Francesco Evangelista
Automatic Extraction of Exploitation Primitives in UEFI.
Rel. Cataldo Basile, Giovanni Vigna, Christopher Kruegel. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2023
|
Preview |
PDF (Tesi_di_laurea)
- Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives. Download (2MB) | Preview |
Abstract
The Unified Extensible Firmware Interface (UEFI) is a modern replacement for the traditional BIOS that is commonly used in computers. UEFI serves as the interface between the computer's firmware and the operating system, providing a standardized way for the hardware and software to communicate. UEFI, while offering enhanced security features, introduces its own set of security risks. These vulnerabilities are particularly dangerous due to their low-level nature, enabling attackers to compromise a system's integrity and persistence. UEFI vulnerabilities can be exploited to install rootkits, bypass Secure Boot protections, and gain unauthorized control over a system, making them a prime target for malicious actors.
An attacker is able to interact with UEFI through NVRAM variables, which serve as a fundamental mechanism employed by UEFI modules for preserving configuration data throughout successive boot cycles
Relatori
Anno Accademico
Tipo di pubblicazione
Numero di pagine
Corso di laurea
Classe di laurea
Ente in cotutela
Aziende collaboratrici
URI
 |
Modifica (riservato agli operatori) |
