Hardening Firmware Components with Host-based Analysis Tools


Sophisticated attackers are targeting system firmware in search of new exploits. Firmware is normally subjected to rigorous integration testing, but how do developers perform more intensive unit testing to reduce errors prior to system integration?
Host-based Firmware Analyzer was recently contributed to TianoCore, an open source community for UEFI development. This is a tool for firmware component analysis with a focus on fuzzing & symbolic testing of firmware components. Host-based methods isolate firmware components in the developerÔÇÖs OS environment and leverages existing open source analysis tools (ex: AFL, Peach, KLEE).
This session provides an overview of the Linux-based tool and how it is used to improve efficiency of firmware security test cases.