A method and system for accelerating verification and analysis of SMM safety hazards

Abstract

The present invention provides a kind of method and system of quickening verification and analysis SMM potential safety hazard, and the method comprises: deploying basic environment, obtaining and recording host computer environment information, obtaining the module composition diagram of visual bios source code calling relationship diagram, bios mirror image; Obtain the GUID identifier related to SMM, match the GUID related to SMM in the bios source code and the corresponding GUID in the bin image generated by compiling the source code; obtain the environment information of the virtual machine, set a breakpoint to capture the call stack information at runtime; Verify and analyze SMM security risks. The system includes: a deployment unit, a visualization unit, a debugging unit, a verification and analysis unit; the deployment unit is respectively connected with the visualization unit and the debugging unit; the verification and analysis unit is connected with the deployment unit, the visualization unit and the debugging unit. The method and system provide conditions for technicians to quickly locate SMM safety hazards, so as to propose safety improvement measures in a targeted manner.

Description

Technical field[0001]The invention relates to the field of computer security, in particular to a method and system for accelerating verification and analysis of SMM security risks.Background technique[0002]In the computer field, bios, as an indispensable firmware program for the firmware layer, is the first program executed after the computer is started, and provides the lowest and most direct hardware control for the computer. UEFI is a new generation of bios standard, which defines the interface specification between operating system and hardware platform firmware, and provides users with a convenient underlying development environment. There are many kinds of firmware in every system. When the system starts, the processor will execute the main system firmware, namely uefi bios. Most of the firmware only runs at startup, but it runs in parallel with the operating system in a special x86 mode, namely SMM.[0003]SMM (System Management Mode), the system management mode, is the most po...

AI Technical Summary

Problems solved by technology

Externally run any code trusted by SMM through relevant attack channels, so that many super privileges under SMM can be used. To solve this security problem, technicians sometimes draw several possible solutions based on theoretical analysis based on the attack surface. For attack channels, it is necessary to plan the detailed attack process or steps under the attack channel, analyze and deliberate on the attack environment such as user input and the specific operation details of each step, and even trace the source of deviations in the implementation of the attack plan. The process is cumbersome and poorly organized, and there is a lack of a method that combines engineering practice with theoretical analysis to orderly and speed up the verification and analysis of SMM safety hazards

Images