UEFI Fuzz Testing Method Based on Heuristic Reverse Analysis

As a next-generation firmware interface standard, the unified extensible firmware interface (UEFI) has been widely used in modern computer systems. However, UEFI vulnerabilities have also brought serious security threats. To avoid security problems caused by UEFI vulnerabilities as much as possible, vulnerability detection is needed, in which, fuzzing under third-party security testing scenarios is mainly used. Nevertheless, the absence of symbolic information affects the efficiency of testing. This study proposes a heuristic UEFI reverse analysis method, which recovers the symbolic information within the firmware, improves fuzz testing, and implements a prototype system, ReUEFuzzer. Through testing 525 EFI files from four manufacturers, the effectiveness of the reverse analysis method is demonstrated. ReUEFuzzer can enhance the function test coverage and has identified an unknown vulnerability during the testing process, which has been reported to China National Vulnerability Database and the Common Vulnerabilities and Exposures (CVE) system. Empirical evidence shows that the method presented in this paper is valid for UEFI vulnerability detection and can provide a certain degree of security guarantee for UEFI. © 2024 Chinese Academy of Sciences. All rights reserved.