FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W4288057751> ?p ?o ?g. }

• W4288057751 abstract "The Unified Extensible Firmware Interface (UEFI) provides a specification of the software interface between an OS and its underlying platform firmware. The runtime services provided are seemingly secure as they reside in System Management Mode (SMM) at ring -2, assuming a higher privilege than the OS kernel at ring 0. However, their software vulnerabilities are known to be exploitable to launch ring 0 to ring -2 privilege escalation, i.e., SMM privilege escalation attacks.In this paper, we introduce an effective static analysis framework for detecting SMM privilege escalation vulnerabilities in UEFI firmware. We present a systematic study of such vulnerabilities and identify their root causes as being two types of references that can escape from the SMRAM, legacy references and unintentional references. Existing static analyses are ineffective in detecting such vulnerabilities in stripped COTS UEFI firmware images, which are developed based on a customized callback mechanism that organizes callable functions into protocols identified by GUIDs. By leveraging such a callback-based programming paradigm, we introduce SPENDER, the first static detection framework, which is founded on a novel protocol-centric analysis, for uncovering the potential SMM privilege escalation vulnerabilities in UEFI firmware efficiently and precisely. For a total of 1148 UEFI binaries collected from eight vendors, SPENDER has successfully found 36 SMM privilege escalation vulnerabilities (two 1-day and 34 0-day vulnerabilities), which can cause arbitrary code execution and arbitrary address write (and can thus enable, e.g., the attackers to install a bootkit into a flash drive). We have reported these 36 vulnerabilities to the vendors, with the two 1-day vulnerabilities confirmed as known previously but the 34 0-day vulnerabilities confirmed as new." @default.
• W4288057751 created "2022-07-28" @default.
• W4288057751 creator A5035567860 @default.
• W4288057751 creator A5050683592 @default.
• W4288057751 creator A5053342263 @default.
• W4288057751 creator A5066398844 @default.
• W4288057751 creator A5074311174 @default.
• W4288057751 creator A5081342863 @default.
• W4288057751 creator A5084474343 @default.
• W4288057751 date "2022-05-01" @default.
• W4288057751 modified "2023-10-05" @default.
• W4288057751 title "Finding SMM Privilege-Escalation Vulnerabilities in UEFI Firmware with Protocol-Centric Static Analysis" @default.
• W4288057751 cites W1969501726 @default.
• W4288057751 cites W1993682390 @default.
• W4288057751 cites W2080573945 @default.
• W4288057751 cites W2138517425 @default.
• W4288057751 cites W2514974017 @default.
• W4288057751 cites W2516933175 @default.
• W4288057751 cites W2612128870 @default.
• W4288057751 cites W2803054784 @default.
• W4288057751 cites W2882992559 @default.
• W4288057751 cites W2891748016 @default.
• W4288057751 cites W2987375469 @default.
• W4288057751 cites W3000614974 @default.
• W4288057751 cites W3015383024 @default.
• W4288057751 cites W3048309924 @default.
• W4288057751 cites W3139338820 @default.
• W4288057751 cites W4220977950 @default.
• W4288057751 cites W4244726870 @default.
• W4288057751 doi "https://doi.org/10.1109/sp46214.2022.9833723" @default.
• W4288057751 hasPublicationYear "2022" @default.
• W4288057751 type Work @default.
• W4288057751 citedByCount "2" @default.
• W4288057751 countsByYear W42880577512022 @default.
• W4288057751 countsByYear W42880577512023 @default.
• W4288057751 crossrefType "proceedings-article" @default.
• W4288057751 hasAuthorship W4288057751A5035567860 @default.
• W4288057751 hasAuthorship W4288057751A5050683592 @default.
• W4288057751 hasAuthorship W4288057751A5053342263 @default.
• W4288057751 hasAuthorship W4288057751A5066398844 @default.
• W4288057751 hasAuthorship W4288057751A5074311174 @default.
• W4288057751 hasAuthorship W4288057751A5081342863 @default.
• W4288057751 hasAuthorship W4288057751A5084474343 @default.
• W4288057751 hasConcept C10144332 @default.
• W4288057751 hasConcept C111919701 @default.
• W4288057751 hasConcept C126831891 @default.
• W4288057751 hasConcept C142724271 @default.
• W4288057751 hasConcept C149635348 @default.
• W4288057751 hasConcept C18903297 @default.
• W4288057751 hasConcept C199360897 @default.
• W4288057751 hasConcept C204495577 @default.
• W4288057751 hasConcept C204787440 @default.
• W4288057751 hasConcept C2777904410 @default.
• W4288057751 hasConcept C2780138299 @default.
• W4288057751 hasConcept C2780385302 @default.
• W4288057751 hasConcept C41008148 @default.
• W4288057751 hasConcept C541664917 @default.
• W4288057751 hasConcept C67212190 @default.
• W4288057751 hasConcept C71924100 @default.
• W4288057751 hasConcept C86803240 @default.
• W4288057751 hasConceptScore W4288057751C10144332 @default.
• W4288057751 hasConceptScore W4288057751C111919701 @default.
• W4288057751 hasConceptScore W4288057751C126831891 @default.
• W4288057751 hasConceptScore W4288057751C142724271 @default.
• W4288057751 hasConceptScore W4288057751C149635348 @default.
• W4288057751 hasConceptScore W4288057751C18903297 @default.
• W4288057751 hasConceptScore W4288057751C199360897 @default.
• W4288057751 hasConceptScore W4288057751C204495577 @default.
• W4288057751 hasConceptScore W4288057751C204787440 @default.
• W4288057751 hasConceptScore W4288057751C2777904410 @default.
• W4288057751 hasConceptScore W4288057751C2780138299 @default.
• W4288057751 hasConceptScore W4288057751C2780385302 @default.
• W4288057751 hasConceptScore W4288057751C41008148 @default.
• W4288057751 hasConceptScore W4288057751C541664917 @default.
• W4288057751 hasConceptScore W4288057751C67212190 @default.
• W4288057751 hasConceptScore W4288057751C71924100 @default.
• W4288057751 hasConceptScore W4288057751C86803240 @default.
• W4288057751 hasFunder F4320337504 @default.
• W4288057751 hasLocation W42880577511 @default.
• W4288057751 hasOpenAccess W4288057751 @default.
• W4288057751 hasPrimaryLocation W42880577511 @default.
• W4288057751 hasRelatedWork W1847937745 @default.
• W4288057751 hasRelatedWork W1989709299 @default.
• W4288057751 hasRelatedWork W2255992724 @default.
• W4288057751 hasRelatedWork W2354251310 @default.
• W4288057751 hasRelatedWork W2363773334 @default.
• W4288057751 hasRelatedWork W2366100887 @default.
• W4288057751 hasRelatedWork W2392593410 @default.
• W4288057751 hasRelatedWork W3217011575 @default.
• W4288057751 hasRelatedWork W4288057751 @default.
• W4288057751 hasRelatedWork W4367313059 @default.
• W4288057751 isParatext "false" @default.
• W4288057751 isRetracted "false" @default.
• W4288057751 workType "article" @default.