UEFI BIOS Accessibility for the Visually Impaired

People with some kind of disability face a high level of difficulty for everyday tasks because, in many cases, accessibility was not considered necessary when the task or process was designed. An example of this scenario is a computer's BIOS configuration screens, which do not consider the specific needs, such as screen readers, of visually impaired people. This paper proposes the idea that it is possible to make the pre-operating system environment accessible to visually impaired people. We report our work-in-progress in creating a screen reader prototype, accessing audio cards compatible with the High Definition Audio specification in systems running UEFI compliant firmware.Comment: 6 page

Language applications for UEFI BIOS

textThe Unified Extensible Firmware Interface (UEFI) is the industry-standard Basic Input/Output System (BIOS) firmware specification used by modern desktop, portable, and server computers, and is increasingly being ported to today's new mobile form factors as well. UEFI is firmware responsible for bootstrapping the hardware, turning control over to an operating system loader, and then providing runtime services to the operating system. ANTLR (ANother Tool for Language Recognition) is a lexer-parser generator for reading, processing, executing, and translating structured text and binary files. It supersedes older technologies such as lex/yacc or flex/bison and is widely used to build languages and programming tools. ANTLR accepts a provided grammar and generates a parser that can build and walk parse trees. This report studies UEFI BIOS and compiler theory and demonstrates ways compiler theory can be leveraged to solve problems in the UEFI BIOS domain. Specifically, this report uses ANTLR to implement two language applications aimed at furthering the development of UEFI BIOS implementations. They are: 1. A software complexity analysis application for UEFI created that leverages ANTLR's standard general-purpose C language grammar. The complexity analysis application uses general-purpose and domain-specific measures to give a complexity score to UEFI BIOS modules. 2. An ANTLR grammar created for the VFR domain-specific language, and a sample application which puts the grammar to use. VFR is a language describing visual elements on a display; the sample application creates an HTML preview of VFR code without requiring a developer to build and flash a BIOS image on a target machine to see its graphical layout.Electrical and Computer Engineerin

Enterprise platform systems management security threats and mitigation techniques

Developers and technologists of enterprise systems such as servers, storage and networking products must constantly anticipate new cybersecurity threats and evolving security requirements. These requirements are typically sourced from marketing, customer expectations, manufacturing and evolving government standards. Much ongoing major research focus has been on securing the main enterprise system purpose functionality, operating system, network and storage. There appears, however, to be far less research and a growing number of reports of vulnerabilities in the area of enterprise systems management hardware and software subsystems. Many recent examples are within types of subsystems such as baseboard management controllers (BMCs), which are intricate embedded subsystems, independent of the host server system functionality. A BMC is typically comprised of a specialized system-on-a-chip, RAM, non-volatile storage, and sensors, and runs an embedded LINUX Operating System. The BMC’s primary roles are always increasing in scope including managing system inventory, system operational health, thermal and power control, event logging, remote console access, provisioning, performance monitoring, software updates and failure prediction and remediation. To compromise or create a denial of service of such subsystems has an increasing impact on equipment manufacturers and large and small enterprises. This report’s primary objective is to research real-world and theoretical hardware and software cyber-attack vectors on enterprise product platforms, inclusive of BMCs, BIOS and other embedded systems within such products. For each presented attack vector, best practices and suggestions for effective avoidance and mitigation are explored. Domains of particular interest are physical access security, hardware manipulation and secure boot protections against software image manipulation, BIOS recovery and secure field debug techniques.Electrical and Computer Engineerin

BootBandit: A macOS bootloader attack

Historically, the boot phase on personal computers left systems in a relatively vulnerable state. Because traditional antivirus software runs within the operating system, the boot environment is difficult to protect from malware. Examples of attacks against bootloaders include so‐called “evil maid” attacks, in which an intruder physically obtains a boot disk to install malicious software for obtaining the password used to encrypt a disk. The password then must be stored and retrieved again through physical access. In this paper, we discuss an attack that borrows concepts from the evil maid. We assume exploitation can be used to infect a bootloader on a system running macOS remotely to install code to steal the user\u27s password. We explore the ability to create a communication channel between the bootloader and the operating system to remotely steal the password for a disk protected by FileVault 2. On a macOS system, this attack has additional implications due to “password forwarding” technology, in which a user\u27s account password also serves as the FileVault password, enabling an additional attack surface through privilege escalation

Embedded Firmware Solutions

Computer scienc

Support of Secure Boot in Systemd-Boot Project

Cieľom tejto diplomovej práce je poskytnúť ucelený prehľad problematiky autentizácie v inicializačnom procese počítačov, pomocou technológie Secure Boot. Ďalej sa práca venuje prehľadu aktuálnych implementácií Secure Boot v operačných systémoch založených na jadre Linux. V závere práce je predstavená realizácia podpory Secure Boot vrámci projektu systemd-boot.The aim of this master thesis is to convey an ellaborate overview of Secure Boot, the technology used for an authentization during a platfrom boot up. Overview is followed by a description of contemporary implementations of Secure Boot found in the operating systems based on the Linux kernel. Finally, we propose a new implemenation of Secure Boot support in the systemd-boot project.

Defense in Depth of Resource-Constrained Devices

The emergent next generation of computing, the so-called Internet of Things (IoT), presents significant challenges to security, privacy, and trust. The devices commonly used in IoT scenarios are often resource-constrained with reduced computational strength, limited power consumption, and stringent availability requirements. Additionally, at least in the consumer arena, time-to-market is often prioritized at the expense of quality assurance and security. An initial lack of standards has compounded the problems arising from this rapid development. However, the explosive growth in the number and types of IoT devices has now created a multitude of competing standards and technology silos resulting in a highly fragmented threat model. Tens of billions of these devices have been deployed in consumers\u27 homes and industrial settings. From smart toasters and personal health monitors to industrial controls in energy delivery networks, these devices wield significant influence on our daily lives. They are privy to highly sensitive, often personal data and responsible for real-world, security-critical, physical processes. As such, these internet-connected things are highly valuable and vulnerable targets for exploitation. Current security measures, such as reactionary policies and ad hoc patching, are not adequate at this scale. This thesis presents a multi-layered, defense in depth, approach to preventing and mitigating a myriad of vulnerabilities associated with the above challenges. To secure the pre-boot environment, we demonstrate a hardware-based secure boot process for devices lacking secure memory. We introduce a novel implementation of remote attestation backed by blockchain technologies to address hardware and software integrity concerns for the long-running, unsupervised, and rarely patched systems found in industrial IoT settings. Moving into the software layer, we present a unique method of intraprocess memory isolation as a barrier to several prevalent classes of software vulnerabilities. Finally, we exhibit work on network analysis and intrusion detection for the low-power, low-latency, and low-bandwidth wireless networks common to IoT applications. By targeting these areas of the hardware-software stack, we seek to establish a trustworthy system that extends from power-on through application runtime

Demystifying Internet of Things Security

Break down the misconceptions of the Internet of Things by examining the different security building blocks available in Intel Architecture (IA) based IoT platforms. This open access book reviews the threat pyramid, secure boot, chain of trust, and the SW stack leading up to defense-in-depth. The IoT presents unique challenges in implementing security and Intel has both CPU and Isolated Security Engine capabilities to simplify it. This book explores the challenges to secure these devices to make them immune to different threats originating from within and outside the network. The requirements and robustness rules to protect the assets vary greatly and there is no single blanket solution approach to implement security. Demystifying Internet of Things Security provides clarity to industry professionals and provides and overview of different security solutions What You'll Learn Secure devices, immunizing them against different threats originating from inside and outside the network Gather an overview of the different security building blocks available in Intel Architecture (IA) based IoT platforms Understand the threat pyramid, secure boot, chain of trust, and the software stack leading up to defense-in-depth Who This Book Is For Strategists, developers, architects, and managers in the embedded and Internet of Things (IoT) space trying to understand and implement the security in the IoT devices/platforms