WCSE 2021
ISBN: 978-981-18-1791-5 DOI: 10.18178/wcse.2021.06.005

Vulnerability Model and Attack Path Prediction of the UEFI Firmware Platform Based on Risk Propagation

Weihua Jiao, Qingbao Li , Zhifeng Chen, Fei Cao

Abstract— Targeted at the situation of rampant attack on UEFI Platform Firmware, this paper systematically analyzes the Security mechanisms of UEFI platform firmware. Then the vulnerability factors of UEFI firmware are described by modeling language, and a vulnerability model of UEFI firmware platform based on risk propagation (VMURP) is proposed. This paper introduces an improved PageRank algorithm to this model to reduce the influence of subjective factors which influences the accuracy of model. Based on VMURP model, an innovative method is proposed which using security configuration vector and attack vector to evaluate attack paths. Then, we use this method and VMURP to predict the most possible attack path of specific UEFI firmware platform. Finally, verify the rationality of the model and the validity of the prediction by experimental analysis. This study is helpful to quickly evaluate the vulnerability of UEFI firmware platform and predict possible attacks, gives platform managers more targeted guidance and suggestions to strengthen the security mechanisms.

Index Terms— UEFI, vulnerability model, risk propagation, attack path, prediction

Weihua Jiao, Qingbao Li , Zhifeng Chen, Fei Cao
State Key Laboratory of Mathematical Engineering and Advanced Computing, CHINA

[Download]


Cite: Weihua Jiao, Qingbao Li , Zhifeng Chen, Fei Cao, "Vulnerability Model and Attack Path Prediction of the UEFI Firmware Platform Based on Risk Propagation ," 2021 The 11th International Workshop on Computer Science and Engineering (WCSE 2021), pp. 29-36, Shanghai, China, June 19-21, 2021.