Verifying the integrity of peripherals’ firmware

April 17, 2012
Jonathan McCune | Carnegie Mellon University

Recent research demonstrates that malware can infect peripherals’ ﬁrmware in a typical computer system, e.g., by exploiting vulnerabilities in the ﬁrmware itself or in the ﬁrmware update tools. Verifying the integrity of peripherals’ ﬁrmware is thus an important challenge. We propose software-only attestation protocols to verify the integrity of peripherals’ ﬁrmware, and show that they can detect all known software-based attacks. We implement our scheme using Netgear GA620 network adapter in an x86 PC, and evaluate our system with known attacks.

Speaker Details

Jonathan McCune is a Research Systems Scientist for CyLab at Carnegie Mellon University. He earned his Ph.D. degree in Electrical and Computer Engineering from Carnegie Mellon University, and received the A.G. Jordan thesis award. He received his B.Sc. degree in Computer Engineering from the University of Virginia (UVA). Jonathan’s research interests include secure systems, trusted computing, virtualization, and spontaneous interaction between mobile devices. When keyboards and LCDs get to be too much for him, Jon can usually be found riding a bike.

- Jeff Running

Series: Microsoft Research Talks

Decoding the Human Brain – A Neurosurgeon’s Experience
August 1, 2024
Dr. Pascal O. Zinn
Scalable and Efficient AI: From Supercomputers to Smartphones
June 29, 2023
Human-Centered AI: Ensuring Human Control While Increasing Automation
May 3, 2023
Mary Czerwinski,

Ben Shneiderman
WiDS Career Panel: Gabriela de Queiroz, Juliet Hougland, & Samantha Sifleet
April 5, 2023
Galea: The Bridge Between Mixed Reality and Neurotechnology
February 13, 2023
Current and Future Application of BCIs
February 1, 2023
Challenges in Evolving a Successful Database Product (SQL Server) to a Cloud Service (SQL Azure)
October 27, 2022
Hanuma Kodavalla,

Phil Bernstein
Improving text prediction accuracy using neurophysiology
September 30, 2022
Sophia Mehdizadeh
Tongue-Gesture Recognition in Head-Mounted Displays
August 11, 2022
Tan Gemicioglu
DIABLo: a Deep Individual-Agnostic Binaural Localizer
August 12, 2021
Shoken Kaneko
A Tale of Two Cities: Software Developers in Practice During the COVID-19 Pandemic
February 26, 2021
Denae Ford Robinson
Recent Efforts Towards Efficient And Scalable Neural Waveform Coding
September 29, 2020
Kai Zhen
Geometry-constrained Beamforming Network for end-to-end Farfield Sound Source Separation
September 24, 2020
Ali Aroudi
Audio-based Toxic Language Detection
August 13, 2020
Midia Yousefi
What Kind of Computation is Human Cognition? A Brief History of Thought (Episode 2/2)
August 4, 2020
Paul Smolensky
From SqueezeNet to SqueezeBERT: Developing Efficient Deep Neural Networks
July 29, 2020
Forrest Iandola,

Sujeeth Bharadwaj
Hope Speech and Help Speech: Surfacing Positivity Amidst Hate
July 29, 2020
Ashique Khudabukhsh
What Kind of Computation is Human Cognition? A Brief History of Thought (Episode 1/2)
July 28, 2020
Paul Smolensky
An Ethical Crisis in Computing?
March 3, 2020
Eric Horvitz,

Moshe Y. Vardi
Towards Mainstream Brain-Computer Interfaces (BCIs)
February 27, 2020
Brendan Allison
Underestimating the challenge of cognitive disabilities (and digital literacy). Directions to explore for current, next, and next-next generation UIs
November 25, 2019
Gregg Vanderheiden
'F' to 'A' on the N.Y. Regents Science Exams: An Overview of the Aristo Project
November 18, 2019
Peter Clark
Checkpointing the Un-checkpointable: the Split-Process Approach for MPI and Formal Verification
November 15, 2019
Gene Cooperman
Learning Structured Models for Safe Robot Control
September 27, 2019
Subramanian Ramamoorthy
Non-linear Invariants for Control-Command Systems
September 6, 2019
Pierre Roux