Today low-level firmware vulnerabilities are becoming more a focus than in the past, mainly due to the nature of having highest privilege on the system and due to the advanced security protection and mitigation that exist in the host Operating System (OS).
Intel has developed a security engine named CSME (Converged Security and Manageability Engine) that provides a key security value to the platform from start to enablement of the “Root of Trust” concept.
Continuous improvements have been made to the CSME firmware during the past few years that aim to make it more difficult to exploit common memory corruption issues and reduce complexity/privileges of some of the CSME firmware (FW) modules due to security issues published in previous years. We will describe how Intel CSME FW is mitigating these type of security challenges by applying industry standards mitigation tailored to the FW environment.
We will share deep technical detail on how other firmware environments can achieve the same results by applying the same technology and we will share the why of how we apply a feedback fuzzing and queue-management in a generic form, so it could be applied on any given existing fuzzer.