loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Julian Rauchberger ; Robert Luh and Sebastian Schrittwieser

Affiliation: St. Poelten University of Applied Sciences, Austria

Keyword(s): Malware, Rootkit, BIOS, UEFI, System Management Mode.

Abstract: The theoretical threat of malware inside the BIOS or UEFI of a computer has been known for almost a decade. It has been demonstrated multiple times that exploiting the System Management Mode (SMM), an operating mode implemented in the x86 architecture and executed with high privileges, is an extremely powerful method for implanting persistent malware on computer systems. However, previous BIOS/UEFI malware concepts described in the literature often focused on proof-of-concept implementations and did not have the goal of demonstrating the full range of threats stemming from SMM malware. In this paper, we present Longkit, a novel framework for BIOS/UEFI malware in the SMM. Longkit is universal in nature, meaning it is fully written in position-independent assembly and thus also runs on other BIOS/UEFI implementations with minimal modifications. The framework fully supports the 64-bit Intel architecture and is memory-layout aware, enabling targeted interaction with the operating system' s kernel. With Longkit we are able to demonstrate the full potential of malicious code in the SMM and provide researchers of novel SMM malware detection strategies with an easily adaptable rootkit to help evaluate their methods. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 54.86.180.90

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Rauchberger, J.; Luh, R. and Schrittwieser, S. (2017). Longkit - A Universal Framework for BIOS/UEFI Rootkits in System Management Mode. In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-209-7; ISSN 2184-4356, SciTePress, pages 346-353. DOI: 10.5220/0006165603460353

@conference{icissp17,
author={Julian Rauchberger. and Robert Luh. and Sebastian Schrittwieser.},
title={Longkit - A Universal Framework for BIOS/UEFI Rootkits in System Management Mode},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - ICISSP},
year={2017},
pages={346-353},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006165603460353},
isbn={978-989-758-209-7},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - ICISSP
TI - Longkit - A Universal Framework for BIOS/UEFI Rootkits in System Management Mode
SN - 978-989-758-209-7
IS - 2184-4356
AU - Rauchberger, J.
AU - Luh, R.
AU - Schrittwieser, S.
PY - 2017
SP - 346
EP - 353
DO - 10.5220/0006165603460353
PB - SciTePress