UEFI-based Malware
Unified Extensible Firmware Interface(UEFI) malware represents a sophisticated and insidious form of cyber threat that targets the firmware of a computer, specifically the UEFI, which is responsible for initializing hardware and booting the operating system. Unlike traditional malware that resides w...
| Autor: | |
|---|---|
| Formato: | tesis de maestría |
| Fecha de publicación: | 2024 |
| País: | España |
| Recursos: | Universitat Politècnica de Catalunya (UPC) |
| Repositorio: | UPCommons. Portal del coneixement obert de la UPC |
| Idioma: | inglés |
| OAI Identifier: | oai:upcommons.upc.edu:2117/420737 |
| Acesso em linha: | https://hdl.handle.net/2117/420737 |
| Access Level: | acceso abierto |
| Palavra-chave: | Computer security Malware (Computer software) Computer engineering Cybersecurity UEFI Malware Firmware Computer Engineering Seguretat informàtica Programari maliciós Enginyeria informàtica (Enginyeria) Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica Àrees temàtiques de la UPC::Informàtica::Arquitectura de computadors |
| id |
ES_b6bcb660b6d6a8ea2dcfed72897b70fc |
|---|---|
| oai_identifier_str |
oai:upcommons.upc.edu:2117/420737 |
| network_acronym_str |
ES |
| network_name_str |
España |
| repository_id_str |
|
| spelling |
UEFI-based MalwareAlba Cerveró, MarcComputer securityMalware (Computer software)Computer engineeringCybersecurityUEFIMalwareFirmwareComputer EngineeringSeguretat informàticaProgramari maliciósEnginyeria informàtica (Enginyeria)Àrees temàtiques de la UPC::Informàtica::Seguretat informàticaÀrees temàtiques de la UPC::Informàtica::Arquitectura de computadorsUnified Extensible Firmware Interface(UEFI) malware represents a sophisticated and insidious form of cyber threat that targets the firmware of a computer, specifically the UEFI, which is responsible for initializing hardware and booting the operating system. Unlike traditional malware that resides within the operating system, UEFI malware operates at a lower level, granting it unprecedented persistence and control over a system and its layers. This master thesis examines the specifics of UEFI booting service, real exploitation cases, the design and development of a UEFI malware application and mitigation strategies of UEFI malware. We explore case studies of notable UEFI malware instances to illustrate its evolution and sophistication. Additionally, we discuss how UEFI malware bypasses standard security measures, its methods of infection and propagation, and the challenges it poses to detection and removal. In addition, the study approaches the design and development of a simple use case for a UEFI malware application to lay out a practical demonstration. Finally, this thesis outlines current and emerging defensive measures designed to prevent and mitigate firmware integrity.Universitat Politècnica de CatalunyaMorancho Llena, Enrique20242024-09-1320242024-12-16master thesishttp://purl.org/coar/resource_type/c_bdccNAhttp://purl.org/coar/version/c_be7fb7dd8ff6fe43info:eu-repo/semantics/masterThesisapplication/pdfhttps://hdl.handle.net/2117/420737reponame:UPCommons. Portal del coneixement obert de la UPCinstname:Universitat Politècnica de Catalunya (UPC)Inglésengopen accesshttp://purl.org/coar/access_right/c_abf2info:eu-repo/semantics/openAccessoai:upcommons.upc.edu:2117/4207372026-05-27T15:37:01Z |
| dc.title.none.fl_str_mv |
UEFI-based Malware |
| title |
UEFI-based Malware |
| spellingShingle |
UEFI-based Malware Alba Cerveró, Marc Computer security Malware (Computer software) Computer engineering Cybersecurity UEFI Malware Firmware Computer Engineering Seguretat informàtica Programari maliciós Enginyeria informàtica (Enginyeria) Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica Àrees temàtiques de la UPC::Informàtica::Arquitectura de computadors |
| title_short |
UEFI-based Malware |
| title_full |
UEFI-based Malware |
| title_fullStr |
UEFI-based Malware |
| title_full_unstemmed |
UEFI-based Malware |
| title_sort |
UEFI-based Malware |
| dc.creator.none.fl_str_mv |
Alba Cerveró, Marc |
| author |
Alba Cerveró, Marc |
| author_facet |
Alba Cerveró, Marc |
| author_role |
author |
| dc.contributor.none.fl_str_mv |
Morancho Llena, Enrique |
| dc.subject.none.fl_str_mv |
Computer security Malware (Computer software) Computer engineering Cybersecurity UEFI Malware Firmware Computer Engineering Seguretat informàtica Programari maliciós Enginyeria informàtica (Enginyeria) Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica Àrees temàtiques de la UPC::Informàtica::Arquitectura de computadors |
| topic |
Computer security Malware (Computer software) Computer engineering Cybersecurity UEFI Malware Firmware Computer Engineering Seguretat informàtica Programari maliciós Enginyeria informàtica (Enginyeria) Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica Àrees temàtiques de la UPC::Informàtica::Arquitectura de computadors |
| description |
Unified Extensible Firmware Interface(UEFI) malware represents a sophisticated and insidious form of cyber threat that targets the firmware of a computer, specifically the UEFI, which is responsible for initializing hardware and booting the operating system. Unlike traditional malware that resides within the operating system, UEFI malware operates at a lower level, granting it unprecedented persistence and control over a system and its layers. This master thesis examines the specifics of UEFI booting service, real exploitation cases, the design and development of a UEFI malware application and mitigation strategies of UEFI malware. We explore case studies of notable UEFI malware instances to illustrate its evolution and sophistication. Additionally, we discuss how UEFI malware bypasses standard security measures, its methods of infection and propagation, and the challenges it poses to detection and removal. In addition, the study approaches the design and development of a simple use case for a UEFI malware application to lay out a practical demonstration. Finally, this thesis outlines current and emerging defensive measures designed to prevent and mitigate firmware integrity. |
| publishDate |
2024 |
| dc.date.none.fl_str_mv |
2024 2024-09-13 2024 2024-12-16 |
| dc.type.none.fl_str_mv |
master thesis http://purl.org/coar/resource_type/c_bdcc NA http://purl.org/coar/version/c_be7fb7dd8ff6fe43 |
| dc.type.openaire.fl_str_mv |
info:eu-repo/semantics/masterThesis |
| format |
masterThesis |
| dc.identifier.none.fl_str_mv |
https://hdl.handle.net/2117/420737 |
| url |
https://hdl.handle.net/2117/420737 |
| dc.language.none.fl_str_mv |
Inglés eng |
| language_invalid_str_mv |
Inglés |
| language |
eng |
| dc.rights.none.fl_str_mv |
open access http://purl.org/coar/access_right/c_abf2 |
| dc.rights.openaire.fl_str_mv |
info:eu-repo/semantics/openAccess |
| rights_invalid_str_mv |
open access http://purl.org/coar/access_right/c_abf2 |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.publisher.none.fl_str_mv |
Universitat Politècnica de Catalunya |
| publisher.none.fl_str_mv |
Universitat Politècnica de Catalunya |
| dc.source.none.fl_str_mv |
reponame:UPCommons. Portal del coneixement obert de la UPC instname:Universitat Politècnica de Catalunya (UPC) |
| instname_str |
Universitat Politècnica de Catalunya (UPC) |
| reponame_str |
UPCommons. Portal del coneixement obert de la UPC |
| collection |
UPCommons. Portal del coneixement obert de la UPC |
| repository.name.fl_str_mv |
|
| repository.mail.fl_str_mv |
|
| _version_ |
1869417471528665088 |
| score |
15,81155 |