Journal of Beijing University of Posts and Telecommunications

  • EI核心期刊

Journal of Beijing University of Posts and Telecommunications ›› 2023, Vol. 46 ›› Issue (1): 121-126.

Previous Articles    

A Binary Fuzzy Test Method for UEFI DXE Drivers

#br#   

  1. 1. Beijing University of Posts and Telecommunications
  • Received:2022-01-01 Revised:2022-06-13 Online:2023-02-28 Published:2023-02-22

Abstract: To simplify the binary security analysis process of existing unified extensible firmware interface driver execution environment ( UEFI DXE) driver, a fuzzing method for UEFI DXE binary based on dependency analysis and call hijacking is proposed. A driver emulation technology and a gray-box fuzzing method based on call guidance and on-the-fly detection is also proposed. The experiment results show that all types of vulnerabilities can be detected on the public evaluation sample set and verified on the UEFI DXE firmware with known common vulnerabilities & exposures. Moreover, the proposed method can achieve higher code coverage with fewer pre-requisites.

Key words: fuzzing test, unified extensible firmware interface firmware, unified extensible firmware interface driver execution environment driver

CLC Number: