Efficient Code Certification for Open Firmware
Small Business Information
33 Thornwood Drive, Ithaca, NY, 14850
AbstractMaliciously constructed boot firmware is a threat to our information infrastructure that has largely been ignored. Boot firmware controls the power-up procedure initializing a computer's hardware and loading its run-time system. This code, embedded inall third-party peripheral devices, can easily be corrupted and then exploited to undermine security engineering at the operating system, protocol, application, or enterprise levels. Authentication techniques (e.g., digital signatures) provide limitedprotection by ensuring the provenance of the firmware. This Phase II effort will develop and implement an alternative technique, Efficient Code Certification (ECC), that can establish the trustworthiness of code regardless of its origin. Our BootSafeverifier, based on ECC, will verify the safety of all boot firmware (before it is run) every time a system is booted. This verification relies on a certifying compiler that produces particularly well-structured code, so that a verifier can analyze itstatically. The user need only trust the verifier, a program that can be persuasively validated by inspection. By applying ECC to boot firmware based on the widely used Open Firmware standard (IEEE-1275) we can provide an effective countermeasure topotentially devastating attacks.
* information listed above is at the time of submission.