《電子技術(shù)應(yīng)用》
您所在的位置:首頁(yè) > 通信與網(wǎng)絡(luò) > 設(shè)計(jì)應(yīng)用 > UEFI固件Double-fetch條件競(jìng)爭(zhēng)漏洞模糊測(cè)試技術(shù)研究
UEFI固件Double-fetch條件競(jìng)爭(zhēng)漏洞模糊測(cè)試技術(shù)研究
網(wǎng)絡(luò)安全與數(shù)據(jù)治理
尹嘉偉1,2,史記1,張禹1,戴戈1,王琛1,湛藍(lán)藍(lán)1
1.中電網(wǎng)絡(luò)空間研究院有限公司; 2.中國(guó)科學(xué)院信息工程研究所
摘要: 基于統(tǒng)一可擴(kuò)展固件接口(Unified Extensible Firmware Interface, UEFI)標(biāo)準(zhǔn)實(shí)現(xiàn)的固件已廣泛應(yīng)用于個(gè)人計(jì)算機(jī)、云服務(wù)器以及網(wǎng)絡(luò)設(shè)備, UEFI固件服務(wù)漏洞會(huì)引發(fā)嚴(yán)重安全威脅,模糊測(cè)試是檢測(cè)漏洞的主要手段。然而,受限于傳統(tǒng)內(nèi)存類漏洞機(jī)理,當(dāng)前UEFI固件模糊測(cè)試方法無(wú)法檢測(cè)諸如UEFI固件Double-fetch條件競(jìng)爭(zhēng)漏洞等特殊類型漏洞。提出了Double-fetch信息引導(dǎo)的UEFI固件服務(wù)模糊測(cè)試方法,并實(shí)現(xiàn)了原型系統(tǒng)UEFIDFFuzzer,通過(guò)對(duì)來(lái)自英特爾廠商的114個(gè)UEFI固件服務(wù)驅(qū)動(dòng)進(jìn)行測(cè)試, UEFIDFFuzzer發(fā)現(xiàn)了兩個(gè)現(xiàn)有UEFI模糊測(cè)試工具RSFuzzer以及靜態(tài)分析工具efiXplorer沒(méi)有發(fā)現(xiàn)的UEFI固件Double-fetch零日漏洞。
中圖分類號(hào):TP309文獻(xiàn)標(biāo)識(shí)碼:ADOI:10.19358/j.issn.2097-1788.2025.04.003
引用格式:尹嘉偉,史記,張禹,等. UEFI固件Doublefetch條件競(jìng)爭(zhēng)漏洞模糊測(cè)試技術(shù)研究[J].網(wǎng)絡(luò)安全與數(shù)據(jù)治理,2025,44(4):19-23,51.
Research on fuzzing techniques for UEFI firmware Double-fetch race condition vulnerability
Yin Jiawei 1,2,Shi Ji 1,Zhang Yu1,Dai Ge 1,Wang Chen 1,Zhan Lanlan 1
1. Academy of Cyber; 2. Institute of Information Engineering, Chinese Academy of Sciences
Abstract: The firmware implemented based on the Unified Extensible Firmware Interface (UEFI) standard has been widely adopted in personal computers, cloud servers, and network equipment. Vulnerabilities in UEFI firmware services can pose severe security threats. Fuzzing testing serves as a primary method for vulnerability detection. However, constrained by traditional memory vulnerability mechanisms, current UEFI firmware fuzzing approaches fail to detect special-type vulnerabilities such as Double-fetch race condition vulnerabilities in UEFI firmware. This paper proposes a Double-fetch-aware fuzzing methodology for UEFI firmware services and implements a prototype system named UEFIDFFuzzer. Through testing 114 UEFI firmware service drivers from Intel-based vendors, UEFIDFFuzzer successfully identified two previously undetected UEFI firmware Double-fetch zero-day vulnerabilities that existing UEFI fuzzing tools (RSFuzzer) and static analysis tools (efiXplorer) had missed.
Key words : UEFI; Double-fetch vulnerability; fuzzing

引言

統(tǒng)一可擴(kuò)展固件接口(Unified Extensible Firmware Interface, UEFI)規(guī)范[1]定義了上層操作系統(tǒng)與底層硬件之間的標(biāo)準(zhǔn)接口。當(dāng)前,數(shù)十億臺(tái)個(gè)人計(jì)算機(jī)、云服務(wù)器以及網(wǎng)絡(luò)設(shè)備部署了基于UEFI標(biāo)準(zhǔn)實(shí)現(xiàn)的固件,這些設(shè)備遍布于整個(gè)計(jì)算機(jī)網(wǎng)絡(luò)生態(tài)中的各個(gè)環(huán)節(jié),因此UEFI固件安全關(guān)乎整個(gè)計(jì)算機(jī)網(wǎng)絡(luò)生態(tài)安全。然而,近幾年,UEFI固件安全漏洞數(shù)量不斷攀升,漏洞機(jī)理日趨復(fù)雜,出現(xiàn)了UEFI固件條件競(jìng)爭(zhēng)漏洞等具有特殊漏洞機(jī)理的UEFI固件漏洞,嚴(yán)重危害到了UEFI固件安全。模糊測(cè)試是自動(dòng)化漏洞挖掘的主要技術(shù),然而,受限于傳統(tǒng)內(nèi)存類漏洞機(jī)理,當(dāng)前UEFI固件模糊測(cè)試方法無(wú)法檢測(cè)UEFI固件Doublefetch條件競(jìng)爭(zhēng)漏洞,因此,研究針對(duì)UEFI固件條件競(jìng)爭(zhēng)漏洞的模糊測(cè)試方法具有非常重要的意義。


本文詳細(xì)內(nèi)容請(qǐng)下載:

http://www.theprogrammingfactory.com/resource/share/2000006408


作者信息:

尹嘉偉1,2,史記1,張禹1,戴戈1,王琛1,湛藍(lán)藍(lán)1

(1.中電網(wǎng)絡(luò)空間研究院有限公司,北京100043;

2.中國(guó)科學(xué)院信息工程研究所,北京100084)


Magazine.Subscription.jpg

此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。