| Title | UEFI Trusted Computing Vulnerability Analysis Based on State Transition Graph |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Gu, Yanyang, Zhang, Ping, Chen, Zhifeng, Cao, Fei |
| Conference Name | 2020 IEEE 6th International Conference on Computer and Communications (ICCC) |
| Keywords | Analytical models, Bayes methods, Bayesian networks, composability, Computational modeling, Computing Theory, Computing Theory and Trust, human factors, Microprogramming, network theory (graphs), pagerank, pubcrawl, Resiliency, security, state transition graph, Trust, Trusted Computing, UEFI |
| Abstract | In the face of increasingly serious firmware attacks, it is of great significance to analyze the vulnerability security of UEFI. This paper first introduces the commonly used trusted authentication mechanisms of UEFI. Then, aiming at the loopholes in the process of UEFI trust verification in the startup phase, combined with the state transition diagram, PageRank algorithm and Bayesian network theory, the analysis model of UEFI trust verification startup vulnerability is constructed. And according to the example to verify the analysis. Through the verification and analysis of the data obtained, the vulnerable attack paths and key vulnerable nodes are found. Finally, according to the analysis results, security enhancement measures for UEFI are proposed. |
| DOI | 10.1109/ICCC51575.2020.9345103 |
| Citation Key | gu_uefi_2020 |
UEFI Trusted Computing Vulnerability Analysis Based on State Transition Graph