Presented at Black Hat USA 2019
Aug. 7, 2019, 1:30 p.m.
<p>Today low-level firmware vulnerabilities are becoming more a focus than in the past, mainly due to the nature of having highest privilege on the system and due to the advanced security protection and mitigation that exist in the host Operating System (OS).</p><p>Intel has developed a security engine named CSME (Converged Security and Manageability Engine) that provides a key security value to the platform from start to enablement of the “Root of Trust” concept.</p><p>Continuous improvements have been made to the CSME firmware during the past few years that aim to make it more difficult to exploit common memory corruption issues and reduce complexity/privileges of some of the CSME firmware (FW) modules due to security issues published in previous years. We will describe how Intel CSME FW is mitigating these type of security challenges by applying industry standards mitigation tailored to the FW environment.</p><p>We will share deep technical detail on how other firmware environments can achieve the same results by applying the same technology and we will share the why of how we apply a feedback fuzzing and queue-management in a generic form, so it could be applied on any given existing fuzzer.</p><ul><li>Overall, in this presentation we will introduce the following:</li><li>CSME Hardware, its limitation and security challenges it poses.</li><li>CSME µKernel OS internals, boot flow, Debugging capabilities.</li><li>Processes & Key features.</li><li>CSME customizations support & OEM role in manufacturing.</li><li>Recovery and update mechanisms.</li><li>Exploitation mitigations against memory corruptions & defense in depth</li><li>Fuzzers & monitoring technologies.</li></ul>
- Security Researcher, Intel
Yanai Moyal is a security researcher working on Intel ME/CSME since day one back in 2005. He conducted security auditing of CSME FW/ROM design and implementation for past 10 years. Lately, he is in charge to design mitigation for internally / externally identified security issues, to further reduce privileges within CSME and also to harden CSME against future attacks.
- Principal Security Research Engineer, Intel
Shai Hasarfaty is a principal security research engineer, leading the Advanced Threat Research (ATR) team at Intel, driving and improving security designed and capabilities in Intel products. Shai has over than 15 years of experience in the world of security: Vulnerability detection, reverse engineering, exploit development, exploit mitigation and fuzzing. Shai also acts as Intel security trainer, delivering extensive classes on these topics.