UEFI Vulnerabilities Coordination: Handling UEFI Vulnerabilities Disclosure and Improving UEFI Patch Lifecycle

Abstract

Contents include: Unified Extensible Firmware Interface (UEFI); UEFI ring of fire has many subduction zones for attacks; Where is Firmware anyway on a modern computer?; UEFI phases of danger - even AfterLife is not safe; Desired approach for UEFI vulnerability lifecycle; Vulnerability discovery approaches and key players as partners; Coordination - the Supply Chain players - reference names; UEFI Capsule updates and LVFS repository; Collecting, tagging and maintaining UEFI capsules in MASS; UEFI vulnerabilities all flavors now in VINCE; FwHunt detection and analysis of vulnerable capsules.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 01, 2022
Accession Number
AD1170644

Entities

People

  • Vijay Sarvepalli

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Artificial Intelligence
  • Computer Programming
  • Computer Science
  • Computers
  • Copyrights
  • Data Analysis
  • Department Of Defense
  • Detection
  • Engineering
  • Firmware
  • Governments
  • Guarantees
  • Kernels (Operating System)
  • Materials
  • Operating Systems
  • Security
  • Software Development
  • Supply Chain
  • Universities
  • Vulnerability

Readers

  • Cybersecurity.
  • Oceanography.