Malicious code detection for open firmware

Malicious boot firmware is a largely unrecognized but significant security risk to our global information infrastructure. Since boot firmware executes before the operating system is loaded, it can easily circumvent any operating system-based security mechanism. Boot firmware programs are typically written by third-party device manufacturers and may come from various suppliers of unknown origin. We describe an approach to this problem based on load-time verification of onboard device drivers against a standard security policy designed to limit access to system resources. We also describe our ongoing effort to construct a prototype of this technique for open firmware boot platforms.

[1]  Fred B. Schneider,et al.  Enforceable security policies , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[2]  J. Gregory Morrisett,et al.  Type-safe linking and modular assembly language , 1999, POPL '99.

[3]  Robert Wahbe,et al.  Efficient software-based fault isolation , 1994, SOSP '93.

[4]  Dexter Kozen,et al.  Eager Class Initialization for Java , 2002, FTRTFT.

[5]  Dan S. Wallach,et al.  Java security: from HotJava to Netscape and beyond , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[6]  George C. Necula,et al.  Efficient representation and validation of proofs , 1998, Proceedings. Thirteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.98CB36226).

[7]  George C. Necula,et al.  Compiling with proofs , 1998 .

[8]  David Walker,et al.  Stack-based typed assembly language , 1998, Journal of Functional Programming.

[9]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[10]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[11]  Fred B. Schneider,et al.  Towards Fault-Tolerant and Secure Agentry , 1997, WDAG.

[12]  Peter Lee,et al.  The TIL/ML Compiler: Performance and Safety through Types , 1996 .

[13]  Dan Grossman,et al.  TALx86: A Realistic Typed Assembly Language∗ , 1999 .

[14]  George C. Necula,et al.  The design and implementation of a certifying compiler , 1998, PLDI.

[15]  Robert O'Callahn A Simple, Comprehensive Type System for Java Bytecode Subroutines , 1999, POPL.

[16]  George C. Necula,et al.  Safe, Untrusted Agents Using Proof-Carrying Code , 1998, Mobile Agents and Security.

[17]  Martín Abadi,et al.  A type system for Java bytecode subroutines , 1999, TOPL.

[18]  Dexter Kozen Efficient Code Certification , 1998 .

[19]  George C. Necula,et al.  Safe kernel extensions without run-time checking , 1996, OSDI '96.

[20]  Peter Lee,et al.  TIL: a type-directed, optimizing compiler for ML , 2004, SIGP.

[21]  F. Schneider Trust in Cyberspace , 1998 .

[22]  Marvin V. Zelkowitz,et al.  Programming Languages: Design and Implementation , 1975 .