety vulnerabilities. Besides this, the mitigation module of efiMemGuard resulted in only a 12.5% average increase in execution time, which is more efficient than the traditional stack canary approach that led to an average increase of 71.6%.
KW - Memory safety
KW - Reverse engineering
KW - Static analysis
KW - UEFI firmware
KW - Vulnerabilities detection
KW - Vulnerabilities mitigation
UR - http://www.scopus.com/inward/record.url?scp=85211251933&partnerID=8YFLogxK
U2 - 10.1016/j.compeleceng.2024.109945
DO - 10.1016/j.compeleceng.2024.109945
M3 - Article
AN - SCOPUS:85211251933
SN - 0045-7906
VL - 122
JO - Computers and Electrical Engineering
JF - Computers and Electrical Engineering
M1 - 109945
ER -