UEFUZZER: Enabling Struct-Aware Fuzzing on UEFI with Static Analysis

UEFUZZER: Enabling Struct-Aware Fuzzing on UEFI with Static Analysis

연구 분야: Strategies

학회: CNSSE '25: Proceedings of the 2025 5th International Conference on Computer Network Security and Software Engineering

Since its extensive implementation in 2006, the Unified Extensible Firmware Interface (UEFI) has supplanted traditional BIOS as the industry standard, serving as an essential link between computer hardware and operating systems. UEFI's advantageous role in system design provides it with comprehensive access to system resources, beyond those of the operating system kernel. Consequently, detecting and thoroughly characterizing memory corruption vulnerabilities in UEFI firmware is essential for preserving the integrity and security of computer systems. The techniques for finding UEFI firmware vulnerabilities nowadays mostly face two main difficulties: First of all, the special character of UEFI firmware makes direct dynamic examination inside the operating system especially difficult; Second, conventional fuzzing techniques lead to ineffective testing with their shallow knowledge of UEFI input structures. We propose a novel approach combining static analysis with fuzzing techniques to help to reduce these limits. Our approach starts with static reverse engineering to fully understand the structural characteristics of inputs throughout several UEFI interfaces, followed by cross-validation against open-source firmware implementations. We then use this structured knowledge to guide the seed file mutation technique, hence improving the accuracy and efficiency of fuzzing activities.