A framework for BMC firmware vulnerability analysis and exploitation

Jiapeng WANG, Zhihan ZHENG, Kefan QIU, Yu An TAN, Chen LIANG, Wenjuan LI

Research output: Chapter in Book/Report/Conference proceedingChapters

Abstract

The Out-of-Band management system for server is a specialized controller used for monitoring and managing the status of servers. Server BMC(Baseboard Management Controller) firmware has higher privileges, and conducting firmware vulnerability analysis and exploitation based on the characteristics of the BMC firmware operating environment has become an important research direction at present. To improve the effectiveness and ease of BMC firmware detection, non-intrusive methods of firmware code retrieval need to be investigated. We propose a technique called lateral extension to transfer control from the BMC to the server. It accesses high-value targets in the server environment, including RAM, code, and files. The BMC controller is emulated as a master/slave device over the PCI bus of the server. Arbitrary read/write access to the hard drive, memory, and UEFI firmware of the server is accomplished by starting Direct Memory Access (DMA) operations. Copyright © 2024 IEEE.

Original languageEnglish
Title of host publicationProceedings of IEEE Congress on Cybermatics 2024 IEEE International Conferences on Internet of Things, iThings 2024, IEEE Green Computing and Communications, GreenCom 2024, IEEE Cyber, Physical and Social Computing, CPSCom 2024, IEEE Smart Data, SmartData 2024
Place of PublicationDanvers, MA
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages9-16
ISBN (Electronic)9798350351637
DOIs
Publication statusPublished - 2024

Citation

Wang, J., Zheng, Z., Qiu, K., Tan, Y.-A., Liang, C., & Li, W. (2024). A framework for BMC firmware vulnerability analysis and exploitation. In Proceedings of IEEE Congress on Cybermatics 2024 IEEE International Conferences on Internet of Things, iThings 2024, IEEE Green Computing and Communications, GreenCom 2024, IEEE Cyber, Physical and Social Computing, CPSCom 2024, IEEE Smart Data, SmartData 2024 (pp. 9-16). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics62450.2024.00026

Keywords

  • BMC
  • Vulnerability Exploitatio
  • Server Security
  • Attack surfaces analysis

Fingerprint

Dive into the research topics of 'A framework for BMC firmware vulnerability analysis and exploitation'. Together they form a unique fingerprint.