DinSecUEFI: Testes Dinâmicos em Pipeline CI para Firmware baseado na especificação UEFI
Resumo
A segurança de firmware é crítica devido a seus privilégios elevados e à ausência de defesas típicas de sistemas operacionais (SOs). Enquanto os SOs contam com múltiplas camadas de proteção, o firmware permanece mais vulnerável e atrativo para ataques. Seguindo os princípios do DevSecOps, este trabalho propõe um pipeline que automatiza testes dinâmicos em módulos UEFI. A metodologia utiliza instrumentação binária e fuzzing executado em contêineres para análise dinâmica e escalável. Em experimentos com uma BIOS real, o pipeline identificou falhas em mais de 5% dos módulos analisados. Os resultados indicam que a abordagem reduz custos operacionais e fortalece o ciclo de desenvolvimento seguro de firmware baseado na UEFI.
Referências
Beekman, J. (2015). Reverse engineering UEFI firmware. [link]. Acessado em 12/05/2025.
Binarly (2021). The firmware supply-chain security is broken: Can we fix it? Binarly REsearch Team. [link]. Acessado em 12/05/2025.
Carlsbad, A. (2020). Moving from dynamic emulation of UEFI modules to coverage-guided fuzzing of UEFI firmware. [link]. Acessado em 12/05/2025.
Fioraldi, A., Maier, D., Eißfeldt, H., and Heuse, M. (2020). AFL++: Combining incremental steps of fuzzing research. In 14th USENIX Workshop on Offensive Technologies, Virtual Event. USENIX Association.
Gomes, E., Amora, P., Teixeira, E. M., Lima, A., Brito, F. T., Ciocari, J., and Machado, J. C. (2016). UTTOS: A tool for testing UEFI code in OS environment. In 28th IFIP International Conference on Testing Software and Systems, volume 9976, pages 218–224, Graz, Austria. Springer.
Häuser, M. (2023). Designing a secure and space-efficient executable file format for the unified extensible firmware interface. Master’s thesis, University of Kaiserslautern-Landau, Kaiserslautern, Germany.
Lu, Z., an Tan, Y., Cheng, X., Zheng, Z., Shi, N., and Li, Y. (2025). An automated framework for detecting and mitigating memory safety vulnerabilities in UEFI firmware. Computers and Electrical Engineering, 122:109945.
Machado, R. R. (2018). Desenvolvimento das fundações para acessibilidade em ambiente pré-OS. Master’s thesis, Universidade Federal de São Carlos - UFSCar, Sorocaba, SP.
Matsuo, K., Tanda, S., Suzaki, K., Kawakoya, Y., and Mori, T. (2024). SmmPack: Obfuscation for SMM modules with TPM sealed key. In 21st International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, page 439–459, Lausanne, Switzerland. Springer.
Putra, A. M. and Kabetta, H. (2022). Implementation of DevSecOps by integrating static and dynamic security testing in CI/CD pipelines. In International Conference of Computer Science and Information Technology, pages 1–6, Laguboti, North Sumatra, Indonesia. IEEE.
Quarkslab, Falcon, F., and Arce, I. (2024). PixieFail: Nine vulnerabilities in Tianocore’s EDK II IPv6 network stack. [link]. Acessado em 12/05/2025.
Richardson, B., Wu, C., Yao, J., and Zimmer, V. J. (2019). Using host-based firmware analysis to improve platform resiliency. Technical report, Intel, S. l. [link]. Acessado em 12/05/2025.
Shafiuzzaman, M., Desai, A., Sarker, L., and Bultan, T. (2024). STASE: Static analysis guided symbolic execution for UEFI vulnerability signature generation. In 39th International Conference on Automated Software Engineering, pages 1783–1794, Sacramento, CA, USA. ACM.
UEFI (2021). UEFI forum - unified extensible firmware interface specification. [link]. Acessado em 12/05/2025.
UEFI PI (2024). UEFI platform initialization specification. [link]. Version 1.8 Errata A; Acessado em 12/05/2025.
Yang, Z., Viktorov, Y., Yang, J., Yao, J., and Zimmer, V. (2020). UEFI firmware fuzzing with Simics virtual platform. In 57th Design Automation Conference, pages 1–6, San Francisco, CA, USA. IEEE.
Yao, J. and Zimmer, V. (2020). Building Secure Firmware: Armoring the Foundation of the Platform. Apress, Berkeley, CA.
Yin, J., Li, M., Li, Y., Yu, Y., Lin, B., Zou, Y., Liu, Y., Huo, W., and Xue, J. (2023). RSFuzzer: Discovering deep SMI handler vulnerabilities in UEFI firmware with hybrid fuzzing. In 44th Symposium on Security and Privacy, pages 2155–2169, San Francisco, CA, USA. IEEE.
Binarly (2021). The firmware supply-chain security is broken: Can we fix it? Binarly REsearch Team. [link]. Acessado em 12/05/2025.
Carlsbad, A. (2020). Moving from dynamic emulation of UEFI modules to coverage-guided fuzzing of UEFI firmware. [link]. Acessado em 12/05/2025.
Fioraldi, A., Maier, D., Eißfeldt, H., and Heuse, M. (2020). AFL++: Combining incremental steps of fuzzing research. In 14th USENIX Workshop on Offensive Technologies, Virtual Event. USENIX Association.
Gomes, E., Amora, P., Teixeira, E. M., Lima, A., Brito, F. T., Ciocari, J., and Machado, J. C. (2016). UTTOS: A tool for testing UEFI code in OS environment. In 28th IFIP International Conference on Testing Software and Systems, volume 9976, pages 218–224, Graz, Austria. Springer.
Häuser, M. (2023). Designing a secure and space-efficient executable file format for the unified extensible firmware interface. Master’s thesis, University of Kaiserslautern-Landau, Kaiserslautern, Germany.
Lu, Z., an Tan, Y., Cheng, X., Zheng, Z., Shi, N., and Li, Y. (2025). An automated framework for detecting and mitigating memory safety vulnerabilities in UEFI firmware. Computers and Electrical Engineering, 122:109945.
Machado, R. R. (2018). Desenvolvimento das fundações para acessibilidade em ambiente pré-OS. Master’s thesis, Universidade Federal de São Carlos - UFSCar, Sorocaba, SP.
Matsuo, K., Tanda, S., Suzaki, K., Kawakoya, Y., and Mori, T. (2024). SmmPack: Obfuscation for SMM modules with TPM sealed key. In 21st International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, page 439–459, Lausanne, Switzerland. Springer.
Putra, A. M. and Kabetta, H. (2022). Implementation of DevSecOps by integrating static and dynamic security testing in CI/CD pipelines. In International Conference of Computer Science and Information Technology, pages 1–6, Laguboti, North Sumatra, Indonesia. IEEE.
Quarkslab, Falcon, F., and Arce, I. (2024). PixieFail: Nine vulnerabilities in Tianocore’s EDK II IPv6 network stack. [link]. Acessado em 12/05/2025.
Richardson, B., Wu, C., Yao, J., and Zimmer, V. J. (2019). Using host-based firmware analysis to improve platform resiliency. Technical report, Intel, S. l. [link]. Acessado em 12/05/2025.
Shafiuzzaman, M., Desai, A., Sarker, L., and Bultan, T. (2024). STASE: Static analysis guided symbolic execution for UEFI vulnerability signature generation. In 39th International Conference on Automated Software Engineering, pages 1783–1794, Sacramento, CA, USA. ACM.
UEFI (2021). UEFI forum - unified extensible firmware interface specification. [link]. Acessado em 12/05/2025.
UEFI PI (2024). UEFI platform initialization specification. [link]. Version 1.8 Errata A; Acessado em 12/05/2025.
Yang, Z., Viktorov, Y., Yang, J., Yao, J., and Zimmer, V. (2020). UEFI firmware fuzzing with Simics virtual platform. In 57th Design Automation Conference, pages 1–6, San Francisco, CA, USA. IEEE.
Yao, J. and Zimmer, V. (2020). Building Secure Firmware: Armoring the Foundation of the Platform. Apress, Berkeley, CA.
Yin, J., Li, M., Li, Y., Yu, Y., Lin, B., Zou, Y., Liu, Y., Huo, W., and Xue, J. (2023). RSFuzzer: Discovering deep SMI handler vulnerabilities in UEFI firmware with hybrid fuzzing. In 44th Symposium on Security and Privacy, pages 2155–2169, San Francisco, CA, USA. IEEE.
Publicado
01/09/2025
Como Citar
A. FILHO, Gelson José de; SANTI, Juliana de; WILL, Newton Carlos; MACHADO, Rafael R.; LELES, Andréia.
DinSecUEFI: Testes Dinâmicos em Pipeline CI para Firmware baseado na especificação UEFI. In: SIMPÓSIO BRASILEIRO DE CIBERSEGURANÇA (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 350-366.
DOI: https://doi.org/10.5753/sbseg.2025.11497.
